It can be frustrating when you've done all the work to set up Brand Indicators for Message Identification (BIMI), but your logo still isn't showing, especially on a marketing subdomain. While BIMI is designed to enhance brand presence in the inbox, its successful display depends on several factors beyond just publishing the BIMI record. I've seen this issue come up frequently, where a Verified Mark Certificate (VMC) is in place for the main domain, and BIMI works on a transactional subdomain, but not on a marketing subdomain.
Often, the discrepancy between transactional and marketing subdomains lies in their distinct configurations, sending practices, and how mailbox providers (like Gmail or Yahoo) interpret their respective DMARC policies and sender reputations. It's not always about the Friendly From, Envelope From, or DKIM i= alone, but a combination of these and other critical elements.
Let's dive into the common reasons why your BIMI logo might be elusive on your marketing subdomain and what you can do to get it to appear.
The foundational role of DMARC
The most crucial requirement for BIMI to work is a DMARC policy that is enforced. This means your DMARC record must be set to either p=quarantine or p=reject. A p=none policy, which is reporting-only, will not enable BIMI display. While DMARC is generally designed to reside on the organizational (root) domain, and subdomains are expected to inherit this policy via the sp= tag, this isn't always sufficient for BIMI on specific subdomains.
In many real-world scenarios, particularly with marketing subdomains that might have unique sending infrastructure or practices, a specific DMARC record on the subdomain itself can be the solution. Even if your main domain has sp=reject, adding an explicit DMARC record to your marketing subdomain, such as p=reject on news.yourdomain.com, can often resolve the display issue. This explicitly tells mailbox providers how to handle emails from that specific subdomain, which can be critical for BIMI validation. You can find more about implementing DMARC with BIMI on multiple subdomains in our guides.
Remember that BIMI relies on proper alignment of SPF and DKIM with your DMARC record. The domain in your From header must align with the domains authenticated by SPF or DKIM. If your marketing emails are being sent through a different email service provider (ESP) or system, ensure that the DMARC policy and authentication records are correctly set up for that specific sending subdomain. Mailbox providers like Google adjust BIMI display based on these critical alignment factors.
Example DMARC record for a subdomain
DNS TXT RecordDNS
_dmarc.marketing.yourdomain.com. IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-forensics@yourdomain.com;"
This explicit record ensures that the marketing subdomain has its own enforced DMARC policy, which is often necessary for BIMI to function correctly, even if the organizational domain has an sp= tag.
Sender reputation and authentication alignment
Even with correct DMARC setup, a marketing subdomain's reputation can significantly impact BIMI display. Mailbox providers prioritize the user experience and only display BIMI logos for senders with a good, consistent sending reputation. If your marketing subdomain has experienced deliverability issues, high spam complaints, or inconsistent sending volumes, it may prevent your BIMI logo from appearing, regardless of technical correctness. You can learn more about domain reputation for email marketers in our comprehensive guide.
Marketing subdomains, by their nature, often send bulk emails, which can be subject to stricter filtering. While your transactional subdomain might have a pristine reputation due to low volume and high engagement, a marketing subdomain needs consistent positive engagement and careful list management to maintain a healthy sending reputation. If the marketing subdomain's reputation is poor, the logo may not be shown, even if technically BIMI is configured correctly.
Also, ensure that your SPF and DKIM records are correctly configured for the marketing subdomain, and that they align with the domain in your From header. Any misconfiguration or failure in these authentication protocols will cause DMARC authentication to fail, and consequently, BIMI will not display. This is a foundational requirement for BIMI to work. Proper authentication is non-negotiable for BIMI.
Transactional subdomain (app.yourdomain.com)
DMARC Policy: May have an explicit p=quarantine or p=reject DMARC record, or inherit from the organizational domain.
Reputation: Typically high, due to lower volume and essential, expected emails (e.g., password resets, order confirmations).
Authentication: Strong SPF and DKIM alignment, often sent by robust systems like Salesforce Marketing Cloud.
Marketing subdomain (news.yourdomain.com)
DMARC Policy: May be implicitly inherited p=none if no explicit record is set and sp= is not reject or quarantine.
Reputation: Can be lower or more volatile due to bulk sending, varied recipient engagement, and potential for spam complaints.
Authentication: Requires diligent SPF and DKIM setup for the specific ESP or sending platform used.
Verified Mark Certificates and logo requirements
While a BIMI record can technically be published without a Verified Mark Certificate (VMC), major mailbox providers, including Gmail, require a VMC for your BIMI logo to display. A VMC is a digital certificate that verifies your brand's logo and ties it to your domain, providing an extra layer of trust. If you have a VMC for your main domain but not explicitly linked to your marketing subdomain's BIMI record (even if inherited), it might not display consistently. You can dive deeper into BIMI accredited certificate providers in our guide.
The SVG (Scalable Vector Graphics) file for your logo also has specific requirements. It must be trademarked, meet certain size and aspect ratio specifications, and be hosted on a secure (HTTPS) server. Any deviation from these technical requirements can prevent your logo from showing. Also, some providers may cache BIMI records, so it can take some time for changes to propagate globally. This can be a reason why your BIMI logo takes time to appear.
Even with everything seemingly correct, different mailbox providers have their own nuances in how they interpret and display BIMI. Microsoft, for example, has its own set of rules and may not support BIMI in the same way as Apple Mail or Yahoo Mail. If your BIMI isn't showing up in Gmail, you can consult our specific guides for troubleshooting.
Troubleshooting steps for marketing subdomains
When your BIMI logo isn't displaying on a marketing subdomain, a systematic approach to troubleshooting is essential. I always recommend starting with the most common culprits. First, thoroughly review your DMARC configuration. Verify that the marketing subdomain either explicitly has a DMARC record set to p=quarantine or p=reject, or that the organizational domain's DMARC record includes an sp= tag with one of these enforcement policies. Based on recent observations, adding an explicit DMARC record to the subdomain often solves the problem when inheritance proves unreliable. You can use our free DMARC record generator if needed.
Next, verify that your SPF and DKIM authentication for the marketing subdomain are consistently passing DMARC alignment checks. This means the domain in your From header (your marketing subdomain) is aligned with the domains authenticated by SPF and DKIM. Inconsistencies here are a common cause of BIMI failures. DMARC authentication is the backbone of BIMI.
Finally, monitor your marketing subdomain's sender reputation. Consistent email volumes, low complaint rates, and high engagement are crucial for building trust with mailbox providers. If your reputation is low, your BIMI logo may not display. Keep in mind that some providers, like Yahoo, are known to honor BIMI on subdomains, but often prefer DMARC to be set at the organizational level. However, explicit subdomain DMARC can bypass some of these preferences.
Key takeaways
Ensuring your BIMI logo displays consistently on marketing subdomains requires a combination of precise DNS configuration, strong email authentication, and a healthy sender reputation. While organizational DMARC policies with sp= tags can cover subdomains, explicitly setting an enforced DMARC policy on the marketing subdomain itself often resolves display issues. Coupled with careful attention to sender reputation and consistent authentication, you can unlock the full branding potential of BIMI across all your email sending channels.
Views from the trenches
Best practices
Ensure your marketing subdomain has an explicit DMARC record with a policy of p=quarantine or p=reject.
Verify that both SPF and DKIM are correctly configured and pass DMARC alignment for the sending subdomain.
Maintain a consistent and high sending reputation for your marketing subdomain through good sending practices.
Double-check your BIMI TXT record and SVG logo file for any technical errors or misconfigurations.
Common pitfalls
Assuming DMARC inheritance (sp=) from the organizational domain is sufficient for BIMI display on subdomains.
Not having a strong DMARC enforcement policy (p=quarantine or p=reject) directly on the marketing subdomain.
Ignoring the sending reputation of the marketing subdomain, which can override BIMI display.
Inconsistent SPF or DKIM alignment, causing DMARC failures for marketing emails.
Expert tips
Always test BIMI display across multiple mailbox providers, as their implementation and requirements can vary.
Monitor DMARC reports for your marketing subdomain to identify any authentication or alignment failures.
If using an ESP for marketing, confirm they support BIMI and that your setup aligns with their recommendations.
For complex setups, consider using a BIMI selector (default._bimi) if managing multiple logos per domain.
Expert view
Expert from Email Geeks says that enforcing DMARC to pass is the main requirement for BIMI to display.
2024-03-01 - Email Geeks
Marketer view
Marketer from Email Geeks recommends ensuring the marketing subdomain does not have its own conflicting DMARC policy that might be too permissive.
Gmail or 
Yahoo) interpret their respective DMARC policies and sender reputations. It's not always about the Friendly From, Envelope From, or DKIM i= alone, but a combination of these and other critical elements.
Google adjust BIMI display based on these critical alignment factors.
Salesforce Marketing Cloud.
Gmail, require a VMC for your BIMI logo to display. A VMC is a digital certificate that verifies your brand's logo and ties it to your domain, providing an extra layer of trust. If you have a VMC for your main domain but not explicitly linked to your marketing subdomain's BIMI record (even if inherited), it might not display consistently. You can dive deeper into BIMI accredited certificate providers in our guide.
Microsoft, for example, has its own set of rules and may not support BIMI in the same way as 
Apple Mail or 
Yahoo Mail. If your BIMI isn't showing up in Gmail, you can consult our specific guides for troubleshooting.
Yahoo, are known to honor BIMI on subdomains, but often prefer DMARC to be set at the organizational level. However, explicit subdomain DMARC can bypass some of these preferences.
