What are the requirements to implement BIMI, and which providers support it?

Key findings

• Core authentication: BIMI relies heavily on a robust email authentication setup, specifically DMARC with an enforcement policy (p=quarantine or p=reject).
• Logo requirement: A trademarked logo is often required, particularly for obtaining a VMC.
• VMC for major providers: Displaying the logo in top-tier inboxes like Gmail typically necessitates a VMC.
• Specific SVG format: The logo image must be in a specific SVG Tiny 1.2 format for proper rendering.
• Provider variations: Support for BIMI, and the requirement for a VMC, differs across various mailbox providers.

Key considerations

• DMARC enforcement: Ensure your DMARC policy is at an enforcement level (p=quarantine or p=reject) before attempting BIMI.
• VMC acquisition: Understand the process and requirements for obtaining a Verified Mark Certificate, including trademark registration.
• SVG compliance: Pay close attention to the technical specifications for your SVG logo file to avoid display issues.
• Pilot programs: Be aware that some providers, like Google, initially rolled out BIMI through pilot programs which required direct invitation.
• Gradual adoption: Recognize that not all email clients or providers support BIMI, or they may have different levels of support.

Key opinions

• SVG format confusion: There's a common question about the precise SVG image format needed, specifically whether it should be SVG Tiny 1.2 or SVG P/S.
• Google pilot uncertainty: Many marketers are unsure if being part of Google's BIMI pilot program is a strict prerequisite for their logo to display in Gmail, even with a VMC.
• VMC requirement clarity: There's a need for clear information on whether a trademark certificate (VMC) is always required or if it depends on the email provider.
• Observed BIMI adoption: Marketers are actively tracking which major brands and companies have live BIMI icons in prominent email clients like Gmail.
• Sending volume queries: Some marketers inquire if there are minimum sending volume requirements to activate or display BIMI logos in email clients.

Key considerations

• Confirm SVG specifications: Always double-check the exact SVG format required by BIMI specifications to ensure proper logo rendering.
• Google's VMC policy: Understand that Google (and increasingly Apple) typically requires a VMC, which implies the logo must be trademarked, to display the BIMI logo.
• Pilot program status: For some providers like Google, participation in specific pilot programs might be necessary for early or full BIMI adoption.
• Monitor live examples: Observing current implementations by other companies can offer insights into which providers are actively supporting BIMI and under what conditions.
• Trademarking logo: If a VMC is desired for broader BIMI support, ensure your company's logo is officially trademarked.

Key opinions

• SVG requirements: Experts confirm that specific SVG file requirements exist for BIMI logos, recommending resources from the BIMI Group for creation and validation.
• Google pilot necessity: For Google to display a BIMI logo, an organization must be invited to and participate in Google's pilot program.
• VMC acquisition process: A valid VMC is required for Google's pilot, and these are issued by participating certificate authorities, not Google itself.
• Trademark prerequisite for VMC: Obtaining a VMC currently requires a registered logo mark, which, at the time of discussion, was primarily available to US-based organizations.
• Yahoo's VMC stance: Yahoo officially supports BIMI without requiring a VMC, unlike Google.
• Observed active icons: Experts confirm seeing BIMI icons active in Gmail for various large brands.

Key considerations

• BIMI Group resources: Utilize official BIMI Group resources for detailed guidance on SVG creation and BIMI record validation.
• Google's specific entry criteria: Understand that Google's BIMI display depends on their pilot invitation and not just general VMC acquisition.
• VMC issuing authorities: Seek VMCs from accredited Certification Authorities rather than expecting Google to issue them.
• Geographical limitations: Be aware of potential geographical limitations for trademark registration and VMC issuance.
• Provider-specific requirements: Always verify the unique requirements of each major mailbox provider regarding BIMI, as they vary (e.g., VMC vs. no VMC).
• Evolving landscape: Recognize that the landscape of BIMI support and requirements is evolving, and it is important to stay updated.

Key findings

• Full DMARC enforcement: BIMI requires DMARC to be fully implemented with an enforcement policy (p=quarantine or p=reject) and DMARC alignment.
• SVG Tiny 1.2 format: The logo file must be in SVG Tiny 1.2 format, adhering to specific styling and security requirements.
• VMC requirement: For some major Mailbox Providers, a Verified Mark Certificate (VMC) issued by a Certificate Authority is mandatory.
• Trademarked logo for VMC: Obtaining a VMC necessitates that the logo displayed is a registered trademark with an intellectual property office.
• BIMI DNS record: A specific BIMI DNS TXT record must be published, pointing to both the SVG logo and, if applicable, the VMC.
• Supported providers list: The BIMI Group maintains a list of email clients and Mailbox Providers that support BIMI and their specific requirements (e.g., VMC optional/mandatory).

Key considerations

• Strict authentication policies: Implement SPF, DKIM, and DMARC with strong policies and ensure alignment to meet BIMI's foundational requirements.
• SVG file compliance: Use only the specified SVG Tiny 1.2 profile and avoid unsupported SVG features to ensure correct rendering.
• Accredited CAs for VMC: Obtain VMCs only from Certification Authorities accredited by the BIMI Group.
• Trademark registration: Prioritize trademark registration for your logo if a VMC is part of your BIMI strategy.
• DNS record accuracy: Double-check your BIMI DNS record for correct syntax and URLs to the logo and VMC.
• Ongoing monitoring: Regularly verify your BIMI setup as provider requirements and standards may evolve.