Brand Indicators for Message Identification (BIMI) is an email specification that allows organizations to display their brand logo next to authenticated email messages in recipient inboxes. While the concept is straightforward, many wonder how BIMI knows where to find the logo file.
The core function of BIMI is to provide a standardized way for email clients to retrieve and display a verified logo. However, BIMI doesn't host the logo itself. Instead, it directs email clients to a specific location where your organization's logo is stored.
The answer lies within your domain's DNS records, where you configure the BIMI policy. This record contains a pointer that specifies the exact URL of your brand's SVG logo file.
The BIMI DNS record
How BIMI references your logo
BIMI leverages the Domain Name System (DNS) to announce the presence and location of your brand logo. Similar to how DMARC, SPF, and DKIM records are published, a BIMI policy is also a TXT record added to your domain's DNS.
Within this BIMI TXT record, a specific tag, l=, is used to specify the full URL where your SVG logo file is hosted. This is the direct instruction to email clients on where to fetch the image.
Example BIMI DNS TXT Record with logo locationDNS
default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://cdn.example.com/brand/logo.svg;"
The l= tag is mandatory for BIMI implementation. Without it, email clients would have no way to locate your brand's logo, rendering BIMI ineffective for that domain. It's the cornerstone of how BIMI works in practice.
For BIMI to function correctly, the SVG file must be hosted on a publicly accessible web server. This ensures that any email client or service can retrieve the image without encountering access restrictions. It also implies that the URL must remain stable and the file continuously available.
Hosting requirements for the SVG file
Key requirements for the SVG file location
Beyond simply providing a URL, BIMI imposes strict requirements on how the SVG is publicly accessible via HTTPS. The file must be hosted on a secure server, meaning the URL specified in the l= tag must use HTTPS. This is critical for security and sender reputation.
HTTPS ensures that the connection between the email client and the server hosting your SVG is encrypted, preventing tampering or interception of the logo file. This security measure is fundamental to maintaining trust and preventing malicious actors from substituting your brand logo with unauthorized images.
Best practices for hosting BIMI SVG files
Reliable hosting: Utilize a robust web server or a Content Delivery Network (CDN) to ensure high availability and fast loading times for your logo.
Valid SSL/TLS certificate: Ensure the server hosting your SVG has a current and valid SSL/TLS certificate to enable HTTPS access.
Public access: The SVG URL should not require any form of authentication, such as passwords or API keys, for retrieval.
CORS headers: If necessary, configure Cross-Origin Resource Sharing (CORS) headers to allow email clients from different domains to fetch the SVG.
It's also crucial that the hosting server allows for unrestricted public access. If an email client cannot fetch the SVG file due to network restrictions or authentication requirements, your logo will not display. This public accessibility is a non-negotiable part of BIMI's design.
SVG file format and compliance
The SVG file format itself
While we're discussing location, the format of the logo file is equally important. BIMI strictly requires the logo to be in Scalable Vector Graphics (SVG) format, specifically following the SVG P/S profile. This specific profile ensures security and consistent rendering across various email clients and devices.
The strict SVG profile helps prevent malicious code injection or unexpected behaviors that could occur with more complex SVG features. It ensures that the logo is a static, safe image. Understanding what image format is required for BIMI is crucial for proper implementation.
BIMI SVG characteristics
Specific profile: Must adhere to SVG Tiny 1.2 Portable/Secure.
Security focused: No external references, animations, or scripts are permitted within the file.
Strict XML format: Requires specific XML attributes and structure to be compliant.
Aspect ratio: Typically a square aspect ratio is recommended for optimal display.
High flexibility: Can incorporate advanced features, scripting, and external links.
Broad usage: Used for web graphics, interactive elements, and complex illustrations.
Fewer restrictions: Generally has fewer security-related content limitations compared to BIMI SVGs.
Converting your existing logo to this specific BIMI-compliant SVG format often requires specialized software like Adobe Illustrator, or manually using a text editor to ensure all necessary attributes are present and problematic elements are removed.
It's essential to follow these guidelines closely. An improperly formatted SVG, even if correctly located, will fail to display. More information on recommended SVG dimensions for BIMI is available to help you create a valid file.
Verified Mark Certificates and location
The role of a verified mark certificate (VMC)
For some email clients, a Verified Mark Certificate (VMC) is also required to display your BIMI logo. While the VMC doesn't directly specify the SVG's location, it plays a crucial role in validating your brand's ownership of the logo at that specified location. This adds an extra layer of trust and verification.
If a VMC is used, its location is specified in the BIMI DNS TXT record using the a= tag, pointing to the URL of the PEM file containing your VMC. Like the SVG, the VMC file must also be hosted on a secure, publicly accessible HTTPS server.
BIMI DNS TXT Record with logo and VMC locationsDNS
default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://cdn.example.com/brand/logo.svg; a=https://cdn.example.com/brand/vmc.pem;"
The requirement for a VMC varies among email clients. Some support BIMI without a VMC, but for widespread adoption and display in major inboxes, a VMC is often necessary. Understanding if BIMI can display a logo without a VMC is important for your implementation strategy.
Effectively, BIMI relies on two key locations: the URL for your SVG logo and, if applicable, the URL for your VMC. Both are specified in your DNS record and both must meet stringent hosting and security requirements to ensure your brand logo appears correctly and reliably.
Conclusion
Ensuring your BIMI logo displays correctly
To summarize, BIMI doesn't host your SVG logo file directly. Instead, it specifies its location through the l= tag within your domain's DNS TXT record. This URL must point to an SVG file that is hosted on a secure, publicly accessible HTTPS server and adheres to the strict SVG Tiny 1.2 Portable/Secure profile.
Successful BIMI implementation hinges on careful attention to both the logo file's location and its technical specifications. Additionally, a Verified Mark Certificate (VMC), also with its own specified location, may be required to ensure your logo is displayed across all supporting email clients.
Ensuring that your email authentication, including DMARC, SPF, and DKIM, is correctly configured is foundational for BIMI. For robust email security and deliverability, including comprehensive DMARC monitoring and simplified management, Suped offers AI-Powered Recommendations to fix issues, real-time alerts, and a unified platform. Our generous free plan for DMARC monitoring makes it accessible for everyone, from SMBs to large enterprises.
