Summary
Setting up BIMI (Brand Indicators for Message Identification) DNS records involves creating specific TXT records for the domains and subdomains from which you send email. For your main (apex) domain, the record typically uses "_bimi.yourdomain.com" as the host. When configuring BIMI for a subdomain, such as "marketing.yourdomain.com", the host should be "_bimi.marketing.yourdomain.com". A critical prerequisite for BIMI to function, especially for subdomains, is an enforcing DMARC policy (p=quarantine or p=reject) on the apex domain, even if your BIMI record is placed solely on a subdomain. The precise placement of the BIMI record depends on your email sending strategy, as it must align directly with the domain or subdomain used in the 'From:' address of your outgoing messages.
Key findings
- Specific record structure: BIMI records are TXT records formatted with a "_bimi" prefix directly preceding the specific domain or subdomain from which emails are sent. For an apex domain (e.g., yourdomain.com), the record is "_bimi.yourdomain.com". For a subdomain (e.g., mail.yourdomain.com), it is "_bimi.mail.yourdomain.com".
- DMARC enforcement is mandatory: An enforcing DMARC policy (p=quarantine or p=reject) must be present on the apex domain for BIMI to function, particularly when implementing it for subdomains. This requirement applies even if the BIMI record itself resides only on a subdomain.
- Alignment with sending domain: The BIMI record must be published on the exact domain or subdomain that appears in the 'From:' address of your email. This ensures proper discovery and display of your brand logo.
- Flexible implementation: While a single BIMI record at the top-level domain may sometimes apply to subdomains, explicit records on individual subdomains offer more granular control and are often the preferred method for clear identification.
Key considerations
- DMARC policy status: Before attempting BIMI implementation, confirm that your apex domain has an enforcing DMARC policy set to either quarantine or reject.
- Sending domain precision: Identify all specific domains and subdomains from which you send email, as each will require its own correctly formatted BIMI TXT record if you desire branding for those sending identities.
- Desired scope of BIMI display: Decide whether you want your BIMI logo to appear for all emails originating from your primary domain and its subdomains, or only for specific sending identities, which will dictate your DNS record placement strategy.
What email marketers say
11 marketer opinions
Implementing Brand Indicators for Message Identification (BIMI) requires precise DNS TXT record configuration for both apex domains and their subdomains. For a primary domain, the necessary record is set with a host name such as "_bimi.yourdomain.com". When extending BIMI to a specific subdomain, for example, "newsletters.yourdomain.com," the corresponding TXT record must uniquely target it, appearing as "_bimi.newsletters.yourdomain.com." This ensures the brand logo displays accurately for the exact domain or subdomain from which an email originates. A fundamental requirement for any BIMI deployment, especially concerning subdomains, is an enforcing DMARC policy (p=quarantine or p=reject) on the apex domain. This DMARC enforcement is crucial even if the BIMI record itself is only published on a subdomain.
Key opinions
- Exact record naming convention: BIMI TXT records always begin with the "_bimi" prefix, followed by the specific domain or subdomain from which mail is sent (e.g., "_bimi.yourdomain.com" for the apex domain or "_bimi.marketing.yourdomain.com" for a subdomain).
- Apex DMARC enforcement: A DMARC policy of p=quarantine or p=reject on the apex domain is a non-negotiable prerequisite for BIMI functionality, even when the BIMI record is solely on a subdomain.
- Domain alignment is key: The BIMI record must be published directly on the precise domain or subdomain used in the email's 'From' header to ensure proper brand logo display for recipients.
- Flexible deployment for scope: While a single top-level BIMI record might, in some cases, implicitly cover subdomains, explicit records on individual subdomains often offer more granular control over brand display for specific sending identities.
Key considerations
- Verify DMARC policy: Confirm your apex domain's DMARC policy is set to an enforcing state (quarantine or reject) prior to initiating BIMI setup, as this is a fundamental requirement for BIMI to function.
- Map sending identities: Clearly identify every domain and subdomain used for sending email, as each may require its own dedicated BIMI record for complete brand coverage and proper logo display.
- Define display strategy: Determine whether a universal BIMI logo across all sending domains and subdomains is desired, or if specific subdomains require unique brand identifiers, which will guide your record placement strategy.
Marketer view
Marketer from Email Geeks explains that a single BIMI TXT record for the top-level domain will inherit to all subdomains, while multiple records will make BIMI show only on those specific subdomains. They note that the choice depends on whether the customer wants BIMI at the top level and all subdomains, or just specific subdomains.
14 Jan 2024 - Email Geeks
Marketer view
Marketer from Email Geeks clarifies that BIMI records do not necessarily need to be at the root domain for recognition. They state that if mail is sent from a subdomain, and a BIMI record exists directly on that subdomain (even without one at the root), the BIMI logo will display.
8 Oct 2023 - Email Geeks
What the experts say
2 expert opinions
Configuring Brand Indicators for Message Identification (BIMI) involves placing a specific DNS TXT record that directly corresponds to the domain or subdomain from which email is sent. This record must always be published at default._bimi.sendingdomain.com, where "sendingdomain.com" precisely refers to the domain or subdomain appearing in your email's "From:" address. Whether you are sending from your primary apex domain (e.g., yourcompany.com) or a specific subdomain (e.g., announcements.yourcompany.com), the BIMI record's location in DNS must align exactly with that sending identity for your brand logo to display correctly. This ensures that the recipient's mail client can accurately fetch and verify your desired brand image.
Key opinions
- Precise domain alignment: BIMI DNS TXT records must be published for the exact domain or subdomain used in the email's "From:" address, ensuring direct alignment between the sending identity and the brand logo displayed.
- Universal application: This requirement applies equally to both apex domains (e.g., example.com) and any subdomains (e.g., newsletter.example.com) from which mail originates.
- Standardized host format: The host for the BIMI TXT record should be default._bimi.sendingdomain.com, where "sendingdomain.com" is replaced by the specific sending domain or subdomain.
Key considerations
- Identify all sending identities: Create a comprehensive list of all apex domains and subdomains from which your organization sends email, as each will require a dedicated BIMI record for proper logo display.
- Exact record placement: Ensure that the BIMI TXT record is published at the precise default._bimi location for each specific sending domain or subdomain identified, matching the "From:" header.
- DMARC policy enforcement: Verify that an enforcing DMARC policy (p=quarantine or p=reject) is active on your apex domain, as this is a fundamental prerequisite for BIMI to function correctly for both apex and subdomain sending.
Expert view
Expert from Spam Resource explains that a BIMI DNS record is published in the DNS for the specific domain or subdomain from which an email is sent. This means if you send email from a subdomain (e.g., newsletter.example.com), the BIMI record should be set up for that subdomain, aligning with the DMARC policy for the sending domain.
4 Jun 2023 - Spam Resource
Expert view
Expert from Word to the Wise explains that a BIMI DNS TXT record should be published at default._bimi.sendingdomain.com, where sendingdomain.com refers specifically to the domain used in your email's From: address. This means that whether you are sending from an apex domain (e.g., example.com) or a subdomain (e.g., newsletter.example.com), the BIMI record must be placed directly on that specific sending domain or subdomain.
12 Feb 2023 - Word to the Wise
What the documentation says
6 technical articles
To successfully implement BIMI for both your primary apex domain and any associated subdomains, the process consistently involves publishing a specific DNS TXT record. This record must be precisely formatted to include the _bimi selector, which is then prepended to the exact domain or subdomain from which your email originates. For an apex domain like yourcompany.com, the required TXT record will be found at _bimi.yourcompany.com. Similarly, when applying BIMI to a subdomain such as news.yourcompany.com, the record must be located at _bimi.news.yourcompany.com. This ensures receiving mail servers can correctly discover and validate your brand logo based on the 'from' address of your messages.
Key findings
- Universal record structure: BIMI DNS records are always TXT type records, standardized with a _bimi prefix, directly followed by the specific domain or subdomain used for email sending.
- Apex domain placement: For your primary apex domain (for example, example.com), the BIMI TXT record is published at _bimi.example.com.
- Subdomain specific record: For any subdomain used for sending (for example, marketing.example.com), a distinct BIMI TXT record must be created at _bimi.marketing.example.com.
- Host field variation: Depending on your DNS provider, the 'name' or 'host' field for the TXT record might simply be _bimi (for apex) or _bimi.sub (for subdomain), with the full domain appended automatically by the system.
Key considerations
- Map sending identities: Identify every apex domain and subdomain from which your organization sends email, as each will require its own distinct BIMI TXT record for proper logo display.
- Precise dns entry: Ensure accurate entry of the _bimi prefix and the correct domain/subdomain into your DNS provider's interface, paying attention to how they handle the 'name' or 'host' field.
- DMARC enforcement status: Confirm your apex domain has an enforcing DMARC policy (p=quarantine or p=reject) active, as this remains a fundamental prerequisite for BIMI to function across both apex and subdomain sending.
Technical article
Documentation from BIMI Group specifies that BIMI DNS records are TXT records that must be published on a subdomain of the sending domain. For an apex domain (e.g., yourdomain.com), the record should be placed at _bimi.yourdomain.com. For a subdomain (e.g., mail.yourdomain.com), the record should be placed at _bimi.mail.yourdomain.com. This ensures the correct discovery by receiving mail servers.
16 Oct 2024 - BIMI Group
Technical article
Documentation from M3AAWG (Messaging, Malware and Mobile Anti-Abuse Working Group) outlines that the BIMI TXT record should always be published at a specific hostname. For the primary domain (often referred to as an apex or organizational domain), the record should be set up as _bimi.yourdomain.com. When setting up BIMI for a subdomain, the record must be _bimi.subdomain.yourdomain.com, ensuring a distinct record for each sending identity.
14 Oct 2023 - M3AAWG
Does BIMI trickle down to subdomains and how to control subdomain BIMI display?
How do I implement BIMI for multiple brands with subdomains?
How do I implement DMARC with BIMI on multiple subdomains?
How to apply BIMI to a specific subdomain instead of the entire domain?
How to implement BIMI on a subdomain without affecting the main domain or transactional emails?
How to set up BIMI records for multiple subdomains while excluding the parent domain?
