Summary
The question of whether BIMI (Brand Indicator for Message Identification) settings at a top-level domain automatically apply to its subdomains is a common one, especially given how DMARC policies can cascade. While DMARC policies can indeed apply to subdomains (unless explicitly overridden), BIMI's behavior is slightly different. For a BIMI logo to display on a subdomain, the subdomain itself must comply with DMARC's enforcement policy, even if the parent domain has a strong DMARC setup. This means a subdomain's DMARC record cannot be set to 'p=none' or 'sp=none' if you want its BIMI logo to appear. Furthermore, direct control over a subdomain's BIMI display is possible, allowing brands to either enable or explicitly disable the logo for specific subdomains, providing flexibility in branding.
Key findings
- DMARC enforcement: For BIMI to work on a subdomain, that subdomain must be DMARC compliant at an enforcement policy (quarantine or reject). This is a critical prerequisite.
- No automatic trickle-down: Unlike DMARC, BIMI itself does not automatically trickle down from the organizational domain to subdomains without explicit configuration or DMARC alignment. You can find more about this in our article Does a parent domain need BIMI?.
- Subdomain specific records: You can publish a specific BIMI record for a subdomain, or use an organizational domain record that cascades, provided the subdomain meets DMARC requirements.
- Controlling display: It's possible to prevent a subdomain from displaying a BIMI logo even if its DMARC is enforced, by setting a specific BIMI record v=BIMI1; without a logo URL.
Key considerations
- DMARC policy for subdomains: Ensure your DMARC policy (specifically the 'sp' tag for subdomains) is at 'quarantine' or 'reject' for any subdomain where you want BIMI to function. Learn more about this in our guide to DMARC record and policy examples.
- Explicit subdomain BIMI records: If you require different logos or no logo for certain subdomains, you will need to publish specific BIMI TXT records for them. This is discussed further by BIMI Group FAQs for Marketers and ESPs.
- Consistency in branding: Decide on your branding strategy for subdomains. Do you want a consistent logo across all, or variations for different email streams?
- Monitoring and troubleshooting: Regularly check DMARC reports and BIMI display across various mail clients to ensure your logos are appearing as intended on all sending domains, including subdomains.
What email marketers say
Email marketers often approach BIMI from a practical standpoint, focusing on how to get their brand logos to appear reliably in inboxes, especially across diverse sending environments that might involve subdomains. They frequently inquire about the interplay between top-level domain BIMI configurations and the specific requirements for subdomains. The consensus is that while a strong DMARC policy at the organizational level is beneficial, subdomains need their own DMARC enforcement to support BIMI, and specific configurations are needed to manage BIMI display on these sub-entities.
Key opinions
- DMARC prerequisite: Many marketers recognize that DMARC enforcement (p=quarantine or p=reject) is absolutely necessary for BIMI to display, and this applies at the subdomain level too.
- Subdomain independence: Marketers generally understand that while a parent domain DMARC can cover subdomains, BIMI needs specific attention on each subdomain if they are to display a logo.
- Control over display: There's an appreciation for the ability to specifically prevent a logo from showing on a subdomain, even if DMARC is enforced.
- Verification challenges: Some marketers find the Verified Mark Certificate (VMC) process for subdomains to be complex, especially when trying to implement BIMI for multiple brands with subdomains.
Key considerations
- Subdomain DMARC policy: Marketers should confirm their subdomains have DMARC policies set to 'quarantine' or 'reject' for BIMI to work, as outlined in our guide on BIMI DMARC requirements.
- Targeted BIMI records: If a subdomain needs a distinct BIMI logo or no logo at all, create a specific BIMI TXT record for that subdomain. Our article on applying BIMI to a specific subdomain provides guidance.
- Avoid 'sp=none': Be careful with DMARC's 'sp' tag, as a 'sp=none' policy on the organizational domain can prevent BIMI from displaying on subdomains, even with a 'p=reject' on the root.
- Brand consistency: Marketers should ensure their BIMI implementation aligns with their overall brand strategy across all sending domains.
Marketer view
Marketer from Email Geeks suggests that if you want BIMI for a specific subdomain like email.spamresource.com, setting up DMARC and BIMI at the top-level domain spamresource.com may be sufficient.
Marketer view
Marketer from Email Geeks confirms that setting up DMARC and BIMI at the top level should generally enable BIMI to cascade down to subdomains.
What the experts say
Email deliverability experts provide a more technical perspective on BIMI's interaction with subdomains, often emphasizing the underlying DNS and DMARC requirements. They clarify that while DMARC's subdomain policy can influence BIMI, BIMI itself requires specific attention at the subdomain level to ensure proper functionality and brand representation. Experts also offer advanced strategies for managing BIMI across complex domain structures and multiple subdomains.
Key opinions
- DMARC enforcement is paramount: Experts consistently highlight that DMARC must be at an enforcement policy for the specific domain or subdomain attempting to display a BIMI logo. Without this, BIMI will not work.
- Subdomain DMARC nuance: Even if a parent domain has a 'p=reject' policy, if its 'sp' (subdomain policy) tag is 'none', BIMI won't display on subdomains. The subdomain must itself be DMARC-enforced.
- Explicit subdomain control: Experts confirm that a dedicated BIMI record can be published at the subdomain level to control its logo display independently, including explicitly disabling it.
- VMC and subdomains: The process of obtaining and linking Verified Mark Certificates to subdomains adds another layer of complexity, often requiring careful DNS record management.
Key considerations
- Verify DMARC alignment: Before attempting BIMI on subdomains, ensure DMARC is correctly configured and enforcing for those specific subdomains. This is detailed in our guide, A simple guide to DMARC, SPF, and DKIM.
- Subdomain policy management: To ensure BIMI works, confirm that your organizational DMARC record doesn't use 'sp=none' if you want subdomains to inherit enforcement, or explicitly set a strong DMARC for each subdomain.
- BIMI record specificity: For granular control, publishing BIMI TXT records directly at the subdomain level is often the most reliable approach. Refer to Spamresource for expert insights on DNS management.
- Testing and validation: Thoroughly test BIMI display on various email clients for each subdomain to catch any configuration issues.
Expert view
Expert from Email Geeks notes that a key caveat for BIMI display on subdomains is that the subdomain itself must also be compliant with DMARC at enforcement, meaning policies like p=reject; sp=none would prevent BIMI from showing.
Expert view
Expert from Email Geeks provides a useful trick: if you do not want a subdomain to have a BIMI logo, you can set v=BIMI1; in its record without specifying an a= or l= tag, and the logo will not be displayed.
What the documentation says
Official documentation and technical specifications provide the definitive answers regarding BIMI's functionality with subdomains. These sources confirm that while BIMI records are published in DNS, their activation relies heavily on the underlying DMARC authentication and policy enforcement. They outline the specific DNS record structures and the conditions under which a BIMI logo will (or won't) be displayed on subdomains, offering a precise roadmap for implementers.
Key findings
- DMARC enforcement is mandatory: The BIMI specification clearly states that a domain (or subdomain) must be DMARC compliant with a policy of 'quarantine' or 'reject' for BIMI to be considered by email clients.
- Subdomain record flexibility: BIMI Group FAQs explain that a BIMI record can be published for the organizational domain, which may cascade, or a specific record can be published directly for a subdomain to control its logo.
- DNS TXT record format: BIMI records are published as TXT records in DNS, similar to SPF and DKIM, and can be placed at the subdomain level.
- Explicit disabling capability: Documentation supports the method of publishing a minimal BIMI record (e.g., v=BIMI1;) at the subdomain level to explicitly prevent logo display.
Key considerations
- DMARC 'sp' tag effect: Pay close attention to the 'sp' tag in your organizational DMARC record. If it's set to 'none', subdomains won't inherit the enforcement needed for BIMI, even if the 'p' tag is set to 'quarantine' or 'reject'.
- Subdomain DMARC alignment: Ensure that email sent from subdomains properly aligns with their DMARC records (or inherited policies) through SPF and DKIM. This is fundamental for BIMI authentication.
- SVG and VMC requirements: For a Verified Mark Certificate (VMC) to be used with a subdomain, the VMC typically needs to be issued for the organizational domain, and the subdomain must correctly reference the associated logo.
- DNS propagation time: Allow sufficient time for DNS changes to propagate globally after publishing or modifying BIMI records for subdomains.
Technical article
Documentation from BIMI Group states that an organization can publish a BIMI record for their primary domain which may cascade to subdomains, or they can choose to publish distinct records for specific subdomains to manage their logos independently. This provides flexibility.
Technical article
Documentation from BIMI Group clarifies that similar to DKIM, BIMI allows for granular control, where a specific record can override a more general one for a subdomain. This ensures precise branding for different email streams.
Related resources
3 resources
Related pages
Does BIMI require DMARC at the organizational level?
How do I implement BIMI for multiple brands?
How to implement BIMI on a subdomain?
Does a parent domain need BIMI?
How to set up BIMI records for subdomains?
Will BIMI work on multiple levels of subdomains?
How to apply BIMI to a specific subdomain?
A simple guide to DMARC, SPF, and DKIM
Which email clients actually support BIMI?
How to prevent BIMI logos from displaying on subdomains?
