Brand indicators for message identification, or BIMI, provides a standardized method for businesses to showcase their brand logo next to the subject line of their authenticated emails so they stand out in crowded inboxes, with built-in protections against brand spoofing.
Unlike other forms of email security, BIMI is noticeable and easily identifiable even to those who aren’t tech-savvy. And it helps prevent fraudsters from impersonating your brand in phishing emails targeting your customers and other consumers or businesses, while improving your email deliverability rates.
BIMI builds on the domain-based message authentication, reporting and conformance (DMARC) standard for authenticating email. To use BIMI, businesses must have DMARC authentication in place, and they must establish a BIMI record that includes the URL for the location of the file containing the business's logo.
What is a BIMI Record?
A BIMI record is a type of DNS TXT record that is used to display your brand logo within the recipient's email inbox if the email has been authenticated using SPF and/or DKIM, and DMARC with the DMARC policy for the sending server is set at either p=reject or p=quarantine.
If your head is spinning from all these acronyms, here’s a quick overview of how everything ties together:
BIMI — Displays your logo next to your email messages within supporting email inboxes, boosting brand visibility while providing a visual indicator that the message is legitimate and can be trusted.
DKIM — DomainKeys Identified Mail uses cryptography to ensure the email messages you send are not modified in transit.
SPF — Sender Policy Framework is a form of email authentication that ensures email messages being sent with your domain only originate from specific IP addresses.
DMARC — Works with SPF and DKIM to enable email providers to recognize when an email message isn't coming from a specific brand's approved email senders and gives the brand the ability to set policies that tell email providers what to do with these unauthorized emails. (You’ll need this first if you want to use BIMI.)
When you combine BIMI with these standards above, you help secure your email messages and increase brand visibility at the same time.
Why is BIMI Important?
Email remains one of the most important communication channels between businesses and their customers, especially for lifecycle marketing, account notifications, and customer support. While messaging platforms, apps, and AI-driven chat have grown, email continues to deliver one of the highest returns among digital channels. Industry benchmarks still commonly cite returns in the range of $30–$40 for every $1 spent, though performance varies widely by sector and execution.
As inboxes have become more crowded and filtering algorithms more aggressive, standing out — and being trusted — has become significantly harder. At the same time, phishing and business email compromise (BEC) attacks have continued to increase in sophistication, often leveraging AI to mimic legitimate senders. This has made visible trust signals in the inbox more valuable than ever.
Developed by an industry coalition including organizations like AuthIndicators Working Group, BIMI provides a standardized way for organizations to display a verified brand logo next to authenticated email messages. These logos appear in areas controlled by the mailbox provider, such as avatar slots.
Since its early pilots, BIMI has moved into broader adoption across major providers, including Google (Gmail) and Yahoo. However, implementation is no longer as simple as publishing a BIMI record. Most large providers now require strong authentication, specifically enforcement of DMARC policies (p=quarantine or p=reject) — and, in many cases, a Verified Mark Certificate (VMC) issued by a trusted certificate authority to confirm logo ownership.
BIMI effectively incentivizes organizations to adopt stronger email authentication practices by tying brand visibility to security posture. When properly implemented, it can enhance brand recognition and reinforce user trust at the moment an email is received.
That said, expectations around performance should be realistic. BIMI does not directly reduce spam filtering or guarantee higher deliverability. Instead, its impact is indirect by reinforcing trust and brand recognition, it may contribute to improved open rates and engagement over time, particularly for well-known brands.
From a security standpoint, BIMI adds a visible layer of authentication that can help users distinguish legitimate messages from spoofed ones. However, it is not a standalone defense against phishing. Attackers can still impersonate brands through lookalike domains or compromised accounts that pass authentication checks.
BIMI also strengthens brand control by ensuring that only domains meeting strict authentication and verification requirements can display an official logo. While this can make some impersonation attempts more obvious, its effectiveness ultimately depends on user awareness and the broader email security ecosystem.
How BIMI works
BIMI can be viewed as an extension to DMARC, since it's required in order for BIMI to work. When a domain has DMARC properly configured, a new TXT record can be created that enables the BIMI policy. The new TXT record will contain a URL that points to the company logo.
Mail providers that support BIMI will query the domain of the incoming message to locate the BIMI file to verify the message. Once the email passes DMARC authentication, the BIMI file points the receiving email server to the brand logo and displays it in the inbox.
- DMARC must be set to p=reject or p=quarantine
- A BIMI record is present in the DNS server for that domain
- The image URL is valid and contains the image in SVG format
Here's an example of what a BIMI record looks like. Let’s break down each part of the record: v=BIMI1; l=https://images.yourbrand.com/logo.svg – v=BIMI1; This specifies the version of BIMI that is being used. This will always be required and always need to be the first syntax used in the record.
l= This denotes the location of the image file to be used when the BIMI check is successful. The location of the image should be hosted somewhere static, and the image format must be in SVG.
How to set up BIMI for Email
v=BIMI1; l=https://images.yourbrand.com/logo.svg; a=https//sub.yourbrand/vmc/logo.pem
Here, "a=" points to the url for the VMC (.pem file).
- Ensure DMARC is configured on your DNS server. BIMI requires DMARC in order to work successfully. The DMARC policies must be set to p=reject (recommended) or p=quarantine and cannot be set to less than 100%.
- Upload your logo. The SVG formatted logo must be a square in shape and uploaded in high resolution. For best results the logo should be centered on a solid background and not exceed 32kb in size. Upload the image to a server or hosting provider.
- Note that some email providers require a visual mark certificate (VMC) from a mark verifying authority (MVA), a third-party organization that can provide evidence of verification of certain standards, including size, trademark, and content.
To include the VMC, our example BIMI record would look something like this:
- Publish your BIMI record. Login to your DNS server and create a new TXT record. Inside, specify your new BIMI policy pointing to the URL of where your logo is located. Once you publish your record, it may take 24-48 hours to take effect.
- Check your BIMI status. Check to see if your BIMI is working correctly by using Fortra's BIMI Tool.