BIMI stands for Brand Indicators for Message Identification. It's an email standard that allows organizations to display their brand logo next to their authenticated emails in supported inboxes, enhancing brand visibility and trust.

What are the most common BIMI errors?

The most common errors include an incorrect BIMI DNS TXT record, an SVG logo that doesn't meet the SVG Tiny Portable/Secure specification, an invalid or mismatched Verified Mark Certificate (VMC), or a DMARC policy not set to enforcement (p=quarantine or p=reject).

How can I validate my BIMI record?

You can validate your BIMI record by using online BIMI checker tools, reviewing your DNS TXT record for correct syntax and placement, ensuring your SVG logo adheres to the strict BIMI SVG specification, and verifying your VMC with a certificate validator. Sending test emails to supported email clients (like Gmail and Yahoo Mail) is also crucial.

Is DMARC enforcement required for BIMI to work?

Yes, a DMARC policy set to enforcement (p=quarantine or p=reject) is a prerequisite for BIMI. Your emails must also pass DMARC alignment. If your DMARC policy is set to p=none, your BIMI logo will not be displayed.

My BIMI logo is not displaying, what should I do?

If your logo isn't appearing, first re-check your BIMI DNS TXT record, ensuring URLs are correct and accessible via HTTPS. Next, validate your SVG logo with a BIMI SVG checker to confirm it meets the Tiny PS profile. Verify your VMC (if used) is valid and matches the SVG. Finally, ensure your DMARC policy is at enforcement and emails are passing authentication.

How do I validate BIMI records and fix common errors? - Troubleshooting - Email deliverability - Knowledge base

Getting your brand logo to appear next to your emails in a recipient's inbox can significantly boost trust and recognition. This is where Brand Indicators for Message Identification (BIMI) comes into play. It's an email standard that allows organizations to display their authenticated brand logo next to their emails in supported inboxes, like those from Gmail and Yahoo. However, implementing BIMI isn't always straightforward. A common challenge I've encountered is validating BIMI records and fixing the various errors that can prevent your logo from showing up.

When your BIMI record isn't configured correctly, your logo simply won't appear, or worse, it might be displayed incorrectly. This article will walk you through the essential steps to validate your BIMI records and tackle the most common issues, ensuring your brand is consistently represented in the inbox. It’s crucial to verify your setup to maximize the benefits of BIMI.

Checking your DNS TXT record

The first step in validating your BIMI setup is to ensure that your DNS TXT record is correctly published and accessible. This record is where email providers look for your BIMI information. Incorrectly formatted records or placement can lead to your logo not displaying.

You'll need to check the exact domain where the BIMI record is published. For a subdomain, the record typically looks like default._bimi.sub.yourdomain.com, while for a root domain, it's default._bimi.yourdomain.com. One common mistake is publishing the record at the wrong level of the domain.

A standard BIMI TXT record includes the BIMI version and links to your SVG logo and Verified Mark Certificate (VMC), if applicable. The most common version is BIMI1. Ensure the syntax is correct, especially the l= tag for your logo URL and the optional a= tag for your VMC URL. For detailed implementation steps, refer to our guide on the requirements and steps for BIMI.

Example BIMI TXT RecordTXT

v=BIMI1;l=https://yourdomain.com/bimi/logo.svg;a=https://yourdomain.com/bimi/certificate.pem;

Another crucial aspect of BIMI validation is ensuring your domain has a DMARC policy set to p=quarantine or p=reject. BIMI relies on DMARC enforcement to verify the authenticity of your emails. Without this, your BIMI record will not be honored by mail clients.

Validating your SVG logo

The SVG (Scalable Vector Graphics) logo is perhaps the most frequent source of BIMI validation failures. It's not enough to simply save any SVG file. BIMI requires a specific profile of SVG, known as SVG Tiny Portable/Secure (SVG Tiny PS), which has strict limitations to prevent malicious code.

Common errors include SVG files that are not truly vector images (e.g., a PNG image simply wrapped in an SVG container), incorrect dimensions, or disallowed elements. Your logo must be square and adhere to the SVG P/S profile specification. Issues like missing baseProfile attributes or disallowed references are typical. I've seen many cases where seemingly valid SVGs fail due to a single misplaced tag or attribute. For a comprehensive list of requirements, see our guide on BIMI SVG file requirements.

To fix these, you might need to use an SVG editor to simplify your logo or ensure it meets the strict SVG Tiny PS format. Some tools can help validate the SVG syntax against the BIMI specification. If your logo isn't displaying, it's highly likely your SVG file is the culprit.

Common SVG errors

Incorrect format: Using a PNG or JPG simply embedded in an SVG file, rather than a true vector graphic.
Disallowed elements: Including JavaScript, external references, or animations that are not permitted in SVG Tiny PS.
Missing attributes: Failing to include required attributes like baseProfile="tiny-ps" or version="1.2".

Certificate (VMC/CMC) validation

For some email clients, particularly

Gmail, a Verified Mark Certificate (VMC) is necessary to display your logo and the associated blue checkmark. A VMC proves that your organization has the legitimate right to use the logo displayed. Obtaining one involves a rigorous verification process through an accredited Certificate Authority (CA).

Common issues with VMCs include an invalid certificate, a mismatch between the logo stored in the certificate and your published SVG logo, or an expired certificate. The VMC URL in your BIMI record must point directly to the certificate file, usually a .pem file. You can find more details in our guide on how to implement a blue checkmark.

Some email clients might also support a Common Mark Certificate (CMC), which is a less stringent option than a VMC, but still provides some level of verification. Always check the specific requirements of the mail client you're targeting. To ensure your certificate is valid, verify it with a reputable certificate checker.

Verified mark certificate (VMC)

Purpose: Provides cryptographic proof of logo ownership.
Requirement: Often required by major mailbox providers, like Yahoo and Gmail, for logo display.
Acquisition: Obtained from a BIMI-accredited Certificate Authority after a rigorous vetting process.
Format: The certificate must be in PEM format, containing the VMC and all necessary intermediate certificates.

Common mark certificate (CMC)

Purpose: Allows organizations to use a logo they possess but may not have legal trademark rights for (yet).
Requirement: Less widely supported than VMC, but can be a stepping stone. It does not provide the blue checkmark.
Acquisition: Also issued by a BIMI-accredited CA, but with less strict validation.
Format: Similar to VMC, often in PEM format, linked via the a= tag in the BIMI record.

Ensuring DMARC enforcement

For BIMI to work, your email sending domain must be properly authenticated with SPF, DKIM, and, most importantly, DMARC. BIMI specifically requires your DMARC policy to be at enforcement (p=quarantine or p=reject) and that messages pass DMARC alignment.

If your DMARC policy is set to p=none, even a perfectly configured BIMI record won't display your logo. This is a foundational requirement, as BIMI leverages the trust established by DMARC. I always recommend moving your DMARC policy to enforcement progressively to avoid deliverability issues. We have a simple guide to DMARC, SPF, and DKIM if you need to refresh your understanding.

You can use a DMARC record checker to verify your current policy. If it's not at enforcement, that's your first step before troubleshooting any BIMI logo display problems. Many BIMI logo display issues stem from underlying DMARC authentication failures. Understanding BIMI logo troubleshooting can often lead back to DMARC.

Testing and troubleshooting with email clients

After checking the DNS record, SVG, and certificate, the final step is to test your BIMI implementation with various email clients. Send test emails to major providers like

Outlook, Gmail, and Yahoo Mail to confirm your logo appears correctly. Note that not all email clients support BIMI, and even among those that do, support might vary.

If your logo isn't displaying in a particular client, it might be due to a specific client's caching, regional differences, or ongoing testing of BIMI support. For instance, Yahoo Mail may have specific display quirks. Be patient, as DNS propagation can take time, and some clients might have delays in updating BIMI information.

If you're still facing issues, review the full BIMI specification (draft-brand-indicators-for-message-identification) for any subtle requirements you might have missed. Sometimes, it's a small detail, like the SVG file being hosted on an HTTPS server with a valid SSL certificate, that can cause the entire setup to fail.

Views from the trenches

Best practices

Always host your BIMI SVG logo and VMC on an HTTPS-enabled server with a valid SSL certificate.

Start with DMARC enforcement (p=quarantine or p=reject) before deploying BIMI for optimal results.

Use an official BIMI validator tool to check your record, SVG, and certificate regularly.

Common pitfalls

Forgetting to update the BIMI record or SVG/VMC links when changes occur (e.g., logo updates).

Having a DMARC policy of p=none, which prevents BIMI from displaying your logo.

Using an SVG file that doesn't conform to the strict SVG Tiny PS specification.

Expert tips

Consider engaging a DMARC professional for complex deployments or persistent issues.

Verify your VMC chain of trust with a reputable certificate checker.

Monitor DMARC reports to identify authentication failures that might impact BIMI.

Expert view

Expert from Email Geeks says the Mailkit BIMI inspector is a very effective tool for validating BIMI records.

2020-08-04 - Email Geeks

Expert view

Expert from Email Geeks says BIMI records should be placed at the root domain, even for subdomains, in the format of `default._bimi.yourdomain.com`.

2020-08-04 - Email Geeks

Final thoughts on BIMI validation

Validating and troubleshooting BIMI records requires careful attention to detail across several technical components: your DNS TXT record, the SVG logo file, your Verified Mark Certificate, and your DMARC policy. Each piece must be correctly configured for your brand logo to consistently appear in recipient inboxes. By systematically checking each of these elements, you can diagnose and resolve most common BIMI errors, ensuring your brand's visual identity is correctly displayed.

Remember that BIMI is constantly evolving, and keeping up with the latest specifications from the BIMI Group is key to maintaining a successful implementation. A well-configured BIMI record is a powerful tool for brand recognition and trust in email marketing.