What are the requirements and implementation steps for BIMI?

Key findings

• Authentication foundation: A robust email authentication setup is paramount, specifically with DMARC implemented at an enforcement policy (either p=quarantine or p=reject). This ensures your domain is protected against spoofing and phishing.
• Logo format: Your brand logo must be in a specific Scalable Vector Graphics (SVG) Tiny 1.2 format, hosted securely over HTTPS.
• Verified Mark Certificate (VMC): To verify ownership of the logo and enhance trust, a VMC issued by an accredited Certificate Authority (CA) is typically required. However, some mailbox providers may have alternative verification methods (as noted by some experts).
• DNS record publication: A specific BIMI DNS record (a TXT record) must be published in your DNS, pointing to the location of your SVG logo and, if applicable, your VMC.

Key considerations

• DMARC policy enforcement: Moving your DMARC policy to an enforcement mode can be challenging, requiring careful monitoring to avoid deliverability issues. This is a foundational step for BIMI.
• Logo specifications: The SVG Tiny 1.2 format has strict requirements, and incorrect formatting can prevent your logo from displaying. Ensure your logo is square and properly optimized.
• VMC acquisition: Obtaining a VMC can involve a vetting process and associated costs. Review the requirements from BIMI-accredited certificate authorities (CAs).
• Mailbox provider support: While major providers like Google and Yahoo Mail support BIMI, implementation details and requirements may vary slightly. Microsoft, for instance, uses a different Business Profiles program entirely (which is not BIMI based).

Key opinions

• Brand visibility: Marketers are keen on BIMI to boost their brand's presence directly in the inbox, believing it helps emails stand out and increases recognition.
• Trust and legitimacy: The visual logo associated with authenticated emails is seen as a powerful signal of trustworthiness, which could lead to improved engagement and reduced spam complaints.
• Seeking examples: Many are actively searching for lists of major brands (particularly in specific sectors like retail/home decor) that have already adopted BIMI to learn from their experiences and gauge adoption rates.
• Implementation complexity: There's a recognized need for simplified, 'dummies' guides to BIMI implementation, indicating that the technical requirements can be a barrier for some teams.

Key considerations

• Lack of comprehensive adopter lists: Finding a definitive, up-to-date list of brands that have implemented BIMI is challenging, making it harder for marketers to benchmark adoption trends or find inspirational examples.
• VMC awareness: Some marketers may overlook or misunderstand the requirement for a Verified Mark Certificate (VMC), which is a critical component for many mailbox providers (although not all).
• Client-specific display: Even with correct BIMI setup, the display of the logo can vary across email clients (e.g., Yahoo Mail, Gmail), sometimes requiring specific troubleshooting (like for Yahoo Mail) or being subject to internal policies of providers like Verizon Media, as discussed in this Mailgun article.

Key opinions

• No universal list of adopters: A comprehensive list of brands (or domains) that have adopted BIMI is not readily available, making it difficult to track widespread adoption.
• VMC flexibility: While a Verified Mark Certificate is often required, some providers (like Verizon Media) may use their own internal brand-to-logo matching tables, sometimes negating the strict VMC requirement for displaying a logo.
• Varied provider approaches: Google has its own requirements which are still developing, and Microsoft operates an entirely different 'Business Profiles' program, which is not directly part of the BIMI initiative and has long approval waiting times.
• DMARC enforcement is key: Regardless of other factors, a DMARC policy at an enforcement level (quarantine or reject) is a non-negotiable prerequisite for participating in BIMI with most supporting mailbox providers.

Key considerations

• DMARC policy rollout: Ensuring DMARC is at enforcement (p=quarantine or p=reject) across all legitimate sending domains is a significant undertaking that must be completed before BIMI.
• SVG logo and DNS: The SVG logo needs to be correctly formatted (SVG Tiny 1.2) and hosted via HTTPS, and the BIMI DNS TXT record needs to be accurately published to point to the logo and VMC, if applicable. Incorrect configuration here is a common failure point for BIMI DNS records.
• Commercial domain requirement: BIMI is primarily designed for commercial email domains, not personal ones, indicating its focus on brand identity for businesses.
• Staying informed: Given the evolving nature of email standards and mailbox provider policies (like Google's pending requirements), experts recommend staying updated with the latest from the BIMI Group and major email providers.

Key findings

• DMARC enforcement: The BIMI specification mandates that the sending domain must have a DMARC policy set to 'p=quarantine' or 'p=reject' to ensure strong authentication.
• SVG Tiny 1.2: The brand logo must be in Scalable Vector Graphics (SVG) format, specifically conforming to the SVG Tiny 1.2 profile, and accessible via HTTPS.
• Verified Mark Certificate (VMC): For authenticated logos, a VMC issued by a BIMI-accredited Certificate Authority (CA) is required. This certificate links the logo to the authenticated brand.
• BIMI DNS TXT record: A DNS TXT record must be published at a specific subdomain, containing the location of the SVG logo file and the VMC (if used).

Key considerations

• Strict adherence to standards: Any deviation from the specified SVG format or DNS record structure can prevent the logo from displaying. Use a BIMI validator to check correctness.
• CA requirements: Organizations must verify their identity with a recognized Certificate Authority (CA) that supports BIMI, following their specific application and vetting processes to obtain a VMC. A list of accredited CAs is available from the BIMI Group.
• DNS propagation: After publishing the BIMI DNS record, it may take some time for DNS changes to propagate globally before the logo appears.
• Ongoing compliance: Maintaining a compliant DMARC policy and ensuring the accessibility of the SVG logo and VMC are ongoing responsibilities to ensure continued BIMI display.