BIMI Record Checker
Check your domain's BIMI record, see what it does, and generate a valid record.
Before you publish BIMI — the prerequisites
BIMI is the last step in email authentication, not the first. Publishing the record before these are in place will not display your logo:
- Your domain must already pass SPF and DKIM.
- Your domain must have a DMARC record at enforcement —
p=quarantineorp=reject, withpct=100(orpctomitted). A policy ofp=nonedoes not qualify for BIMI. - For Gmail and Apple Mail to actually show the logo, you also need a VMC (Verified Mark Certificate) — or the newer, cheaper CMC (Common Mark Certificate) — referenced by the
a=tag.
The honest caveat: a VMC proves you own a registered trademark of your logo. It is issued by DigiCert and Entrust and costs roughly US$1,000–1,500 per year. The BIMI DNS record alone is not enough — without a VMC or CMC, Gmail and Apple Mail will not display your logo.
Generate a BIMI record
Build a valid default._bimi TXT record from your logo and certificate URLs.
Add this TXT record to your DNS
- Host
default._bimi(some panels want the fulldefault._bimi.example.com)- Type
TXT- Value
-
Review before you publish. Confirm both URLs are HTTPS and load correctly, that the logo really is in the SVG Tiny PS profile, and check the record against your provider's documentation before saving it.
No certificate set. You generated a record without an a= tag. It is valid syntax, but Gmail and Apple Mail will not display your logo without a VMC or CMC certificate. The DNS record alone is not enough.
Don't forget the prerequisites. BIMI only works once your domain passes SPF, DKIM and DMARC, and your DMARC policy is at enforcement (p=quarantine or p=reject).
What is BIMI?
BIMI (Brand Indicators for Message Identification) is an email specification that lets your brand's official logo appear next to your messages in the inbox of supporting mail clients — Gmail, Apple Mail, Yahoo, Fastmail and others. It is published as a single DNS TXT record at default._bimi.<yourdomain>.
BIMI is an optional, advanced enhancement. It is not a deliverability requirement — not having a BIMI record does not hurt your email in any way. Its value is brand recognition and a small trust signal: recipients see your verified logo rather than a generic placeholder.
The SPF, DKIM and DMARC prerequisite
BIMI sits on top of the email-authentication stack. Receivers will only look at your BIMI record once your messages already pass SPF and DKIM and you have a DMARC record. Crucially, your DMARC policy must be at enforcement: p=quarantine or p=reject, with pct=100 (or pct omitted). A monitoring-only policy of p=none does not qualify — receivers will ignore BIMI entirely.
If your domain isn't there yet, start with our DMARC checker to get DMARC to enforcement first.
The SVG Tiny PS logo
The l= tag points to your logo file, which must be served over HTTPS and be in the SVG Tiny PS (SVG Portable/Secure) profile — a tightly restricted subset of SVG. In practice that means:
- A square aspect ratio (it will be displayed in a circle or rounded square).
- No scripts, no external references, no animation, no raster images embedded.
- A
<title>element describing the logo. - A small file size — typically 32 KB or less.
Most logos need to be converted and cleaned up to meet this profile; design tools rarely export it directly.
The VMC certificate — and its cost
The a= tag points to a Verified Mark Certificate (VMC): a digital certificate proving that you own a registered trademark of the logo. Although the BIMI spec treats a= as optional, in practice Gmail and Apple Mail will not display your logo without a VMC (or a CMC).
VMCs are issued by a small number of certificate authorities — currently DigiCert and Entrust — and cost roughly US$1,000–1,500 per year. They also require you to already hold a registered trademark for the logo, which is a separate cost and a months-long process if you don't have one.
A Common Mark Certificate (CMC) is a newer, cheaper alternative for logos that are not trademarked. It does not require a registered trademark, but it is supported by fewer mailbox providers than a full VMC. For the authoritative, up-to-date picture, see the BIMI Group implementation guide.
Frequently Asked Questions
Where do I publish my BIMI record?
BIMI is a TXT record published at default._bimi.yourdomain.com. default is the standard selector. In most DNS panels you enter the host as default._bimi and the panel appends your root domain automatically.
Will a BIMI record alone show my logo in Gmail?
No. The DNS record is necessary but not sufficient. Gmail and Apple Mail require a valid VMC (or CMC) certificate referenced by the a= tag, and your domain must pass DMARC at enforcement. Without the certificate, the record is published but no logo appears.
Do I need DMARC before BIMI?
Yes — and not just any DMARC. Your DMARC policy must be at enforcement: p=quarantine or p=reject with pct=100. A policy of p=none (monitoring only) does not qualify, and receivers will ignore your BIMI record.
How much does BIMI cost?
The DNS record itself is free. The real cost is the VMC certificate — roughly US$1,000–1,500 per year from DigiCert or Entrust — plus the cost of registering a trademark for your logo if you don't already hold one. A CMC is cheaper but supported by fewer providers.
What format does the logo file need to be?
It must be an SVG Tiny PS (SVG Portable/Secure) file: square, no scripts or external references, with a <title> element, served over HTTPS, and typically 32 KB or smaller. Standard SVG exports usually need to be converted and cleaned to meet this profile.
What does an empty l= tag mean?
A BIMI record with an empty l= tag (for example v=BIMI1; l=;) is an explicit opt-out. It tells receivers you intentionally do not want a logo displayed, which can prevent third parties from inferring one.