What are BIMI best practices for domain setup and VMC implementation?

Key findings

• DMARC requirement: BIMI mandates that your domain has a DMARC policy set to enforcement (p=quarantine or p=reject) to ensure strong email authentication. A policy of p=none will not suffice for BIMI adoption.
• VMC inheritance: A Verified Mark Certificate (VMC) established at the root domain will typically extend its benefits, including logo display, to all compliant subdomains.
• Logo specifications: Your brand logo must be a registered trademark and formatted as an SVG file, hosted on a public web server accessible via HTTPS. You can find detailed requirements on the BIMI Group website.
• DNS record: A BIMI TXT record must be added to your domain's DNS, pointing to the location of your SVG logo file and, if applicable, your VMC.
• Provider support: While BIMI can be implemented without a VMC (self-asserted), major mailbox providers such as Google and Apple require a VMC for logo display. Yahoo Mail allows for testing with a self-asserted BIMI record under specific conditions. For more information on what is required to implement BIMI, see our guide on what is required to implement BIMI.

Key considerations

• Subdomain strategy: Evaluate whether your sending domain is a subdomain or a separate root domain, as this affects how BIMI and VMC apply. If it's a separate domain, a new BIMI setup is needed. Our guide on how to implement BIMI for multiple brands with subdomains can provide further clarification.
• DMARC enforcement: Ensure your DMARC policy is at p=quarantine or p=reject. This is a non-negotiable prerequisite for BIMI to function correctly.
• VMC provider choice: While VMCs from different providers (e.g., DigiCert, Entrust) are functionally equivalent to mailbox providers, consider their application, implementation, and support processes when making a choice. Our guide on BIMI accredited certificate providers may help.
• Cost-benefit analysis: Evaluate if the cost of a VMC is justified by the portion of your mailing list using supported mailbox providers (Google, Apple, Onet, Zone) that require it for logo display. Consider the enhanced brand visibility and trust as part of the return on investment.

Key opinions

• VMC necessity: Many marketers acknowledge that a VMC is a requirement for BIMI to function with major providers like Gmail, despite the associated costs.
• Brand visibility: Marketers believe that displaying a trademarked logo in the inbox via BIMI significantly enhances brand recognition and trustworthiness, potentially leading to better engagement.
• DMARC enforcement critical: It is consistently emphasized that a DMARC policy of quarantine or reject is fundamental before BIMI can be successfully implemented. Our guide on how to set up DMARC for BIMI offers more details.
• Subdomain applicability: The belief is common that a VMC applied to a root domain should naturally extend to its subdomains for BIMI display, simplifying setup for organizations with multiple sending domains.
• Quantifying ROI: Marketers are interested in concrete data to prove the return on investment of BIMI and VMC, such as improved open rates or click-through rates. See our guide on understanding the business value and ROI of implementing BIMI.

Key considerations

• Cost justification: The financial investment in VMCs, which can range from $1299 to $1499 annually, requires careful consideration and internal justification, especially if Google is a primary target. More information about the costs can be found in our guide on the costs and steps for implementing BIMI.
• Domain structure: If a new sending domain is a distinct root domain rather than a subdomain, a completely separate BIMI and VMC setup may be required, impacting effort and cost.
• Proof of value: Marketers need strategies to demonstrate the tangible benefits of BIMI to internal stakeholders, beyond just logo display, such as improved brand recall or trust metrics. A good starting point for understanding how BIMI impacts the recipient experience is the Mailmodo BIMI Guide.
• Technical coordination: Close collaboration with IT teams is essential for creating the correct SVG logo, hosting it securely, and publishing the necessary DNS TXT records for BIMI and DMARC.

Key opinions

• DMARC enforcement is paramount: Experts consistently reiterate that a DMARC policy of p=quarantine or p=reject is an absolute prerequisite for BIMI to function.
• VMC critical for major providers: While BIMI can exist without a VMC, experts confirm that Google, Apple, and other significant mailbox providers require a VMC for logo and verified icon display. Learn more about if a VMC is always required for BIMI.
• VMC functional equivalence: Functionally, VMCs from different accredited Certificate Authorities (CAs) are identical to mailbox providers, though their application and support processes may vary.
• Subdomain inheritance: A VMC configured at the root domain will correctly apply to compliant subdomains, streamlining BIMI deployment across an organization's email infrastructure.
• Limited case studies: There is a recognized scarcity of publicly available case studies definitively quantifying the ROI of BIMI, though some companies are starting to publish their findings.

Key considerations

• Pre-authentication: Ensure SPF, DKIM, and DMARC are fully implemented and configured correctly before attempting BIMI setup. BIMI builds upon these foundational email authentication protocols. For comprehensive setup guidelines, consider our article on SPF, DKIM, and DMARC best practices.
• Provider coverage assessment: Assess the proportion of your audience using mailbox providers that support BIMI with VMC (Google, Apple, Onet, Zone) to determine the value of the investment. A useful resource for checking supported mailbox providers is Kickbox's BIMI Mailbox Provider Support page.
• Testing without VMC: You can test BIMI at Yahoo at no cost with a self-asserted BIMI record, provided you comply with their specific requirements. This allows for initial validation before committing to a VMC.
• Long-term commitment: BIMI implementation is an ongoing commitment to email security and brand identity, requiring consistent monitoring of DMARC reports and ensuring the BIMI record and logo remain valid. Our common questions and answers about BIMI guide can help with common issues.

Key findings

• DMARC enforcement policy: The BIMI specification requires a DMARC policy of p=quarantine or p=reject for your domain, ensuring email authentication alignment.
• SVG logo file: Your brand logo must be in Scalable Vector Graphics (SVG) Tiny Portable/Secure (SVG-PS) format and hosted on a publicly accessible web server using HTTPS. Google provides specific guidelines for creating and uploading your brand logo file.
• Verified Mark Certificate (VMC): For prominent logo display in Gmail and Apple Mail, a VMC, issued by a certified Certificate Authority (CA) that verifies logo ownership and trademark status, is required. Refer to Google's documentation on getting your Verified Mark Certificate.
• BIMI TXT record: A DNS TXT record for BIMI must be added at your domain provider, containing the version tag, the URL to your SVG logo, and optionally, the URL to your VMC. Google provides instructions for adding your BIMI TXT record.

Key considerations

• Trademark registration: Your logo must be a registered trademark to qualify for a VMC, as this is a fundamental part of the verification process.
• DMARC alignment: Beyond simply having a DMARC record, ensuring that your email sending sources (SPF and DKIM) align with your DMARC policy is critical for BIMI to work effectively.
• VMC validity: VMCs have a limited validity period and require renewal. Consistent management ensures uninterrupted logo display.
• Subdomain handling: While VMCs at the organizational domain level can cover subdomains, specific DNS configurations may be required for each subdomain's BIMI record to properly reference the VMC.