Does BIMI require strict alignment between From and return-path domains?

Summary

BIMI relies on DMARC for authentication. DMARC mandates alignment between the 'From' domain and either the DKIM or SPF records. While DMARC supports both strict and relaxed alignment, the consensus is that relaxed alignment is generally sufficient for BIMI to function properly. As long as DMARC passes, the BIMI logo should display, even if there isn't a perfect match between the 'From' and return-path domains.

Key findings

  • DMARC Foundation: BIMI is built upon DMARC, making a valid and passing DMARC record essential for its functionality.
  • Domain Alignment: The 'From' domain must align with either the DKIM signature domain or the SPF authorized domain.
  • Relaxed Alignment Preference: While both strict and relaxed DMARC alignment modes are technically supported, relaxed alignment is commonly sufficient for BIMI implementation.

Key considerations

  • DMARC Configuration Check: Ensure your DMARC record is properly configured and actively passing authentication checks.
  • Choose Alignment Mode Wisely: Select between strict or relaxed DMARC alignment based on your organization's security posture, understanding that relaxed alignment typically meets BIMI's requirements.
  • Thorough Testing: Thoroughly test the BIMI implementation to guarantee logo display across various email clients and providers.

What email marketers say
11Marketer opinions

BIMI relies on DMARC for authentication, requiring either SPF or DKIM to pass and align with the 'From' domain. While DMARC alignment can be strict or relaxed, relaxed alignment is generally sufficient for BIMI to function correctly. The consensus is that as long as DMARC passes, the BIMI logo should display, even if the return-path and From domains do not strictly match.

Key opinions

  • DMARC Dependency: BIMI's functionality is contingent on a properly configured DMARC record.
  • Alignment Requirement: Alignment between the 'From' domain and either the DKIM or SPF record is necessary for BIMI to work.
  • Relaxed Alignment Sufficiency: In most cases, relaxed alignment is adequate for BIMI, although strict alignment is also permissible.

Key considerations

  • DMARC Configuration: Ensure DMARC is properly configured, as BIMI relies heavily on it.
  • Alignment Mode: Choose between strict or relaxed DMARC alignment based on your organization's security needs, but be aware relaxed is commonly sufficient for BIMI.
  • Testing and Verification: Thoroughly test BIMI implementation to confirm logo display across different email clients and providers.
Marketer view

Marketer from Email Geeks responds maybe they care about it for other reasons, but it’s not required for BIMI, at least from their experience.

December 2021 - Email Geeks
Marketer view

Email marketer from ZeroBounce states that BIMI relies on DMARC authentication, necessitating alignment between the 'From' domain and either the DKIM or SPF records. Both strict and relaxed alignment modes are permissible.

March 2025 - ZeroBounce
Marketer view

Email marketer from Valimail explains that BIMI relies on DMARC, which in turn requires alignment. This means the domain in the 'From' address must match either the SPF or DKIM domain. Relaxed alignment is generally sufficient, but strict alignment provides an extra layer of security.

November 2022 - Valimail
Marketer view

Email marketer from EmailToolTester responds that BIMI needs DMARC to work, and DMARC needs alignment. The 'From' domain must align with the DKIM or SPF records. Relaxed alignment is usually sufficient.

August 2021 - EmailToolTester
Marketer view

Marketer from Email Geeks shares from their experience, as long as it passes DMARC it will show up the logo. They have a customer using Mailchimp, where the return path and the From don’t match but DKIM passes alignment and it shows.

November 2022 - Email Geeks
Marketer view

Email marketer from OnlyDomains shares that BIMI depends on DMARC for authentication and that requires SPF or DKIM to pass and align. Alignment can be achieved using relaxed or strict alignment modes. So the domain in your 'From' address should match either your DKIM signing domain or the domain authorized by SPF.

October 2022 - OnlyDomains
Marketer view

Email marketer from Mailjet explains that BIMI authenticates via DMARC, requiring either SPF or DKIM to pass and align with the 'From' domain. DMARC alignment can be strict or relaxed, both being suitable for BIMI.

May 2024 - Mailjet
Marketer view

Email marketer from EmailGeeks Forum posts, 'As long as your email passes DMARC with either strict or relaxed alignment, BIMI should work. I've seen it work with relaxed alignment just fine.'

October 2021 - EmailGeeks Forum
Marketer view

Email marketer from EasyDMARC explains that for BIMI to function, DMARC must be properly configured with either strict or relaxed alignment. The domain in the 'From' header must align with the DKIM or SPF record.

January 2024 - EasyDMARC
Marketer view

Email marketer from Proofpoint shares that BIMI uses DMARC for authentication and requires alignment between the domain in the 'From' header and the DKIM or SPF records. The alignment can be either strict or relaxed.

March 2024 - Proofpoint
Marketer view

Email marketer from Reddit says in a forum, 'BIMI uses DMARC. DMARC requires alignment. So, the domains must align, but relaxed alignment is enough in most cases. Check your DMARC record.'

September 2024 - Reddit

What the experts say
1Expert opinion

BIMI relies on DMARC for authentication. The domain in the 'From' header must align with either the d= domain in the DKIM signature or the domain used for SPF. Whether this alignment needs to be strict or can be relaxed is governed by the DMARC policy.

Key opinions

  • DMARC is Mandatory: BIMI requires a functioning DMARC policy for authentication.
  • Domain Alignment: The 'From' domain must align with either the DKIM or SPF domain.
  • Alignment Flexibility: The DMARC policy dictates whether strict or relaxed alignment is required.

Key considerations

  • Review DMARC Policy: Carefully review your DMARC policy to understand the required alignment mode (strict or relaxed).
  • DKIM and SPF Setup: Ensure DKIM and SPF are properly configured and aligned with your 'From' domain.
  • BIMI Testing: Test your BIMI setup to ensure that the logo is displayed correctly.
Expert view

Expert from Spam Resource, John Levine, explains that BIMI requires DMARC, which requires that the domain in the From: header match the d= domain in the DKIM signature, or the domain used for SPF. This alignment can be strict or relaxed, according to the DMARC policy.

January 2022 - Spam Resource

What the documentation says
3Technical articles

BIMI relies on DMARC for authentication. DMARC requires either strict or relaxed identifier alignment between the 'From' domain and the DKIM signature domain or the SPF authorized domain. BIMI needs a valid and passing DMARC record to function.

Key findings

  • DMARC is essential: BIMI's functionality depends on a correctly configured and passing DMARC record.
  • Alignment Flexibility: DMARC alignment modes, both strict and relaxed, are acceptable for BIMI.
  • SPF/DKIM Alignment: For SPF, the Return-Path domain must align with the From domain. For DKIM, the d= domain in the DKIM signature must align with the From domain.

Key considerations

  • DMARC Validation: Verify that DMARC is correctly set up and is passing for your domain.
  • SPF and DKIM Configuration: Ensure proper configuration of SPF and DKIM records to achieve the necessary alignment with the 'From' domain.
  • Monitor DMARC Reports: Regularly monitor DMARC reports to ensure continued compliance and identify any potential issues.
Technical article

Documentation from BIMI Group specifies that BIMI leverages DMARC for authentication. DMARC requires either strict or relaxed identifier alignment to pass. For SPF, the Return-Path domain must align with the From domain. For DKIM, the d= domain in the DKIM signature must align with the From domain.

June 2024 - BIMI Group
Technical article

Documentation from dmarcian clarifies that BIMI needs a valid DMARC record. DMARC alignment modes (strict or relaxed) impact whether the domain in the 'From' header needs to perfectly match the DKIM signing domain or the SPF authorized domain. Either alignment is suitable for BIMI

July 2023 - dmarcian
Technical article

Documentation from Fastmail states that BIMI requires DMARC to be set up and passing. The DMARC policy needs to have either strict or relaxed alignment between the domain in the 'From' address and the DKIM or SPF records.

August 2023 - Fastmail