Summary
For email logo display, BIMI (Brand Indicators for Message Identification) relies on a Verified Mark Certificate (VMC) to authenticate the brand's logo. While the VMC verifies the organizational domain, the practical implementation of BIMI for subdomains requires domain-specific configuration. Each subdomain used for sending emails must have its own DMARC policy at an enforcement level, alongside a corresponding BIMI TXT record in its DNS, pointing to the verified logo via the VMC. This setup ensures that the correct, trademarked logo is displayed next to emails in supported inboxes, significantly boosting brand recognition and recipient trust by providing a visual signal of authenticity and helping combat impersonation.
Key findings
- VMC Covers Organization: A Verified Mark Certificate (VMC) is issued to the legal entity owning the trademarked logo, verifying the organizational domain rather than individual subdomains, yet its cryptographic binding 'trickles down' in principle to associated sending domains.
- BIMI Records are Domain-Specific: While the VMC validates the organization, the BIMI DNS TXT record itself must be present for the specific domain or subdomain from which emails are sent if a logo is desired for those particular sends.
- No VMC, No Logo: Mailbox providers such as Google and Apple will not display an email sender's logo via BIMI without a Verified Mark Certificate, as they do not accept self-asserted BIMI records for logo display.
- Authentication for Logo Display: VMCs provide the necessary cryptographic assurance that the displayed logo is indeed owned and trademarked by the sending organization, which is integral for enhancing trust and preventing malicious actors from displaying fake logos.
Key considerations
- Subdomain-Specific Setup: For email logo display, each subdomain used for sending emails must have its own BIMI TXT record published in its DNS, referencing the verified logo and VMC, if applicable.
- DMARC Enforcement: BIMI requires a robust DMARC policy set at an enforcement level (p=quarantine or p=reject) for the specific sending domain or subdomain, a critical prerequisite for logo display.
- VMC Validation: The Verified Mark Certificate, or VMC, is crucial because it cryptographically binds a trademarked logo to a verified organization, providing essential validation to mailbox providers like Google and Apple that the logo is legitimate and authorized for display.
- Brand Trust and Recognition: Beyond technical setup, BIMI with a VMC is paramount for establishing brand authenticity and trust, allowing recipients to instantly recognize and confidently engage with emails from legitimate senders, which also helps combat phishing.
What email marketers say
10 marketer opinions
While a Verified Mark Certificate (VMC) validates the authenticity of a brand's logo at the organizational level, ensuring its legitimacy, displaying this logo for emails sent from subdomains requires specific, per-subdomain configuration. Each subdomain must have its own DMARC policy set to an enforcement level and a corresponding BIMI DNS TXT record pointing to the VMC-verified logo. This meticulous setup is critical because major mailbox providers like Google and Apple will only display logos backed by a VMC, rejecting self-asserted records. The combined effect of verified logos enhances brand recognition and recipient trust, making emails stand out and significantly improving overall engagement.
Key opinions
- VMC's Role in Display: A VMC is the fundamental requirement from mailbox providers like Google and Apple for displaying any BIMI logo, as they don't trust self-asserted records.
- Subdomain Specificity: To display a logo for emails sent from a subdomain, a distinct BIMI DNS TXT record must be published for that specific subdomain, linking to the VMC-verified image.
- DMARC Enforcement for Subdomains: Each subdomain attempting to display a BIMI logo must first have an active DMARC policy configured at an enforcement level, either quarantine or reject.
- Enhanced Brand Trust and Recognition: The combination of BIMI and a VMC provides visual authentication in the inbox, significantly boosting brand recognition, recipient trust, and overall email engagement by preventing imposter logos.
Key considerations
- Granular Subdomain Configuration: While a VMC verifies the organizational domain, each subdomain from which email is sent requires its own BIMI DNS TXT record and a DMARC policy set to enforcement for logo display.
- VMC's Central Role: Acquiring a Verified Mark Certificate is non-negotiable for major mailbox providers to display your brand's logo, as it verifies the authenticity of your trademarked image and organizational identity.
- Visual Authenticity and Trust: The primary importance of BIMI with VMC is its ability to provide strong visual authentication, reassuring recipients of the sender's legitimacy and preventing the display of fraudulent logos.
- Strategic Brand Visibility: Leveraging BIMI with a VMC allows for consistent, verified brand logo display directly in the inbox, which significantly increases brand recall and engagement rates, making emails more recognizable.
Marketer view
Marketer from Email Geeks confirms that a VMC at the organizational domain will 'trickle down' to sub-domains, allowing the BIMI image to be displayed.
1 Jun 2025 - Email Geeks
Marketer view
Marketer from Email Geeks explains that without a VMC (Verified Mark Certificate), Google and Apple will not display an email sender's logo, as they do not accept self-asserted records for BIMI.
20 Jul 2024 - Email Geeks
What the experts say
4 expert opinions
Displaying a brand's verified logo through BIMI, especially for emails originating from subdomains, involves a nuanced approach. A Verified Mark Certificate (VMC) authenticates the logo at the organizational domain level, confirming its ownership and trademark status. However, to ensure logo display, each specific subdomain used for sending email must publish its own BIMI TXT record in its DNS, referencing this VMC-validated logo. This granular configuration is crucial because BIMI policies, much like DMARC, are evaluated at the exact sending domain, and mailbox providers rely on the VMC to prove the logo's legitimacy, preventing impersonation and fostering recipient trust.
Key opinions
- VMC Validates Organization: A Verified Mark Certificate (VMC) validates the authenticity of a brand's logo at the organizational domain level, providing the foundational verification for its use across the brand's sending infrastructure.
- Subdomain Specific Policies: BIMI policies, similar to DMARC, are assessed at the granular domain or subdomain level from which an email originates, requiring separate BIMI TXT records for each sending subdomain to display the logo.
- VMC Critical for Trust: The VMC is essential for email logo display because it acts as the authoritative proof of logo ownership, issued by a Certificate Authority, thereby preventing fraudulent logo use and building sender credibility.
Key considerations
- Subdomain DNS Records: Ensure that every subdomain used for sending emails has a correctly configured BIMI TXT record in its DNS zone, pointing to the validated logo via the VMC, even if the VMC itself is at the organizational domain level.
- Mandatory DMARC Enforcement: For BIMI logo display on subdomains, it is imperative that each sending subdomain has an active DMARC policy set to an enforcement level, such as 'quarantine' or 'reject', to ensure proper email authentication.
- VMC for Verified Brand Trust: Recognize that the Verified Mark Certificate is the pivotal element for displaying a trusted logo, as it provides the crucial, third-party verified assurance of brand ownership and logo legitimacy, thereby significantly enhancing recipient trust and preventing brand abuse.
Expert view
Expert from Email Geeks explains that for BIMI VMC certificates, you only need to verify the organizational domain, not each sub-domain.
6 Sep 2022 - Email Geeks
Expert view
Expert from Spamhaus Forum responds that BIMI policies, similar to DMARC policies, are evaluated at the specific domain level from which an email is sent. If a company uses subdomains for different sending purposes (e.g., `marketing.example.com`, `support.example.com`), each of these subdomains would require its own BIMI TXT record in its DNS zone to display the logo, provided its DMARC policy is also enforced.
16 Mar 2023 - Spamhaus Forum
What the documentation says
6 technical articles
BIMI's effectiveness in displaying a brand's verified logo, especially for emails originating from subdomains, hinges on a meticulous, domain-specific configuration despite the Verified Mark Certificate (VMC) being issued at the organizational level. While the VMC authenticates the trademarked logo for the brand as a whole, each subdomain designated for email sending must independently publish its own BIMI TXT record, directing mail receivers to the VMC-validated logo. This precise setup is critical, as it ensures that the logo displayed is genuinely tied to the sending subdomain and its DMARC enforcement policy, preventing unauthorized usage and bolstering recipient trust through a clear visual signal of authenticity.
Key findings
- Organizational VMC, Subdomain BIMI: A Verified Mark Certificate (VMC) is issued to validate a trademarked logo for the overarching organization, yet each specific subdomain used for sending emails must publish its own BIMI DNS TXT record to enable logo display.
- DMARC Enforcement for Subdomains: For BIMI to function and display a logo, any subdomain sending emails must first have a DMARC policy configured at an enforcement level, set to either 'quarantine' or 'reject', which is foundational for logo visibility.
- VMC as a Prerequisite for Display: Mailbox providers like Google and Apple will not display a brand's logo via BIMI without a Verified Mark Certificate, emphasizing its role as the critical, third-party verified component for logo authentication.
- Logo Display is Subdomain-Dependent: The ability to display a brand logo is contingent upon having a correctly configured BIMI record present at the exact subdomain from which an email originates, as mail receivers perform the lookup at that specific level.
Key considerations
- Precise Subdomain DNS Setup: Implement individual BIMI DNS TXT records for every subdomain used to send emails, ensuring each correctly points to the VMC-validated logo for proper display.
- Mandatory DMARC Enforcement Per Subdomain: Verify that each email-sending subdomain has its DMARC policy set to an enforcement level, such as 'quarantine' or 'reject', as this is a non-negotiable requirement for BIMI logo visibility.
- VMC as a Trust Mechanism: Understand that the Verified Mark Certificate is vital for establishing and maintaining recipient trust, as it provides verifiable proof of logo ownership, thereby deterring phishing and brand impersonation.
- Strategic Brand Protection and Visibility: Beyond technical compliance, leveraging BIMI with a VMC across all active sending subdomains serves as a powerful tool for brand protection, ensuring consistent, verified logo display that enhances recognition and recipient confidence.
Technical article
Documentation from Google Workspace Admin Help explains that BIMI records are added as TXT records to your domain's DNS settings. While the VMC is issued to the organization, the BIMI record itself must be present for the specific domain or subdomain from which emails are sent to display the logo.
21 Jan 2023 - Google Workspace Admin Help
Technical article
Documentation from DigiCert explains that Verified Mark Certificates (VMCs) are crucial for BIMI because they cryptographically bind a trademarked logo to a verified organization. This validation ensures that only legitimate, verified brand logos are displayed, which significantly enhances brand trust and helps combat phishing by preventing unauthorized logo usage.
21 Jul 2021 - DigiCert
Does BIMI trickle down to subdomains and how to control subdomain BIMI display?
Does domain/IP reputation affect BIMI logo display with VMC?
How do I set up BIMI? Is a VMC certificate always required?
What are the benefits and requirements of BIMI for email deliverability and branding?
What are the benefits of using CMC certificates for BIMI logos?
Why is my BIMI logo not showing up in Gmail despite having a VMC certificate?
