Suped

What is the 'p=' tag used for in a BIMI record?

It's a common point of confusion, but the 'p=' tag is not actually part of a BIMI (Brand Indicators for Message Identification) record. Instead, it’s a required component of your DMARC (Domain-based Message Authentication, Reporting, and Conformance) record. However, your DMARC policy, which is set by this 'p=' tag, is absolutely critical for BIMI to work correctly.

Before your logo can be displayed in the inbox through BIMI, mailbox providers like Gmail and Yahoo need to be confident that the email is truly from you. This is where DMARC comes in. DMARC tells receiving servers what to do with emails that fail authentication checks (SPF and DKIM). The policy, or 'p=' tag, is the instruction you give them.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

The DMARC policy (p=) tag explained

bimigroup.org logo
BIMI Group says:
Visit website
This attribute indicates how the record holder authorizes the mail receiver to handle mail that fails DMARC and authentication checks. Enforcement can be “p=none”, “p=quarantine”, or “p=reject”.

Your DMARC record is a simple text file in your DNS, and the policy tag is the most important part of it. It dictates the level of enforcement you want mailbox providers to apply to unauthenticated mail claiming to be from your domain. There are three settings you can use:

  • p=none: This is a monitoring-only policy. It asks receivers to take no specific action against failing emails but to send you DMARC reports about them. It’s great for starting out but is not sufficient for BIMI.
  • p=quarantine: This policy suggests that unauthenticated emails should be treated with suspicion and typically sent to the recipient's spam or junk folder. This is the minimum level of enforcement required for BIMI.
  • p=reject: This is the strictest policy. It instructs receivers to completely block and reject any email that fails DMARC checks, preventing it from reaching any folder. This policy also works for BIMI.

How does the DMARC policy relate to BIMI?

For BIMI to be successful, you must demonstrate that you are actively protecting your domain from spoofing and phishing. A DMARC policy of p=none signals that you are only monitoring, not enforcing. Mailbox providers require a clear enforcement policy before they will display your logo.

Therefore, a core requirement for BIMI is that your domain must have a DMARC policy of either p=quarantine or p=reject. Without one of these enforcement policies in place, mailbox providers will not fetch or display your BIMI logo, even if all your other records (like your VMC) are perfectly configured. In short, the p= tag is the key that unlocks BIMI by proving your commitment to email authentication.

Start improving your email deliverability today

Get started