Does BIMI require strict alignment between From and return-path domains?
Matthew Whittaker
Co-founder & CTO, Suped
Published 12 Aug 2025
Updated 16 Aug 2025
7 min read
BIMI (Brand Indicators for Message Identification) allows brands to display their logo next to their authenticated emails in supporting inboxes. This visual trust signal relies heavily on robust email authentication, primarily DMARC.
A common question arises regarding the specific alignment requirements for BIMI, particularly concerning the From domain and the Return-Path (or Mail From) domain. While DMARC defines alignment modes, it's important to clarify if BIMI mandates strict alignment for the Return-Path or if relaxed alignment is sufficient.
Before diving into BIMI's specifics, let's understand email domain alignment within the context of SPF and DKIM, which are foundational for DMARC. SPF alignment focuses on whether the Return-Path domain (also known as Mail From or Envelope From) matches the From header domain, the one visible to recipients. This is critical for authentication.
DKIM alignment, on the other hand, checks if the d= tag in the DKIM signature matches the From header domain. Both SPF and DKIM can operate in either "relaxed" or "strict" alignment modes, as defined in your DMARC record. Understanding these differences is key to proper email authentication.
Relaxed alignment permits the use of subdomains, meaning sub.example.com would align with example.com. Strict alignment, however, demands an exact domain match. This distinction is crucial for how DMARC processes your email authentication results, directly impacting how receiving servers treat your mail. You can learn more about how relaxed domain alignment works.
While DMARC defines these modes, the ultimate goal for BIMI is that at least one of these authentication methods (SPF or DKIM) passes alignment, allowing DMARC to validate the email. This flexibility ensures that various email sending configurations can still support BIMI.
Strict alignment
Exact match: Requires the domains to be identical. For SPF, mail.example.com would not align with example.com.
Higher security: Offers maximum protection against spoofing as it leaves less room for variation.
Potential for failure: Can be more challenging to implement, especially with third-party sending services that use different domains for the Return-Path.
Relaxed alignment
Organizational domain match: Allows subdomains to align with the root domain. For example, mail.example.com would align with example.com.
Flexibility: Easier to implement with various email service providers and complex sending setups.
Common choice: Many organizations use relaxed alignment to ensure DMARC passes without extensive reconfigurations.
How DMARC uses alignment
DMARC (Domain-based Message Authentication, Reporting & Conformance) is the key protocol that BIMI leverages. For an email to pass DMARC, it must pass either SPF alignment or DKIM alignment. It doesn't require both, nor does it typically mandate strict alignment for either by default, unless specified in the DMARC record itself.
If an email fails DMARC authentication, the DMARC policy (p=none, p=quarantine, or p=reject) dictates how receiving mail servers should handle the message. For BIMI to display a logo, the domain must have a DMARC policy set to at least p=quarantine or, ideally, p=reject. This ensures strong authentication and prevents unauthorized use of your brand. You can learn more about DMARC's foundational role from DMARC.org.
This brings us back to the core question about Return-Path alignment. While the Return-Path domain is critical for SPF authentication, BIMI's primary requirement is simply that the email passes DMARC. This means if your DKIM record aligns, even with a mismatched Return-Path (which would fail SPF alignment), your email could still pass DMARC and qualify for BIMI.
The flexibility of DMARC, allowing either SPF or DKIM to align, is what makes BIMI implementation adaptable to various sending infrastructures. Focusing on getting DMARC to pass is the correct approach, regardless of the specific alignment mode for Return-Path. A simple guide to DMARC, SPF, and DKIM can clarify these protocols further.
For BIMI to display your logo, your domain's DMARC policy must be set to either p=quarantine or p=reject. A p=none policy will not enable BIMI, as it indicates a monitoring-only phase without enforcement. For guidance, see how to safely transition your DMARC policy.
BIMI's specific alignment requirements
The BIMI standard itself does not explicitly require strict alignment between the From and Return-Path domains. Instead, it relies entirely on the successful authentication and alignment check performed by DMARC. As long as your email passes DMARC validation, either through SPF alignment or DKIM alignment, it meets BIMI's foundational requirement. This means if DKIM aligns, SPF alignment isn't necessarily a blocking point for BIMI.
It's important to remember that DMARC SPF alignment specifically looks at the Return-Path domain matching the From domain. If you opt for relaxed SPF alignment, sub.yourdomain.com would align with yourdomain.com. However, if your DKIM signature is aligned (matching the d= tag to your From domain), then SPF alignment becomes less critical for the DMARC pass, and consequently, for BIMI display. For more details, refer to why DKIM alignment is important.
While BIMI doesn't strictly mandate Return-Path alignment, it's always a best practice to ensure all authentication mechanisms are as robust as possible. Some mailbox providers may have internal preferences or algorithms that favor stricter alignment, even if not explicitly required by the BIMI specification. This enhances your overall sender reputation. Detailed BIMI requirements and implementation steps are available for further guidance.
Navigating mailbox provider nuances
While the BIMI specification broadly states the need for a passing DMARC policy, individual mailbox providers (like Google, Yahoo, etc.) interpret and apply these standards with their own nuances. Some providers might have additional internal criteria or reputation heuristics that indirectly favor stricter alignment for SPF, even if not a hard BIMI requirement.
For example, an email that passes DMARC via DKIM alignment, but fails SPF alignment due to a disparate Return-Path domain, might still display the BIMI logo. However, maintaining consistent alignment across all authentication protocols (SPF, DKIM, and DMARC) often contributes to a stronger sender reputation and better inbox placement overall. This aligns with recent changes by Google and Yahoo for bulk senders.
Ultimately, the most crucial factor for BIMI display is a correctly configured and enforced DMARC policy (p=quarantine or p=reject) combined with proper authentication. Focusing on achieving DMARC compliance, whether through SPF or DKIM alignment (or both), is the direct path to enabling BIMI and leveraging its brand-building benefits. This is a critical step in modern email security.
Element
Role in DMARC/BIMI
Alignment requirement for BIMI
From domain
Visible sender identity.
Must align with either SPF or DKIM domain.
Return-Path domain
Used for SPF authentication and bounce messages.
Requires alignment with From domain for SPF to pass DMARC.
DKIM d= domain
Domain signing the email.
Requires alignment with From domain for DKIM to pass DMARC.
DMARC policy (p=)
Instructs receiving servers on handling unauthenticated mail.
Must be at p=quarantine or p=reject.
Views from the trenches
Best practices
Ensure your DMARC record is set to a policy of p=quarantine or p=reject.
Prioritize achieving DMARC compliance, whether through SPF or DKIM alignment.
Use custom DKIM selectors for all sending platforms.
Common pitfalls
Assuming relaxed alignment is always sufficient for all mailbox providers.
Not monitoring DMARC reports, leading to unnoticed alignment failures.
Expert tips
Even if BIMI primarily cares about DMARC passing, stronger overall authentication with aligned SPF and DKIM helps deliverability.
Some receivers might have internal reputation systems that favor stricter alignment, even if not explicitly required.
Always test your email authentication thoroughly after making DNS changes.
Marketer view
Marketer from Email Geeks says that from their experience, as long as DMARC passes, the logo will show up. They have a customer using Mailchimp where the Return-Path and From domains do not match, but DKIM passes alignment and the logo still displays.
2022-09-28 - Email Geeks
Marketer view
Marketer from Email Geeks states that while other factors might be important to providers, strict Return-Path alignment is not a direct requirement for BIMI based on their observations.
2022-09-28 - Email Geeks
Key takeaways for BIMI and alignment
To summarize, BIMI does not impose a strict alignment requirement specifically between the From and Return-Path domains. Its core dependency is a passing DMARC check. This means that if your email passes DMARC via DKIM alignment, even if SPF alignment (which involves the Return-Path domain) is relaxed or fails, your BIMI logo can still display. The key is DMARC enforcement.
While strict SPF alignment isn't a direct BIMI mandate, pursuing the strongest possible email authentication is always beneficial for overall deliverability and sender reputation. This includes aligning your From domain with both your SPF and DKIM domains where feasible. Ensuring robust DMARC implementation is the most direct route to unlocking BIMI's brand-building benefits and improving trust in your email communications.
Google, 
Yahoo, etc.) interpret and apply these standards with their own nuances. Some providers might have additional internal criteria or reputation heuristics that indirectly favor stricter alignment for SPF, even if not a hard BIMI requirement.
