Skip to content
Hunto AI Hunto AI Knowledge Base

BIMI

BIMI (Brand Indicators for Message Identification) is the final, rewarding step in the email authentication journey. If DMARC, SPF, and DKIM are the complex security systems working behind the scenes, then BIMI is the verified, official logo displayed to the world, proving that your security is top-notch.

Think of it as the “verified blue checkmark” for your email. BIMI allows you to display your official brand logo next to your authenticated emails in the recipient’s inbox.

Crucially, BIMI is not a security protocol itself. Instead, it is a visual reward for having implemented strong email security. It builds directly on top of DMARC, giving brands a tangible marketing and trust benefit for their security efforts.

1. The Key Components & Prerequisites

Section titled “1. The Key Components & Prerequisites”

For BIMI to work, you must first have a mature email authentication program. The requirements are strict:

  • 1. Strict DMARC Enforcement (The Foundation): This is the most important prerequisite. Your domain’s DMARC policy must be set to an enforcement level, meaning p=quarantine or p=reject. A monitoring-only policy (p=none) is not sufficient. This proves you are actively protecting your domain from spoofing.
  • 2. The BIMI DNS Record: Like the other protocols, BIMI requires you to publish a specific TXT record in your DNS. It looks something like this: v=BIMI1; l=https://media.yourbrand.com/logo.svg; The l= tag points to a secure URL where your logo is hosted.
  • 3. The Logo File (SVG Format): The logo itself must be in a specific vector format called SVG (Scalable Vector Graphics). This ensures the logo displays clearly across all devices.
  • 4. The Verified Mark Certificate (VMC) (The Verification Step): For most major mailbox providers (like Gmail), this is a mandatory requirement. A VMC is a digital certificate issued by a trusted Certificate Authority that proves two things:
    • Your organization is the legitimate owner of the domain.
    • You have the legal right to use the logo because it is a registered trademark. The VMC is the component that adds the “verified” layer of trust to BIMI.

2. The Crucial Concept: How BIMI Works

Section titled “2. The Crucial Concept: How BIMI Works”

When an email arrives at a BIMI-supporting provider like Gmail, a series of checks happens in seconds:

  1. The email first goes through the standard authentication checks. It must pass DMARC.
  2. The receiving server then checks the DMARC policy for the sending domain and confirms that it is set to p=quarantine or p=reject.
  3. Having passed these security checks, the server then looks for a BIMI DNS record for the domain.
  4. If a BIMI record is found, the server fetches the SVG logo from the URL in the l= tag.
  5. The server then checks for a valid VMC to prove the logo is authentic and trademarked.
  6. If all of these checks are successful, the server displays your brand’s official logo next to the email in the recipient’s inbox.