Setting up Brand Indicators for Message Identification (BIMI) can feel like a complex task, especially when you are operating on a shared IP address. Many assume that a dedicated IP is essential for BIMI to work, but I can tell you that is not necessarily the case. While a dedicated IP offers certain advantages for reputation management, BIMI itself is designed to work effectively with shared IPs, provided the foundational email authentication is correctly configured.
My goal is to walk you through the process, debunking common misconceptions and providing clear steps to get your brand logo displayed in inboxes. The core requirements for BIMI revolve around robust email authentication, specifically SPF, DKIM, and DMARC, rather than the type of IP address you use for sending.
I'll cover the essential steps, from ensuring your authentication protocols are in order to publishing your BIMI DNS record. You'll see that a shared IP is not a barrier to achieving the enhanced brand visibility and trust that BIMI offers.
Setting up core email authentication
The foundation of BIMI rests on strong email authentication. This means having Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) properly configured for your sending domain. SPF specifies which IP addresses are authorized to send email on behalf of your domain, while DKIM adds a digital signature to your emails, verifying their authenticity and ensuring they haven't been tampered with in transit.
After SPF and DKIM, the next critical step is implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance). BIMI strictly requires a DMARC policy set to either p=quarantine or p=reject on your organizational domain, with a pct (percentage) tag ideally set to 100%. This tells receiving mail servers how to handle emails that fail DMARC authentication. To set up DMARC for BIMI, you must ensure proper alignment of your SPF and DKIM records.
Key DMARC policy requirements for BIMI
Policy Enforcement: Your DMARC policy (p tag) must be set to quarantine or reject. A p=none policy is insufficient for BIMI, as it only monitors email traffic without taking action.
Percentage of Enforcement: While you can start with a lower pct value for testing, for full BIMI adoption, your DMARC policy should enforce 100% of your mail. This is indicated by pct=100.
Domain Scope: Your DMARC policy must be published on your core organizational domain. While subdomains can inherit this policy, BIMI requires the primary domain to have a strong DMARC stance.
I recommend starting with a p=none policy for a few weeks to monitor your email traffic and ensure all legitimate sending sources are properly authenticated. This period allows you to identify any gaps without impacting deliverability. After this observation period, you can safely transition to p=quarantine, then eventually to p=reject once you are confident in your DMARC compliance. Remember, BIMI works because it relies on the trust established by these authentication protocols.
Understanding shared IP addresses and reputation
One of the most common questions I hear is about the compatibility of BIMI with shared IP addresses. The good news is that BIMI is fundamentally a domain-based standard, not IP-based. This means that as long as your shared IP is properly included in your SPF record and your emails are passing DMARC alignment, BIMI can function correctly. The presence of your logo is tied to your domain's authentication status and reputation, not directly to the IP address used for sending.
However, it is important to understand that while BIMI itself is domain-based, your email deliverability (and thus the visibility of your BIMI logo) can still be influenced by the reputation of your shared IP. Mailbox providers, such as Gmail and Yahoo Mail, have their own proprietary algorithms, often referred to as secret sauce, for determining if a message lands in the inbox and whether the BIMI logo is displayed. If the shared IP's reputation leads to messages being filtered to spam, your logo might not appear, regardless of your perfect BIMI setup.
Shared IP Considerations for BIMI
Direct BIMI Impact: BIMI is a domain-level authentication standard. Your shared IP does not directly prevent your logo from showing if your SPF, DKIM, and DMARC are properly configured for your sending domain. The BIMI record is a DNS entry for your domain, not your IP.
Indirect Deliverability Impact: The reputation of your shared IP can influence your overall inbox placement. If the IP is frequently listed on email blacklists (or blocklists), your emails may be routed to spam, which can then prevent your BIMI logo from being displayed.
Preparing your BIMI record and logo
With your authentication protocols in place, the next step is to prepare your brand logo. BIMI requires your logo to be in SVG Tiny Portable/Secure (SVG Tiny PS) format and hosted on a public HTTPS server. This specific SVG format ensures security and prevents malicious code from being embedded within the logo. You may also consider obtaining a Verified Mark Certificate (VMC), though it is not always a strict requirement for all mailbox providers to display your logo, for example, some email providers support BIMI without a VMC.
Once your logo is ready, you'll need to publish a BIMI record in your domain's DNS. This is a TXT record that points to the location of your SVG logo file and, if applicable, your VMC. The BIMI record is typically published on your core domain, and like DMARC, it will be inherited by your mailing subdomains unless you set up separate records for them.
I often see questions about whether to place the BIMI record on the core domain or a mailing subdomain. For simplicity and broader coverage, I recommend placing it on your core domain. This approach ensures inheritance and reduces complexity. For detailed BIMI implementation requirements and steps, you can consult resources like the BIMI Group's implementation guide.
Monitoring and maintaining your BIMI implementation
After setting up your BIMI record, consistent monitoring is key. You should actively review your DMARC reports to ensure that your emails are consistently passing DMARC authentication. These reports provide invaluable insights into your email ecosystem, helping you identify and fix any issues that might prevent your BIMI logo from displaying.
Even with a shared IP, the principles of good sender reputation apply. Maintain a clean email list, avoid sending unsolicited emails, and monitor your email performance closely. While the shared IP itself doesn't directly block BIMI, poor deliverability caused by the IP's reputation (e.g., being on a blacklist or blocklist) can still hinder your logo's visibility. If your IP gets blocklisted, it can impact your ability to get to the inbox.
Remember, getting your BIMI logo to display, especially for providers like Gmail and Yahoo Mail, often involves more than just meeting the technical requirements. It is a combination of strong authentication, consistent sender reputation, and maintaining positive engagement with your recipients. The shared IP environment simply means you need to be extra diligent with your overall email practices.
Achieving brand recognition with BIMI on a shared IP
Setting up BIMI with a shared IP address is entirely feasible and can significantly boost your brand's visibility and trustworthiness in the inbox. The key takeaway is that BIMI relies on your domain's authentication, primarily DMARC, rather than your IP type.
By following the steps for robust SPF, DKIM, and DMARC implementation, preparing your logo correctly, and consistently monitoring your email performance, you can confidently deploy BIMI and see your brand logo displayed, enhancing recipient trust and engagement.
Views from the trenches
Best practices
Ensure SPF, DKIM, and DMARC are fully implemented and aligned before attempting BIMI.
Start DMARC with a p=none policy and gradually enforce to quarantine or reject.
Host your SVG logo on a publicly accessible HTTPS server.
Common pitfalls
Skipping the DMARC ramp-up period, leading to deliverability issues.
Assuming a shared IP automatically disqualifies you from using BIMI.
Not maintaining a clean sending list, which can negatively impact IP reputation and logo display.
Expert tips
Consider a VMC for maximum logo display across all supporting mailbox providers, although it's not always mandatory.
Even with a shared IP, a strong sender reputation through consistent volume and low complaints is crucial for logo display.
Use DMARC reporting tools to analyze aggregated reports and forensic data.
Expert view
Expert from Email Geeks says DMARC must be configured on your core organizational domain for BIMI to work, as it is a fundamental requirement.
2023-05-04 - Email Geeks
Expert view
Expert from Email Geeks says DMARC policies set on the core domain will generally be inherited by subdomains, unless a specific DMARC policy is also set for the subdomain.
Gmail and 
Yahoo Mail, have their own proprietary algorithms, often referred to as secret sauce, for determining if a message lands in the inbox and whether the BIMI logo is displayed. If the shared IP's reputation leads to messages being filtered to spam, your logo might not appear, regardless of your perfect BIMI setup.
