email server

Set up BIMI: Make brand indicators visible for emails

With BIMI (Brand Indicators for Message Identification), the verified brand logo of a company is displayed directly in the email inbox. This increases visibility, strengthens sender confidence and provides better protection against phishing attacks - provided the technical requirements are implemented correctly.

Key points

BIMI integrates brand logos visibly into supported inboxes.
Required are SPF, DKIM and DMARC with a strict policy.
A verified logo as an SVG file and a valid certificate are required.
The setup takes place via a DNS entry with logo URL and optional certificate link.
Mail provider decide whether and when the logo is displayed.

What exactly is BIMI?

BIMI is a technical standard that allows brands to visibly display their official logo next to authenticated emails. This allows the recipient to see at a glance that the message actually comes from the brand - which strengthens trust. It is important to note that simply providing the logo is not enough. The email must also be correctly authenticated by SPF, DKIM and DMARC. The logo can only be displayed in the inbox once these processes are working properly. The logo currently only appears with supported email providers such as Gmail, Yahoo or Apple Mail.

What requirements must be met?

For BIMI to work, certain technical requirements must be met. The established email authentication protocols - SPF, DKIM and DMARC in particular - form the basis. It is crucial that DMARC is compatible with a policy p=quarantine or p=reject and an enforcement level of 100 % (pct=100) is activated. If this requirement is not met, the logo will not be displayed - even if the rest is set up correctly.

Another requirement is a VMC (Verified Mark Certificate) or CMC. This certificate confirms that the brand is legally authorized to use the specified logo. Without a valid certificate - especially for Gmail - no logo will appear in the inbox. Important: The logo itself must be created as SVG Tiny PS, must not contain any fonts or scripts and must be publicly accessible via HTTPS.

How to set up BIMI technically

The actual technical setup takes place in four steps. The following table provides an overview:

Step	Task	Important details
1	Configure authentication	SPF, DKIM and DMARC with strict policy
2	Prepare logo	SVG Tiny PS, protected by trademark, HTTPS URL
3	Apply for a certificate	VMC or CMC via certification bodies
4	Create BIMI entry	TXT record with logo and certificate URL

Create DNS record correctly

The central component for BIMI in the DNS is a TXT record under the name default._bimi.your-domain.tld. The version is defined in this record and the path to the logo is specified. Optionally, the path to the VMC or CMC is also added. An example of a valid entry:

default._bimi.your-domain.tld TXT "v=BIMI1; l=https://ihre-domain.tld/logo.svg; a=https://ihre-domain.tld/vmc.pem"

I recommend using "default" as the selector - this is sufficient in the vast majority of cases. Make sure that the URL of the logo and the certificate are public and accessible without redirection.

Typical stumbling blocks during installation

Many errors when setting up BIMI are caused by details in the configuration. Most often I see missing or insufficient DMARC policies - for example with a value pct < 100. In such cases, mail providers do not display a logo. The logo used is often not compatible either: SVG files with embedded fonts, color profiles or script code do not work.

Another risk: the hosting of the file. If the SSL certificate is missing or expires, the logo cannot be loaded. The same applies to the BIMI certificate itself. It should be publicly accessible via HTTPS - and above all valid.

BIMI in various industries: practical examples

For companies from different divisions BIMI offers a variety of benefits depending on the target group and email volume. In the e-commerce sector, where newsletters, transactional emails and discount promotions are frequently sent, an inserted logo can achieve higher open rates and lower spam markings. Online stores in particular benefit, as recipients immediately associate the logo with the brand in the flood of daily offers - and are more inclined to focus their attention on the mail.

Also Financial institutionsbanks, which place particular emphasis on security and trust, often send large volumes of emails. With BIMI, the official logo is displayed next to the bank's own email, which prevents phishing in particular. As soon as customers see the familiar logo, it is clear that it is an authenticated message - provided that email authentication is effective. At the same time, this logo presence in the inbox serves as a reminder that the bank secures its online communication professionally.

In the area Healthcare and medicine trust is just as essential. Clinics, doctors' surgeries and laboratories are increasingly sending findings, appointment confirmations and other sensitive information. With BIMI, the sender of the e-mail signals a high standard of security. Patients immediately recognize: "This really comes from my clinic - I can open the email with a clear conscience."

BIMI is also exciting for public institutions and public authorities. There is often a higher volume of mail traffic on topics such as tax returns, citizen services or information campaigns. An integrated logo not only increases trust, but also reduces the risk of important messages being skipped or classified as unusual.

Where and how BIMI is displayed

BIMI is not automatically displayed by every provider. Only participating providers such as Gmail, Yahoo and Apple Mail integrate BIMI logos, and only if all requirements are met. The receiving server checks in real time whether DMARC applies and whether the DNS entry is complete. It then loads the logo from the BIMI URL and validates the certificate.

Important to know: It usually takes 24 to 48 hours after publication of the record for the logo to be displayed. A good tool for checking is a BIMI checker, which can be used to check whether the display is technically ready.

BIMI and deliverability - a direct link?

BIMI does not directly influence the delivery rate. But it does create trust. If recipients see the brand logo, they are less likely to classify a message as spam or even delete it. Higher open rates lead to a better reputation in the long term - and therefore indirect also for better deliverability.

Don't forget: The basis is always a strictly implemented authentication concept. Analysis of DMARC reports help to detect spoofing attempts and check the configuration.

Best practices for sustainable BIMI use

My advice is to check all relevant files such as the logo and certificates regularly and keep them accessible at all times. Once you have set up BIMI, you should keep a constant eye on the infrastructure so that the logo does not suddenly disappear. It is also worth evaluating the interaction rate of recipients before and after BIMI integration.

A little tip: If you want to find out more about setting up SPF, DKIM and DMARC, you can find out more here in the E-mail authentication guide read more.

Further detailed technical tips

One of the most common misunderstandings concerns the "strict" DMARC policy. What is really important is consistent enforcement - i.e. p=reject or p=quarantine for 100 % emails. Any relaxation in the policy can lead to BIMI not being displayed because the provider does not consider the criterion to be clearly fulfilled. Companies that only send a few highly relevant emails should take this step consistently, even if there are initial concerns that emails could be incorrectly rejected. However, various DMARC report tools help to effectively track down rare misconfigurations.

Furthermore SPF and DKIM cleanly. Important points here include avoiding SPF records that are too long (keyword "10-lookup limit"). If you use a lot of third-party services, you quickly face the challenge of maintaining more entries in SPF than are permitted. If in doubt, you can switch to subdomains or use aggregators to avoid exceeding the limit. With DKIM, it is helpful to store the DNS entry as a test without unnecessary line breaks and to regularly rotate the key so that no outdated key jeopardizes the transmission.

Last but not least DMARC with its reporting options (RUA and RUF) offers the opportunity to monitor the email landscape of your own domain. If you have an overview of where emails actually come from and which senders are legitimate, you can quickly identify and stop abuse. This also benefits BIMI: a clean domain without spoofing incidents is rated more trustworthy.

Challenges in the creation of certificates

As soon as the logo and the authentication basics fit, the step to VMC or CMC is required. The costs are not insignificant for some organizations, starting at around 1,100 euros per year, for example. It is important to weigh up the cost-benefit ratio here: Those with a high volume of emails and a well-known brand will benefit correspondingly more from the investment, as recognition of the logo creates customer confidence. Small associations or SMEs with only a few email campaigns are understandably hesitant, but the professionalism of a clearly identifiable email can be worthwhile, especially in the B2B sector.

When applying for the certificate, you should check carefully whether all trademark protection requirements are met in the respective country. It can be confusing for internationally operating companies that have to protect their logo in several markets. If you only have a registered trademark in one country, it may not be recognized in other countries. In principle, a certificate is only effective if the trademark protection rights and ownership structure have been clearly clarified. It is therefore worth checking legally in advance which registration exists for your logo.

What effort and costs does BIMI entail?

The basic implementation of SPF, DKIM and DMARC is often done quickly, especially for administrators with an affinity for technology. The most complex point is the purchase of the certificate. For a Verified Mark Certificate (VMC), you currently have to expect prices starting at around 1,100 euros per year, depending on the provider. The logo itself should be registered as a figurative mark - this can also incur additional costs. This also includes the implementation of DNS entries and tests.

Anyone who regularly sends large volumes of emails can combine BIMI directly with existing authentication processes. A professional solution for senders is offered by SMTP relay servicewhich takes secure delivery and scalability into account.

In practice, I find that the effort involved is often underestimated. The strict enforcement of DMARC in particular sometimes means that all senders and systems first have to be checked internally. This can take a while until every department follows suit - especially if several tools or SaaS applications send emails via the domain in question. For marketing, HR and finance departments, for example, appropriate DKIM keys must be stored so that everything works smoothly.

Advertising and newsletter providers that are directly geared towards email marketing can support the implementation. They often already provide prepared assistance or interfaces. Although these services are sometimes subject to a fee, they take away a lot of the complexity, especially for large email volumes.

Strategic considerations before setting up BIMI

Before you dive into the practical implementation, it makes sense to make some strategic considerations. First of all, there is the question: Is my logo already protected? If not, you need to clarify the brand protection. You should then evaluate the status of your current email authentication. Are all senders already covered by SPF and DKIM? Is DMARC-Reject working properly?

A look at the Reach is also important. If your main target group is with providers that do not yet support BIMI, the effect may be smaller for the time being. Nevertheless, a solid implementation is worthwhile, as other providers could follow the standard. In addition, the strict DMARC policy has a positive effect on your email security, regardless of the provider.

Finally, the question arises as to how strong your E-mail branding is. Do you already have a consistent layout and recurring design elements in your emails? If you focus on visual recognition, BIMI can significantly complement this branding. And it also makes competing emails stand out a little more from your content in the inbox.

What I take away from the practice

BIMI is not a replacement for secure mail authentication - it is trust made visible. If you already use SPF, DKIM and DMARC, you only need a few additional steps to integrate them. The effect should not be underestimated: More opens, higher recognition rates and a clear plus in brand perception in the inbox. Visual distinctiveness is a strong argument, especially for marketing teams.

I recommend: Test BIMI via a subdomain or on a test basis for specific recipient groups. This allows you to measure the effects - without having to implement full domain integration straight away.

Current articles

Wordpress

Why WordPress backups temporarily paralyze sites: Causes and solutions

Why WordPress backups temporarily paralyze sites: **wordpress backup performance**, **wp backup load** and **hosting issues** in focus. Tips & test winner webhoster.de.

January 15, 2026 No Comments

Wordpress

WordPress without plugins: How far you can really get with minimal configuration

WordPress without plugins can deliver impressive results. Learn how browser caching, image optimization and code minification lead to 40-60% faster load times.

January 14, 2026 No Comments

Wordpress

Why WordPress block themes have different hosting requirements than classic themes

Why **WordPress block themes hosting** has different requirements: Better **Gutenberg performance**, less PHP. Comparison and tips.

January 14, 2026 No Comments