Why did my BIMI logo disappear from Gmail?

BIMI temporarily disappeared from Gmail due to Google pausing its BIMI checking process. This was a response to an exploit where spammers were using certain configurations, particularly those with multiple DKIM signatures , to display fake logos. It was a security measure to protect users from phishing.

When will BIMI logos be restored in Gmail?

While Gmail did not announce an exact restoration timeline, BIMI logos began to reappear for many senders within a few days of the initial disappearance. The restoration was gradual, indicating that Google was rolling out fixes or adjustments to their validation system. It was not a permanent change.

What specifically caused the BIMI issue in Gmail?

The main cause was the exploitation of multiple DKIM signatures by spammers. Many Email Service Providers use both a client's DKIM signature and their own, leading to 'double signing'. This specific setup was identified as a vulnerability that Gmail needed to address urgently.

How can I prevent my BIMI logo from disappearing in the future?

You can ensure BIMI resilience by maintaining strong email authentication ( DMARC at enforcement ), regularly monitoring your BIMI record and SVG logo for compliance, keeping your Verified Mark Certificate (VMC) updated, and staying informed about email security developments. Regular checks of your email deliverability are also crucial.

Why did BIMI disappear from Gmail and when will it be restored? - Troubleshooting - Email deliverability - Knowledge base

Many email marketers and brands recently noticed a concerning change: their BIMI logos had vanished from

Gmail inboxes. This sudden disappearance caused widespread confusion and concern, especially for those who had invested significant effort into implementing Brand Indicators for Message Identification (BIMI) to enhance their email trust and visibility. We saw many discussions about it within the community.

It left many wondering why this happened and, more importantly, when their valuable brand logos would be restored. The good news is that this was largely a temporary measure by Gmail. Here is what we learned about the situation.

The incident: A temporary suspension

The primary reason for BIMI logos disappearing from

Google's Gmail inboxes was a temporary halt in their BIMI checking process. This was a direct response to an observed exploit where spammers were reportedly leveraging certain configurations to display fake brand logos, deceiving recipients. To combat this, Gmail temporarily paused BIMI validation for some messages, particularly those with multiple DKIM signatures.

This pause was not a permanent removal of BIMI support, but rather a necessary step by Gmail to address security vulnerabilities and protect users from phishing attempts. A key factor in this decision was the use of multiple DKIM (DomainKeys Identified Mail) signatures. Many Email Service Providers (ESPs) employ a double DKIM signing method, where one signature is from the client's domain and another from the ESP's domain. This specific configuration seemed to be at the heart of the exploit. We found information from a Twitter thread discussing the issue and the temporary disabling of the BIMI 'blue-check' for emails with multiple DKIM signatures.

While the focus was on double DKIM signed emails, some senders with single DKIM signatures also reported issues, indicating that Gmail’s pause might have been broader than initially perceived, likely to ensure comprehensive mitigation of the bug. It was a rapid response to a potential security threat.

Understanding DKIM signatures

DKIM is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email purportedly from a particular domain was authorized by that domain's owner. Email Service Providers (ESPs) often add their own DKIM signature in addition to the sender's, leading to 'double DKIM signing'.

BIMI requirements for display

For BIMI to display, the sender's domain must pass both DMARC and DKIM authentication. A validated BIMI record pointing to a properly formatted SVG logo and, in Gmail's case, a Verified Mark Certificate (VMC) are also essential. When any of these authentication layers are compromised or temporarily disabled by the receiving mail server, BIMI display can be affected.

Impact and implications for senders

For many organizations, the sudden disappearance of their BIMI logos from

Gmail was a significant blow. BIMI is a powerful tool for brand recognition and building trust, as it visually assures recipients that an email is legitimate. The absence of the logo could lead to reduced open rates and engagement, as recipients might perceive the emails as less trustworthy or even suspicious.

Email marketers, in particular, felt the impact, as BIMI is often integrated into broader deliverability and sender reputation strategies. When something like this happens, it can undermine the perceived value of investing in advanced authentication standards. It also highlights the dynamic nature of email deliverability, where even seemingly stable features can be temporarily affected by security concerns or system adjustments.

This event underscored the importance of robust email authentication beyond just BIMI. While BIMI adds a visual layer of trust, the underlying technologies like DMARC, SPF, and DKIM remain critical for ensuring email deliverability and protecting against spoofing. Senders must ensure these foundational elements are correctly configured and monitored, as they are the prerequisites for BIMI display.

Scenario 1: BIMI disappears

Issue: Your BIMI logo is suddenly not showing in Gmail, despite previous correct display. This is likely due to a temporary suspension of BIMI validation by the receiving mail server, often for security reasons.
Cause: Gmail temporarily paused BIMI checking (especially for multi-DKIM signed emails) to fix an exploit or bug.
Sender action: Monitor official announcements, ensure your DMARC policy is enforced (p=quarantine or p=reject), and verify your BIMI record is valid. BIMI should automatically return once the issue is fixed.

Scenario 2: BIMI never appeared or is inconsistent

Issue: Your BIMI logo is not displaying at all, or only on some email clients (e.g., Yahoo Mail but not Gmail).
Cause: This usually indicates a problem with your BIMI setup, such as an incorrectly configured DMARC record, an invalid SVG logo file, missing VMC (Verified Mark Certificate) for Gmail, or issues with your domain's reputation.
Sender action: Review your DMARC, SPF, and DKIM records. Ensure your SVG logo is publicly accessible and meets specifications. For Gmail, confirm you have a valid VMC from an accredited certificate authority. Check your domain's reputation.

The restoration process and future outlook

Fortunately, Gmail's halt on BIMI display was temporary. Reports from the email community indicated that BIMI logos slowly began to reappear for many senders. This restoration suggests that

Gmail implemented a fix for the underlying bug or adjusted their validation logic to prevent abuse. Some users observed that double DKIM signed emails were among the first to see their BIMI logos return.

It's important to remember that such changes can take time to propagate across all systems. Just because a fix is deployed does not mean every inbox will immediately reflect the change. Email deliverability is a complex ecosystem, and factors like caching and regional server updates can cause delays. Anecdotal evidence from senders suggested that BIMI logos reappeared gradually, with some brands (like Amazon) seemingly unaffected or very quickly restored, while others took a few days.

While Gmail has not always provided public, detailed timelines for such issues, their actions indicate a commitment to maintaining a secure and trustworthy email environment. This incident serves as a reminder that email standards and their implementation by mail providers are constantly evolving, often with security at the forefront.

Example BIMI recordDNS

TXT	v=BIMI1; l=https://yourdomain.com/path/to/logo.svg; a=https://yourdomain.com/path/to/vmc.pem

Ensuring BIMI resilience: Best practices

To ensure your BIMI logo remains visible and your emails are consistently delivered, even when mail providers make adjustments, focus on these best practices:

Maintain strong authentication: Ensure your DMARC policy is set to enforcement (quarantine or reject) and that your SPF and DKIM records are correctly configured and aligned. This is the foundation for BIMI.
Monitor BIMI status: Regularly check if your BIMI logo is displaying as expected in various email clients, including Gmail and Yahoo. Inconsistent display can indicate underlying issues.
Keep VMC updated: If you are using a Verified Mark Certificate for Gmail, ensure it is current and valid. An expired or invalid VMC will prevent your logo from showing.
Optimize your SVG logo: Confirm your SVG file adheres to all BIMI specifications, including file size, format, and accessibility. A non-compliant logo will not display.
Stay informed: Keep abreast of changes in email authentication standards and mail provider policies. Security vulnerabilities and updates can happen rapidly.

Even with these measures, it's possible for temporary glitches to occur. The key is to have a solid foundation in email authentication and to promptly investigate any unexpected changes in your BIMI display or email deliverability. Sometimes, the issue might not be with your setup but with the receiving mail server's internal processes, as we saw with the recent Gmail BIMI disappearance.

What this means for your brand

The temporary disappearance of BIMI logos from Gmail was a notable event that highlighted the ongoing battle against email fraud and the importance of adaptable security measures. While concerning at first, it reinforced that BIMI is a valuable tool that mail providers are actively working to protect and integrate securely.

For brands, the key takeaway is to maintain robust email authentication, monitor your email program diligently, and stay informed about industry changes. This proactive approach will help ensure your brand's visual identity remains consistently displayed, building trust and engagement with your audience.

Views from the trenches

Best practices

Ensure DMARC is set to an enforcement policy (quarantine or reject) for BIMI to be eligible for display.

Regularly check your BIMI record for correct syntax and accessibility of your SVG logo and VMC file.

Monitor your email authentication reports (DMARC, SPF, DKIM) to catch any potential issues early.

Maintain a good sender reputation, as this heavily influences whether your BIMI logo is shown.

Common pitfalls

Panicking when a temporary issue occurs, rather than waiting for official updates or community consensus.

Having an SVG logo that does not meet BIMI specifications, leading to inconsistent or no display.

Not having a valid Verified Mark Certificate (VMC) for Gmail, which is a key requirement.

Ignoring DMARC reports, which provide crucial insights into authentication failures that impact BIMI.

Expert tips

Implement DMARC with a p=quarantine or p=reject policy; BIMI won't show without it.

Use an SVG converter tool to ensure your logo is compliant with BIMI's strict SVG profile.

Always include both your domain's DKIM signature and your ESP's when sending, if possible.

Continuously monitor your BIMI display across different email clients, not just one.

Expert view

Expert from Email Geeks says Gmail likely paused BIMI checking on new inbound messages, as some senders previously showing logos are no longer doing so.

June 6, 2023 - Email Geeks

Marketer view

Marketer from Email Geeks says that no BIMI logos were visible on any messages that morning.

June 6, 2023 - Email Geeks