How do I implement BIMI for multiple brands with subdomains?
Michael Ko
Co-founder & CEO, Suped
Published 26 May 2025
Updated 16 Aug 2025
8 min read
Implementing Brand Indicators for Message Identification (BIMI) can significantly enhance your brand's presence in the inbox by displaying your logo next to your authenticated emails. While the concept is straightforward for a single brand on a single domain, it becomes more nuanced when dealing with multiple brands, especially when they operate under subdomains of a primary organizational domain.
The key challenge lies in ensuring each brand's unique identity is correctly displayed while adhering to BIMI's technical requirements and the mailbox providers' policies. I often encounter questions about how the corporate level BIMI interacts with individual brand subdomains, and whether each brand needs its own setup. Here, I'll break down the process for successfully implementing BIMI across multiple brands that use subdomains.
Meeting core BIMI authentication requirements
Before you can even consider displaying a logo via BIMI, strong email authentication is a non-negotiable prerequisite. This means ensuring your domains are properly configured with SPF, DKIM, and DMARC. Specifically for BIMI, your DMARC policy must be set to enforcement, meaning either p=quarantine or p=reject. This robust authentication signals to mailbox providers that you are taking steps to prevent email spoofing and phishing, building the trust necessary for BIMI.
For organizations with multiple brands using subdomains, the DMARC policy typically resides at the organizational (root) domain level. This policy then applies to all subdomains, assuming no specific DMARC record is published at the subdomain level. While a DMARC record on the parent domain is inherited by all subdomains automatically, some companies choose to implement specific DMARC policies for their subdomains if they have distinct sending practices or brand requirements.
It's crucial that your DMARC alignment is correct. Both SPF and DKIM must align with the From header domain for DMARC to pass. If your subdomains are sending emails, their SPF and DKIM records must properly align with the subdomain being used in the From address. You can learn more about DMARC, SPF, and DKIM in our comprehensive guide.
For a successful setup, I recommend using a DMARC record generator to ensure the correct syntax. You'll also want to start DMARC monitoring to receive reports and verify your authentication is working as expected across all your sending sources and subdomains.
DMARC enforcement for BIMI
BIMI requires your DMARC policy to be at an enforcement level (p=quarantine or p=reject) for the domain from which the email is sent. This also applies to subdomains. An organizational DMARC policy covers subdomains unless a specific subdomain DMARC record overrides it. It's essential to understand how DMARC policies cascade to subdomains.
BIMI and subdomain flexibility
When implementing BIMI for multiple brands that use subdomains, you generally have two main approaches: a single BIMI record at the organizational domain that trickles down to subdomains, or distinct BIMI records for each subdomain. While a default BIMI record should be published at the organizational domain, allowing inheritance by all subdomains, if a BIMI record is found at a subdomain, the mailbox provider will use that specific record instead.
This flexibility is crucial for multi-brand scenarios. For example, if your corporate domain is example.com, and you have brands operating as brand1.example.com and brand2.example.com, you can publish separate BIMI records for each subdomain. This allows brand1.example.com to display its specific logo, and brand2.example.com to display its own, distinct logo.
The BIMI standard includes a selector parameter, similar to DKIM selectors, which enables the display of different logos for multiple brands or different use cases within the same domain or subdomain. This means you can have marketing.example.com show one logo, and transactional.example.com show another, all under the same parent domain. While the selector is an option, it's not yet universally adopted by all mailbox providers, so direct subdomain records are often the most reliable approach for distinct logos.
For specific scenarios, you might want to apply BIMI to a specific subdomain rather than the entire domain. This is achievable by publishing the BIMI TXT record directly on the desired subdomain. This granular control allows you to tailor brand representation precisely where it's needed, without affecting other subdomains or the parent domain.
Managing verified mark certificates (VMCs) for distinct brands
A crucial component for BIMI display, especially with major providers like Gmail and Yahoo Mail, is the Verified Mark Certificate (VMC). A VMC is a digital certificate that verifies your organization's ownership of a trademarked logo. This adds an extra layer of trust, assuring recipients that the logo displayed is indeed legitimate and owned by the sender.
For multiple brands operating on subdomains, the VMC strategy depends on whether each brand has a distinct, trademarked logo. If each brand uses a unique logo, then each unique logo will require its own VMC. This means if brand1.example.com and brand2.example.com each have their own logos, you will need a separate VMC for each. This is confirmed by DigiCert, a leading VMC provider, who states that each logo will need its own VMC.
The logo itself must be in SVG format and hosted on a secure (HTTPS) server. It should also meet specific technical requirements to ensure proper rendering across different email clients. Obtaining a VMC involves a verification process with a Certificate Authority, which ensures your logo is indeed a registered trademark.
Once you have your DMARC set up and your VMCs (if required) and SVG logos ready, the final step is to publish your BIMI DNS TXT records. Each subdomain for which you want to display a unique logo will need its own BIMI TXT record. This record points to the location of your SVG logo and, if applicable, your VMC.
The basic format for a BIMI record using the default selector (default) for a subdomain, brand1.example.com, would look like this.
Example BIMI DNS TXT record for a subdomaindns
default._bimi.brand1.example.com. IN TXT "v=BIMI1; l=https://cdn.example.com/brand1_logo.svg; a=https://cdn.example.com/brand1_vmc.pem;"
In this record:
v=BIMI1: Specifies the BIMI version.
l=URL: Points to the SVG logo file URL. This must be HTTPS.
a=URL: (Optional) Points to the Verified Mark Certificate (VMC) PEM file URL. This is required by many mailbox providers.
Repeat this process for each subdomain and brand combination that requires a distinct logo. Remember to keep the SVG logos and VMC files securely hosted and accessible via HTTPS. You can find more details on how to set up BIMI DNS records for subdomains in our knowledge base. Regular checks of your BIMI implementation are also advised, as some external factors or changes to your DNS can impact its display.
Logo display: Each subdomain displays its own unique logo. Ideal for distinct brand identities.
VMC: A separate VMC is required for each unique logo that is trademarked and needs to be displayed.
Final thoughts
Implementing BIMI for multiple brands with subdomains requires careful planning and execution. The key is to ensure robust DMARC enforcement across all relevant domains and subdomains, and then to strategically deploy BIMI TXT records along with the correct VMCs for each unique brand logo. By following these steps, you can successfully enhance the visual presence of all your brands in the inbox, boosting trust and engagement.
While BIMI offers significant benefits, monitoring your email deliverability and ensuring your compliance with email authentication standards remains paramount. Continuous monitoring and adjustments will help you maintain optimal inbox placement and brand recognition.
Views from the trenches
Best practices
Ensure DMARC is at an enforcement policy (quarantine or reject) for all domains and subdomains that will have BIMI.
Utilize BIMI selectors if you need to display different logos for different email types (e.g., marketing vs. transactional) from the same domain or subdomain.
Obtain a separate Verified Mark Certificate (VMC) for each unique, trademarked logo you wish to display.
Host all SVG logos and VMC files on a secure, publicly accessible web server (HTTPS).
Regularly monitor your DMARC reports to ensure proper alignment and identify any authentication issues that could affect BIMI display.
Common pitfalls
Implementing BIMI before achieving DMARC enforcement, which will prevent your logo from displaying.
Using a single VMC for multiple distinct logos, as each unique trademarked logo requires its own VMC.
Hosting SVG logos or VMC files on an insecure (HTTP) server, which will lead to BIMI failure.
Incorrectly configuring BIMI DNS TXT records, such as typos or missing required parameters.
Expecting BIMI to work on subdomains if the organizational domain's DMARC policy is not at enforcement.
Expert tips
Prioritize DMARC implementation and consistent reporting before moving to BIMI.
Leverage the flexibility of subdomain-specific BIMI records for distinct brand identities.
Keep an eye on industry updates regarding BIMI selectors, as support may expand over time.
Ensure your SVG logo strictly adheres to BIMI specifications for optimal rendering.
Consider a phased rollout of BIMI, starting with a key sending domain or subdomain.
Expert view
Expert from Email Geeks says BIMI can be published at the organizational domain, or a specific subdomain.
2021-08-27 - Email Geeks
Expert view
Expert from Email Geeks says you do not need to apply BIMI at the organizational level, but your organization and its subdomains must have a DMARC policy set to quarantine or reject.
Gmail and 
Yahoo Mail, is the Verified Mark Certificate (VMC). A VMC is a digital certificate that verifies your organization's ownership of a trademarked logo. This adds an extra layer of trust, assuring recipients that the logo displayed is indeed legitimate and owned by the sender.
