Summary
An unexpected string returned by a BIMI DNS record typically indicates a misconfiguration or an issue with one of its many prerequisites. The most common reasons include incorrect formatting of the BIMI TXT record itself-such as missing or malformed tags (v=, l=, a=), typos, extra characters, or case sensitivity in tags. Problems also arise if the record is published at the wrong hostname or with an incorrect selector. Beyond the record's direct content, issues with the associated Verified Mark Certificate (VMC) or the accessibility and format of the logo file can prevent proper parsing. Furthermore, foundational elements like a strong DMARC policy (p=quarantine or p=reject) and correctly configured DNSSEC are prerequisites; their absence or misconfiguration can indirectly cause BIMI lookup failures. Other contributing factors include DNS propagation delays, caching, conflicting DNS records like wildcards or CNAMEs, and even hidden characters or encoding issues from copy-pasting the record value.
Key findings
- Malformed Record Syntax: The primary cause of an unexpected string is often an incorrectly formatted BIMI TXT record itself, including missing or malformed tags (v=, l=, a=), typos, extra characters, incorrect casing for tags (e.g., V= instead of v=), or publication at the wrong hostname or with an incorrect selector.
- Prerequisite Failures: BIMI has strict prerequisites; a valid DMARC policy set to p=quarantine or p=reject and a valid, accessible Verified Mark Certificate (VMC) are mandatory. The absence or misconfiguration of these can prevent BIMI from resolving correctly.
- URL and File Issues: Problems with the specified logo or VMC URLs, such as broken links, inaccessible files, or the logo not being in the required SVG-Tiny PS format, directly impact BIMI rendering and can cause validation failures.
- DNS Environment Factors: External factors within the DNS environment, including propagation delays, caching by resolvers, or interfering DNS records like wildcard TXT entries or CNAMEs, can lead to an unexpected or incorrect value being returned.
- Hidden Characters and Encoding: Copy-pasting record values can introduce invisible characters or encoding issues into the TXT record, corrupting it and leading to parsing errors by DNS resolvers and mail servers, resulting in an unexpected output.
Key considerations
- Verify Record Syntax and Location: Meticulously check the BIMI TXT record for exact adherence to specifications, including tags (v=BIMI1, l=, a=), required semicolons, and placement at default._bimi.yourdomain.com or [selector]._bimi.yourdomain.com. Pay close attention to typos, extra spaces, incorrect casing, and missing quotes around the value.
- Confirm DMARC and VMC Validity: Ensure your domain's DMARC policy is set to p=quarantine or p=reject, as this is a fundamental prerequisite for BIMI adoption. Additionally, confirm that your Verified Mark Certificate (VMC) is valid, current, and properly linked in the BIMI record.
- Inspect Logo and VMC URLs: Validate that the logo and VMC URLs specified in the BIMI record are correct, accessible (HTTPS), and that the logo file adheres to the required SVG-Tiny PS format. Broken or inaccessible URLs will prevent BIMI display.
- Utilize Verification Tools: Employ BIMI checkers and DNS lookup tools (such as those from MXToolbox, EasyDMARC, or Google Workspace) to diagnose issues, check global propagation, and identify specific error messages that can pinpoint the exact problem.
- Address DNS-Specific Issues: Be aware of potential DNS provider quirks or limitations, and investigate for conflicting DNS records like wildcard TXT records or CNAMEs that might interfere with BIMI resolution. Also, account for DNS propagation delays and caching, which can make changes take time to appear.
- Avoid Copy-Paste Errors: When entering the record value, type it manually or use a plain text editor to prevent hidden characters, encoding issues, or unintended formatting from corrupting the record, which can lead to parsing errors.
What email marketers say
11 marketer opinions
An unexpected string appearing for a BIMI DNS record consistently points to a deeper configuration issue, often stemming from even minor inaccuracies within the TXT record itself. This could involve incorrect syntax, such as malformed or missing tags, subtle typos like extra spaces, or using incorrect casing (e.g., V= instead of v=). The problem might also arise from incorrect selector usage or improper placement of the record within the domain's _bimi subdomain. Beyond the record's direct content, crucial prerequisites like a strong DMARC policy-specifically p=quarantine or p=reject-and a valid Verified Mark Certificate (VMC) are essential, and their absence or misconfiguration can prevent proper BIMI resolution. Similarly, the logo file must be correctly formatted, typically as SVG-Tiny PS, and remain publicly accessible. Furthermore, external factors within the DNS environment, including conflicting wildcard TXT records or CNAMEs, the introduction of invisible characters during copy-pasting, or even propagation delays, can contribute to the garbled output, leading verification tools to report an unexpected value.
Key opinions
- Record Syntax Errors: A primary cause is incorrect BIMI TXT record syntax, including subtle typos, extra spaces, missing semicolons, incorrect casing for tags (e.g., V= instead of v=), malformed tag values (e.g., v=BIMI1.0 instead of v=BIMI1), or missing quotes around the value.
- Incorrect Placement or Selector: The BIMI TXT record might be published to the wrong hostname, use an incorrect selector, or not be placed under the proper _bimi subdomain (e.g., default._bimi.yourdomain.com). A selector mismatch during lookup will prevent resolution.
- Prerequisite Failures: BIMI requires a DMARC policy set to p=quarantine or p=reject, a valid and accessible Verified Mark Certificate (VMC), and an accessible logo file in the correct SVG-Tiny PS format. Failure in any of these prerequisites can lead to an unexpected string.
- DNS Environment Interference: Conflicting DNS records, such as wildcard TXT entries or CNAMEs, can interfere with BIMI resolution. DNS provider-specific quirks, limitations on TXT record length, or issues with DNSSEC implementation can also cause unexpected strings.
- Hidden Characters and Propagation: Copy-pasting the record value can introduce hidden characters or encoding issues, corrupting the TXT record. Additionally, DNS propagation delays or the DNS server not fully committing the change can result in truncated or outdated values being returned by checkers.
Key considerations
- Scrutinize TXT Record Syntax: Thoroughly review the BIMI TXT record for exact syntax, correct tag casing (e.g., v=BIMI1), proper spacing, quotes around the value, and the correct selector and _bimi subdomain placement. Pay close attention to subtle typos, missing semicolons, and the exact match of selectors.
- Validate DMARC, VMC, and Logo: Confirm your DMARC policy is set to p=quarantine or p=reject, as this is a fundamental prerequisite. Verify the VMC's validity and ensure the logo is accessible via HTTPS, in the correct SVG-Tiny PS format, and linked correctly in the 'l=' tag.
- Check for DNS Conflicts and Quirks: Investigate your DNS zone for any wildcard TXT records or CNAMEs that might be overriding or interfering with the BIMI record. Be mindful of specific limitations or behaviors of your DNS provider, as some may handle TXT records differently or have length limitations.
- Utilize Diagnostic Tools: Leverage BIMI record generators, checkers, and DNS lookup tools from reputable providers like MXToolbox or EasyDMARC to validate the record, identify specific error messages, and check for global propagation, which can pinpoint the exact issue.
- Be Mindful of Copy-Paste and Propagation: Avoid copy-pasting record values directly from text editors or websites that might introduce hidden characters or encoding issues. Allow sufficient time for DNS changes to propagate globally, as delays can cause verification tools to display outdated or corrupted values.
Marketer view
Marketer from Email Geeks responds that an unexpected string returned for a BIMI record is not random and suggests looking for a wildcard TXT record, such as `* TXT "73Gcymai"` in the zone, or a CNAME record that might be interfering. They also mention that AWS DNS configurations could be a factor.
11 Nov 2023 - Email Geeks
Marketer view
Email marketer from Valimail explains that an unexpected string can appear if the associated Verified Mark Certificate (VMC) is not valid, the logo file is inaccessible or incorrectly formatted (e.g., SVG-Tiny PS version), or the BIMI TXT record itself contains errors preventing it from being properly parsed by receiving mail servers.
20 Feb 2025 - Valimail
What the experts say
3 expert opinions
When a BIMI DNS record returns an unexpected string, it consistently points to a precise setup or content error. The most frequent culprits include publishing the record with an incorrect name, such as missing 'default.' or '_bimi', or failing to set it as a TXT record. Furthermore, the content itself is highly sensitive to accuracy, meaning any typos, extra characters, or deviations from the exact format like 'v=BIMI1;l=yourlogo.svg;a=yourbrandcertificate.pem;' can lead to misinterpretation. Issues with the specified image URL, such as it being broken or pointing to an incorrect location, also commonly cause these validation failures. Therefore, meticulous attention to every detail of the record's name, type, and content, as well as the accessibility of its linked assets, is paramount.
Key opinions
- Common Setup Errors: An unexpected string in a BIMI DNS record often stems from basic setup errors, such as using an incorrect record name, failing to publish it as a TXT record type, or having subtle typos and extra characters within the record's content.
- Strict Format Requirements: The BIMI record demands precise formatting. Any deviation from the 'v=BIMI1;l=URL;a=URL;' structure, including incorrect URLs, extra spaces, or malformed segments, will prevent correct interpretation and result in unexpected values.
- Image URL Validation: Issues with the logo image URL specified in the BIMI record, such as the URL being broken, pointing to an incorrect location, or the image itself not being accessible, are direct causes for validation failures and unexpected record returns.
- Precision in Content: The exactness of the record's content, including proper tag names (e.g., 'v=BIMI1'), correct URLs, and the necessary semicolons, is crucial. A lack of precision can lead to the record being misinterpreted by validators.
Key considerations
- Verify Record Name and Type: Always confirm the BIMI DNS record is published as a TXT type and uses the precise name, typically 'default._bimi.yourdomain.com' or 'selector._bimi.yourdomain.com' if a selector is used. Errors in the record name, like missing 'default.' or '_bimi', are common causes of unexpected outputs.
- Ensure Exact Content Format: The content of the BIMI TXT record must strictly adhere to the required format, 'v=BIMI1;l=https://example.com/logo.svg;a=https://example.com/brand-certificate.pem;'. Any deviations, such as missing semicolons, incorrect tag casing, extra spaces, or malformed segments, can lead to the record being misinterpreted.
- Validate Logo and Certificate URLs: Confirm that the URLs provided for your logo (l=) and optional Verified Mark Certificate (a=) are correct, fully accessible via HTTPS, and point to valid, unbroken resources. A non-existent or inaccessible image file or certificate will prevent proper BIMI display and can result in parsing errors.
- Check for Typos and Extra Characters: Meticulously inspect the entire record value for any typos, hidden characters, or unintended extra characters, which are frequent sources of validation failures. Even a single misplaced character can cause the record to return an unexpected string.
Expert view
Expert from Email Geeks explains that when troubleshooting a BIMI record, the URL for the image should be checked to ensure it is not broken and is pointing to the correct location.
6 Jan 2022 - Email Geeks
Expert view
Expert from Spam Resource explains that an unexpected string for a BIMI DNS record could be due to common setup errors. These include using the wrong record name (e.g., missing 'default.' or '_bimi'), publishing it as a record type other than TXT, or having typos or extra characters in the record's content. Ensuring the record is precisely 'v=BIMI1;l=yourlogo.svg;a=yourbrandcertificate.pem;' at 'default._bimi.yourdomain.com' is crucial for correct interpretation and to avoid unexpected strings.
15 Oct 2024 - Spam Resource
What the documentation says
4 technical articles
An unexpected string appearing for a BIMI DNS record often signals fundamental misconfigurations or data integrity issues during lookup. This typically stems from the record not adhering to specified syntax-such as missing required tags like v=, l=, and a=, or subtle typos and malformations within the record's content. Other primary causes include the record being published at an incorrect hostname (e.g., missing 'default.' or the correct selector) or not being designated as the proper TXT record type. Furthermore, external DNS factors like propagation delays and caching can lead to outdated or incorrect values being returned. Even seemingly minor issues, such as non-standard ASCII characters or incorrect quoting, can cause parsing difficulties within various email environments, contributing to the unexpected string output.
Key findings
- Syntax and Tag Errors: A common cause of an unexpected string is incorrect BIMI TXT record syntax, particularly missing or malformed required tags (v=, l=, a=), or misconfigured optional tags like s= (selector).
- Incorrect Record Location or Type: The BIMI record might be published to the wrong hostname (e.g., _bimi instead of default._bimi or selector._bimi) or not correctly set as a TXT record type, which are fundamental requirements for BIMI validation.
- DNS Propagation and Caching Issues: Unexpected strings can occur due to DNS propagation delays or caching by resolvers, causing them to return an older, incorrect, or incomplete version of the BIMI record.
- Character Encoding and Parsing Difficulties: While less frequent, issues can arise if the BIMI record contains non-standard ASCII characters or faces parsing difficulties within specific email environments, indicating a need for precise character encoding and correct quoting.
Key considerations
- Verify DNS Record Specifics: Confirm the BIMI record is a TXT record type and published at the correct hostname, such as default._bimi.yourdomain.com or selector._bimi.yourdomain.com. Any deviation in the hostname, including missing 'default.' or '_bimi', will prevent proper resolution.
- Adhere to Exact BIMI Syntax: Meticulously check the BIMI TXT record's content for strict adherence to syntax, ensuring all required tags like v= (version), l= (logo URL), and a= (asserted VMC URL) are present and correctly formatted. Pay close attention to typos, extra spaces, and proper tag casing (e.g., v=BIMI1).
- Account for DNS Propagation: Understand that DNS changes, including new BIMI records, can take time to propagate globally due to caching. Use online DNS verification tools to check for global propagation and ensure the most recent record version is being served.
- Ensure Standard Character Encoding: Confirm the TXT record uses standard ASCII characters and correct quoting. Hidden characters or non-standard encoding, often introduced during copy-pasting, can cause parsing difficulties in various email environments.
- Consult Providers for Value: Always verify the exact TXT record value with your Verified Mark Certificate (VMC) provider or BIMI generator, as they provide the precise string required for your specific setup.
Technical article
Documentation from AuthIndicators Working Group explains that a BIMI DNS record returns an unexpected string if it does not adhere to the specified syntax, particularly missing required tags like v= (version), l= (logo URL), and a= (asserted indicating VMC URL), or if the s= (selector) tag is misconfigured. The record must be a TXT record for default._bimi.yourdomain.com or [selector]._bimi.yourdomain.com.
7 Nov 2021 - AuthIndicators Working Group
Technical article
Documentation from Google Workspace Admin Help explains that an unexpected string might appear if the BIMI TXT record is incorrectly formatted, published at the wrong hostname (e.g., _bimi instead of default._bimi or selector._bimi), or contains typos. It emphasizes verifying the exact TXT record value provided by your VMC provider or BIMI generator.
19 Apr 2025 - Google Workspace Admin Help
Why is BIMI not showing on marketing subdomain?
Why is my BIMI logo broken in Gmail and how can I fix it?
Why is my BIMI logo not showing in Gmail?
Why is my BIMI logo not showing in Gmail and other email clients?
Why is the wrong BIMI logo appearing in emails and how to fix it?
Why isn't my BIMI logo showing in Gmail, despite correct implementation and a VMC?
