Summary
To troubleshoot BIMI display issues on subdomains when the root domain DMARC policy is set to p=none, the crucial step is to establish an explicit and enforced DMARC policy for the specific sending subdomain. BIMI fundamentally requires a DMARC policy of p=quarantine or p=reject on the domain that sends the email, meaning a p=none policy, even at the root, will prevent BIMI from rendering on subdomains unless those subdomains have their own enforced DMARC records. Verifying the correct setup of DMARC and BIMI DNS entries for the subdomain is essential for successful logo display across major email providers.
Key findings
- BIMI DMARC Requirement: BIMI fundamentally requires the sending domain to have an enforced DMARC policy of p=quarantine or p=reject to display the logo. A p=none policy, even at the root domain level, prevents BIMI from rendering on subdomains unless specifically overridden.
- Subdomain Inheritance: If the root domain's DMARC policy is p=none, subdomains will not automatically inherit an enforced policy. For BIMI to appear on a subdomain, that specific subdomain must have its own, explicitly enforced DMARC record.
- Receiver Enforcement Differences: While some email receivers like Yahoo may occasionally display BIMI with less stringent DMARC policies on subdomains, major providers such as Gmail and Apple strictly adhere to the requirement for an enforced DMARC policy (p=quarantine or p=reject) on the organizational domain or the sending subdomain.
- Missing Subdomain Records: Often, the issue stems from a lack of a specific DMARC record for the subdomain, or an unenforced policy on that subdomain, rather than an issue with the BIMI record itself, assuming the root DMARC is p=none.
Key considerations
- Subdomain DMARC Enforcement: The primary troubleshooting step is to publish a specific DMARC record for the sending subdomain with an explicitly enforced policy, either p=quarantine or p=reject. This overrides the root domain's p=none policy for that subdomain.
- DNS Record Verification: Thoroughly verify that both the DMARC record for the subdomain and the BIMI DNS record are correctly configured and have propagated. Ensure the BIMI record identifies the specific subdomain and points to a valid Verified Mark Certificate (VMC) and SVG logo file.
- Diagnostic Tools: Utilize online diagnostic tools, such as aboutmy.email, to help analyze the technical details of your DMARC and BIMI DNS records and identify potential misconfigurations.
- Anticipated Policy Changes: Be aware that while current requirements are strict, there is discussion and anticipation of future changes that may offer more flexibility regarding DMARC enforcement for BIMI display, potentially in Q4.
What email marketers say
12 marketer opinions
When BIMI logos fail to appear on subdomains, particularly when the root domain's DMARC policy is set to 'none', the core solution involves creating a specific, enforced DMARC policy for that individual subdomain. BIMI fundamentally demands an active DMARC policy, either p=quarantine or p=reject, on the exact domain sending the email. This means that even if the root domain has a p=none policy, subdomains require their own explicitly enforced DMARC records to overcome this, as major email providers like Gmail and Apple are stringent about this requirement. Therefore, troubleshooting focuses on ensuring the correct DMARC and BIMI DNS entries are properly configured and propagated for the specific subdomain in question, potentially with the aid of diagnostic tools.
Key opinions
- Enforced DMARC is Foundational: BIMI's fundamental requirement for display is an enforced DMARC policy, specifically p=quarantine or p=reject, on the actual domain or subdomain sending the email. A root domain DMARC policy of p=none will prevent BIMI display on subdomains unless those subdomains have their own explicit enforcement.
- Subdomain Policy Necessity: If the root domain's DMARC policy is p=none, subdomains do not automatically inherit an enforced policy. To enable BIMI on a subdomain, it is imperative to establish a dedicated, enforced DMARC record for that specific subdomain (e.g., '_dmarc.yoursubdomain.yourdomain.com').
- Varying Receiver Strictness: While some email providers, such as Yahoo, might occasionally display a BIMI logo with less stringent DMARC configurations on subdomains, leading providers like Gmail and Apple strictly mandate an enforced DMARC policy (p=quarantine or p=reject) at the sending domain or subdomain level for BIMI to appear.
- Common Missing Element: A frequent cause of BIMI not displaying on subdomains when the root is p=none is the absence of an explicit, enforced DMARC record for the subdomain itself, rather than an issue with the BIMI record alone.
Key considerations
- Subdomain DMARC Configuration: The most critical step is to publish a distinct DMARC record for the specific subdomain being used, setting its policy explicitly to p=quarantine or p=reject. This overrides any relaxed policy inherited from the root domain.
- Comprehensive DNS Checks: Verify that all necessary DNS records-the DMARC record for the subdomain, the BIMI record (TXT entry), and the pointers to your Verified Mark Certificate (VMC) and SVG logo file-are correctly configured for the specific subdomain and have fully propagated.
- Leverage Diagnostic Utilities: Tools like aboutmy.email are invaluable for diagnosing technical details related to your domain's DMARC and BIMI setup, helping to pinpoint any misconfigurations that prevent BIMI display.
- Awareness of Policy Evolution: While strict DMARC enforcement is currently required, especially by major mailbox providers, stay informed about potential future adjustments to BIMI policy requirements that might offer increased flexibility in the coming quarters.
Marketer view
Marketer from Email Geeks explains that while a DMARC reject policy is BIMI compliant, the root domain's DMARC policy must be at enforcement (reject or quarantine) for BIMI to display, even when attempting to apply BIMI only at the subdomain level.
4 Feb 2024 - Email Geeks
Marketer view
Marketer from Email Geeks confirms a DMARC reject policy is acceptable for BIMI, but identifies the user's root domain as having a p=none DMARC policy, which prevents BIMI display. He suggests using aboutmy.email to diagnose technical details.
25 Dec 2023 - Email Geeks
What the experts say
2 expert opinions
For troubleshooting BIMI logo issues on subdomains when the root domain's DMARC policy is not enforced, the primary solution involves establishing an explicit, enforced DMARC policy for the specific subdomain in question. BIMI inherently requires the domain sending the email, whether it's a root domain or a subdomain, to have a DMARC policy set to p=quarantine or p=reject. A p=none policy at the root level will not enable BIMI on subdomains; instead, each subdomain needs its own DMARC record with an enforced policy to allow the logo to appear. Verifying both the DMARC and BIMI DNS records for the specific subdomain is essential for successful logo display.
Key opinions
- Enforced DMARC Essential: BIMI's visibility is contingent on the sending domain, including subdomains, having an enforced DMARC policy, specifically p=quarantine or p=reject.
- Subdomain Policy Override: If the root domain's DMARC policy is p=none, subdomains must independently establish their own enforced DMARC policies to enable BIMI display, as they will not inherit enforcement.
- BIMI DNS Record Accuracy: A correctly configured BIMI DNS record for the specific subdomain is equally vital, ensuring it accurately points to the Verified Mark Certificate and SVG logo file.
- No Inheritance of Weak Policy: Subdomains do not benefit from a p=none root DMARC policy for BIMI purposes, necessitating a direct, enforced DMARC record for the subdomain itself.
Key considerations
- Establish Subdomain DMARC: Implement a distinct DMARC record for the specific subdomain, explicitly setting its policy to p=quarantine or p=reject. This is the foundational step to override any non-enforced root policy.
- Verify BIMI DNS Records: Double-check that the BIMI DNS TXT record for the subdomain is precisely configured, linking to the correct VMC and SVG logo URL.
- Thorough DNS Validation: Conduct comprehensive checks of all DNS records pertaining to the subdomain, including SPF, DKIM, and DMARC, to confirm proper setup and propagation, as these underpin BIMI functionality.
- Ensure Proper Alignment: Confirm that email headers sent from the subdomain achieve DMARC alignment, which is a prerequisite for the applied DMARC policy and subsequent BIMI display.
Expert view
Expert from Email Geeks suggests that a missing or incorrect BIMI DNS record could be preventing the logo from displaying.
18 Aug 2024 - Email Geeks
Expert view
Expert from Word to the Wise explains that for BIMI to display on a subdomain, the subdomain itself must have an enforced DMARC policy set to either p=quarantine or p=reject. If the root domain's DMARC policy is p=none, the subdomain will not inherit an enforced policy, preventing BIMI display. The troubleshooting involves ensuring the specific subdomain sending the email has its own DMARC record with an enforced policy, overriding any unenforced root domain policy.
30 Sep 2022 - Word to the Wise
What the documentation says
5 technical articles
Addressing BIMI display challenges on subdomains, particularly when the parent domain's DMARC policy is set to 'none', necessitates applying a robust DMARC policy directly to the sending subdomain. BIMI fundamentally relies on an enforced DMARC policy of either p=quarantine or p=reject on the precise domain or subdomain sending the email. A p=none policy at the root level is insufficient for BIMI on subdomains, requiring each subdomain to have its own explicitly enforced DMARC record. Therefore, successful troubleshooting hinges on ensuring accurate DMARC and BIMI DNS record configurations and proper propagation for the specific subdomain involved.
Key findings
- DMARC Enforcement Mandate: BIMI display fundamentally requires an enforced DMARC policy (p=quarantine or p=reject) on the domain actively sending emails, which includes subdomains.
- Subdomain Autonomy for BIMI: A root domain's p=none DMARC policy provides no enforcement for its subdomains; for BIMI to display, the specific sending subdomain must explicitly publish its own DMARC record with an enforced policy.
- Futility Without Enforcement: Efforts to troubleshoot BIMI display on a subdomain when its DMARC policy, or its inherited policy, is p=none will be ineffective until an enforced DMARC policy is in place.
- Direct Subdomain Policy: If emails are sent from a subdomain with the intent to display BIMI, and the organizational domain has a p=none policy, a dedicated DMARC record for that subdomain with an enforced policy is a core prerequisite.
Key considerations
- Enforce Subdomain DMARC: The primary solution is to deploy a dedicated DMARC record for the subdomain from which emails are sent, explicitly setting its policy to p=quarantine or p=reject, irrespective of the root domain's policy.
- Validate Subdomain DNS: Carefully verify the correct configuration and propagation of all relevant DNS records for the subdomain, including SPF, DKIM, DMARC, and especially the BIMI TXT record, ensuring it links to the appropriate VMC and SVG.
- Confirm BIMI Record Elements: Ensure the BIMI record on the subdomain precisely references a valid Verified Mark Certificate (VMC) and points to the correct URL of the SVG logo, as any inaccuracies will prevent display.
- Leverage Online Validators: Utilize publicly available online tools and validators to perform comprehensive checks of the subdomain's DMARC and BIMI setup, which can quickly pinpoint configuration errors.
Technical article
Documentation from DMARC.org explains that BIMI requires a DMARC policy of p=quarantine or p=reject. If the DMARC policy is set to p=none, even on a subdomain, BIMI will not display, making troubleshooting futile until the DMARC policy is enforced.
12 Oct 2021 - DMARC.org
Technical article
Documentation from Valimail explains that for BIMI to display on a subdomain, even if the root domain has a p=none DMARC policy, the subdomain itself must have an explicitly enforced DMARC policy of p=quarantine or p=reject. Without this direct enforcement on the sending subdomain, BIMI will not render.
7 Feb 2024 - Valimail Documentation
Related resources
7 resources
Does BIMI trickle down to subdomains and how to control subdomain BIMI display?
How do I implement DMARC with BIMI on multiple subdomains?
How to apply BIMI to a specific subdomain instead of the entire domain?
How to implement BIMI on a subdomain without affecting the main domain or transactional emails?
How to prevent BIMI and Apple Branded Mail logos from displaying on subdomains without affecting deliverability?
Why is BIMI not showing on marketing subdomain?
