Does BIMI require a reject policy on the top level domain if subdomains have it?

Summary

BIMI requires a DMARC policy set to either 'quarantine' or 'reject' for both the top-level organizational domain and all subdomains sending email. Strict enforcement of this DMARC policy is a necessity for BIMI implementation. A 'none' policy or a quarantine policy below 100% is insufficient for BIMI compliance.

Key findings

  • DMARC Prerequisite: Implementation of a DMARC policy is a mandatory requirement for utilizing BIMI.
  • Acceptable DMARC Policies: The DMARC policy must be configured as either 'quarantine' or 'reject' to satisfy BIMI standards.
  • Scope of DMARC Coverage: The DMARC configuration applies to the top-level organizational domain and all subdomains used for sending emails.

Key considerations

  • Policy Enforcement: DMARC policies must be strictly enforced across the entire email ecosystem, including all subdomains.
  • Impact of 'Reject' Policy: Carefully evaluate the potential consequences of implementing a 'reject' policy before making the transition.
  • Monitoring and Analysis: Establish systems to monitor and analyze DMARC reports to ensure proper policy function and identify potential issues.

What email marketers say
8Marketer opinions

To implement BIMI successfully, a DMARC policy must be in place and enforced on both the organizational domain and all sending subdomains. The required DMARC policy level is either 'quarantine' or 'reject' (p=quarantine or p=reject). A policy of 'none' or a quarantine policy set below 100% is insufficient for BIMI compliance.

Key opinions

  • DMARC Requirement: BIMI mandates a DMARC policy to be implemented.
  • Policy Level: The DMARC policy must be either 'quarantine' or 'reject'.
  • Domain Scope: The DMARC policy must cover both the top-level organizational domain and all sending subdomains.

Key considerations

  • Policy Enforcement: Ensure that the DMARC policy is actively enforced to comply with BIMI requirements.
  • Gradual Rollout: Carefully consider the impact of a 'reject' policy before implementing it, and potentially start with a 'quarantine' policy for observation.
  • Subdomain Coverage: Verify that all subdomains used for sending emails are included in the DMARC policy.
Marketer view

Email marketer from EmailonAcid shares that a DMARC policy set to either 'quarantine' or 'reject' is needed for both the organizational domain and its subdomains.

July 2022 - EmailonAcid.com
Marketer view

Email marketer from Reddit explains that for BIMI to work, you need DMARC set to quarantine or reject on your sending domain, including subdomains.

January 2025 - Reddit

What the experts say
2Expert opinions

BIMI requires a DMARC policy with either "reject" or "quarantine" for the top-level organizational domain and all sending subdomains. Strict enforcement of this DMARC policy is essential for BIMI compliance.

Key opinions

  • DMARC Requirement: BIMI necessitates a DMARC record.
  • Acceptable Policies: The DMARC policy must be either 'reject' or 'quarantine'.
  • Scope of Enforcement: DMARC policy enforcement applies to both the top-level domain and all subdomains used for sending emails.

Key considerations

  • Enforcement is Key: Ensure DMARC policies are strictly enforced across all domains and subdomains.
  • Impact Assessment: Carefully assess the impact of implementing a 'reject' policy before making the change.
Expert view

Expert from Word to the Wise explains that BIMI requires strict enforcement. All sending domains, including subdomains, must have a DMARC record with a policy of either “quarantine” or “reject”.

May 2021 - Word to the Wise
Expert view

Expert from Email Geeks explains that BIMI requires that the registered top-level Organizational Domain and all subdomains be covered by a DMARC “reject” (or 100% “quarantine”) policy.

May 2024 - Email Geeks

What the documentation says
3Technical articles

BIMI implementation mandates a DMARC policy of either 'quarantine' or 'reject' for both the organizational domain and all subdomains that send mail. This policy needs to be enforced at the organizational level to ensure proper BIMI compliance.

Key findings

  • DMARC Requirement: A DMARC policy is a prerequisite for BIMI adoption.
  • Policy Options: The DMARC policy must be set to either 'quarantine' or 'reject'.
  • Domain Scope: The DMARC policy applies to the main organizational domain and all its sending subdomains.

Key considerations

  • Enforcement: DMARC must be actively enforced at the organizational level.
  • Policy Choice: Carefully consider whether to use 'quarantine' or 'reject' based on your organization's risk tolerance and monitoring capabilities.
Technical article

Documentation from dmarcian outlines that for BIMI, a DMARC policy of either quarantine or reject must be in place and enforced at the organizational level, impacting all sending domains and subdomains.

October 2024 - dmarcian.com
Technical article

Documentation from BIMI Group explains that BIMI requires a DMARC policy with either 'reject' (p=reject) or 'quarantine' (p=quarantine) set for the organizational domain and any subdomains sending mail.

September 2023 - bimigroup.org