Summary
BIMI relies on DMARC for authentication. DMARC mandates alignment between the 'From' domain and either the DKIM or SPF records. While DMARC supports both strict and relaxed alignment, the consensus is that relaxed alignment is generally sufficient for BIMI to function properly. As long as DMARC passes, the BIMI logo should display, even if there isn't a perfect match between the 'From' and return-path domains.
Key findings
- DMARC Foundation: BIMI is built upon DMARC, making a valid and passing DMARC record essential for its functionality.
- Domain Alignment: The 'From' domain must align with either the DKIM signature domain or the SPF authorized domain.
- Relaxed Alignment Preference: While both strict and relaxed DMARC alignment modes are technically supported, relaxed alignment is commonly sufficient for BIMI implementation.
Key considerations
- DMARC Configuration Check: Ensure your DMARC record is properly configured and actively passing authentication checks.
- Choose Alignment Mode Wisely: Select between strict or relaxed DMARC alignment based on your organization's security posture, understanding that relaxed alignment typically meets BIMI's requirements.
- Thorough Testing: Thoroughly test the BIMI implementation to guarantee logo display across various email clients and providers.
What email marketers say
11 marketer opinions
BIMI relies on DMARC for authentication, requiring either SPF or DKIM to pass and align with the 'From' domain. While DMARC alignment can be strict or relaxed, relaxed alignment is generally sufficient for BIMI to function correctly. The consensus is that as long as DMARC passes, the BIMI logo should display, even if the return-path and From domains do not strictly match.
Key opinions
- DMARC Dependency: BIMI's functionality is contingent on a properly configured DMARC record.
- Alignment Requirement: Alignment between the 'From' domain and either the DKIM or SPF record is necessary for BIMI to work.
- Relaxed Alignment Sufficiency: In most cases, relaxed alignment is adequate for BIMI, although strict alignment is also permissible.
Key considerations
- DMARC Configuration: Ensure DMARC is properly configured, as BIMI relies heavily on it.
- Alignment Mode: Choose between strict or relaxed DMARC alignment based on your organization's security needs, but be aware relaxed is commonly sufficient for BIMI.
- Testing and Verification: Thoroughly test BIMI implementation to confirm logo display across different email clients and providers.
Marketer view
Marketer from Email Geeks responds maybe they care about it for other reasons, but it’s not required for BIMI, at least from their experience.
26 Apr 2023 - Email Geeks
Marketer view
Email marketer from ZeroBounce states that BIMI relies on DMARC authentication, necessitating alignment between the 'From' domain and either the DKIM or SPF records. Both strict and relaxed alignment modes are permissible.
31 Mar 2024 - ZeroBounce
What the experts say
1 expert opinions
BIMI relies on DMARC for authentication. The domain in the 'From' header must align with either the d= domain in the DKIM signature or the domain used for SPF. Whether this alignment needs to be strict or can be relaxed is governed by the DMARC policy.
Key opinions
- DMARC is Mandatory: BIMI requires a functioning DMARC policy for authentication.
- Domain Alignment: The 'From' domain must align with either the DKIM or SPF domain.
- Alignment Flexibility: The DMARC policy dictates whether strict or relaxed alignment is required.
Key considerations
- Review DMARC Policy: Carefully review your DMARC policy to understand the required alignment mode (strict or relaxed).
- DKIM and SPF Setup: Ensure DKIM and SPF are properly configured and aligned with your 'From' domain.
- BIMI Testing: Test your BIMI setup to ensure that the logo is displayed correctly.
Expert view
Expert from Spam Resource, John Levine, explains that BIMI requires DMARC, which requires that the domain in the From: header match the d= domain in the DKIM signature, or the domain used for SPF. This alignment can be strict or relaxed, according to the DMARC policy.
12 Jul 2023 - Spam Resource
What the documentation says
3 technical articles
BIMI relies on DMARC for authentication. DMARC requires either strict or relaxed identifier alignment between the 'From' domain and the DKIM signature domain or the SPF authorized domain. BIMI needs a valid and passing DMARC record to function.
Key findings
- DMARC is essential: BIMI's functionality depends on a correctly configured and passing DMARC record.
- Alignment Flexibility: DMARC alignment modes, both strict and relaxed, are acceptable for BIMI.
- SPF/DKIM Alignment: For SPF, the Return-Path domain must align with the From domain. For DKIM, the d= domain in the DKIM signature must align with the From domain.
Key considerations
- DMARC Validation: Verify that DMARC is correctly set up and is passing for your domain.
- SPF and DKIM Configuration: Ensure proper configuration of SPF and DKIM records to achieve the necessary alignment with the 'From' domain.
- Monitor DMARC Reports: Regularly monitor DMARC reports to ensure continued compliance and identify any potential issues.
Technical article
Documentation from BIMI Group specifies that BIMI leverages DMARC for authentication. DMARC requires either strict or relaxed identifier alignment to pass. For SPF, the Return-Path domain must align with the From domain. For DKIM, the d= domain in the DKIM signature must align with the From domain.
9 Mar 2025 - BIMI Group
Technical article
Documentation from dmarcian clarifies that BIMI needs a valid DMARC record. DMARC alignment modes (strict or relaxed) impact whether the domain in the 'From' header needs to perfectly match the DKIM signing domain or the SPF authorized domain. Either alignment is suitable for BIMI
31 Aug 2023 - dmarcian
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Do I need a VMC for BIMI to work with Google and Gmail?
Does BIMI impact email deliverability?
Does BIMI improve email deliverability?
Does BIMI require DMARC at the organizational level, and can it be implemented only at the subdomain level?
How do I implement BIMI and get my logo to show in Gmail and Yahoo Mail?
How do I set up DMARC for BIMI and what are the key considerations?
How do SPF, DKIM, and DMARC affect email deliverability with Cvent?
