What are BIMI best practices for domain setup and VMC implementation?

Summary

Implementing BIMI involves a multi-step process. Proper DNS setup is essential, with the BIMI record under `default._bimi`. The SVG logo must meet specific criteria. A VMC is often required (Gmail), though some providers (Yahoo) offer alternatives based on reputation. Strong authentication (SPF, DKIM, DMARC - enforced at p=quarantine or p=reject) is critical. Collaboration between marketing and IT, thorough testing, and ongoing monitoring are best practices. Success boosts brand recognition and trust.

Key findings

  • VMC Necessity Varies: While Gmail requires a VMC for BIMI logo display, other providers, like Yahoo, may offer support without one based on sender reputation and adherence to guidelines.
  • DNS Record Placement: The BIMI TXT record MUST be placed under the `default._bimi` selector of your domain to be correctly recognized by email providers.
  • Strict DMARC Policy: A DMARC policy of `p=quarantine` or `p=reject` is a firm requirement for BIMI. `sp=none;` is not sufficient. This policy is crucial for protecting against spoofing and phishing.
  • SVG Logo Specifications: The SVG logo must be a vector graphic, properly scaled, free of embedded links/scripts, served with the correct MIME type (`image/svg+xml`) and accessible via HTTPS.
  • VMC Root Domain Inheritance: A VMC applied at the root domain level will be inherited by compliant subdomains, simplifying implementation for organizations with multiple sending domains.

Key considerations

  • Cross-Team Collaboration: Successful BIMI implementation requires close cooperation between marketing and IT teams to ensure all technical and brand requirements are met.
  • Ongoing Monitoring: Regularly monitor email deliverability metrics (open rates, click-through rates) and use BIMI validators to ensure your implementation remains effective and compliant.
  • Testing: Implement thorough testing of BIMI by utilizing free online BIMI validators and sending test emails to different email providers like Gmail and Yahoo. These tools will assist you in identifying any setup problems before a full rollout.
  • VMC Selection Factors: When choosing a VMC provider, consider factors beyond just the price tag, such as the ease of the application process, the level of support offered, and their reputation within the email community.
  • Prioritize Authentication: Before embarking on BIMI, ensure SPF, DKIM, and DMARC are correctly implemented and actively managed. This is the foundation upon which BIMI is built.

What email marketers say
13Marketer opinions

Implementing BIMI involves setting up SPF, DKIM, and DMARC with a strict policy (p=quarantine or p=reject), creating a compliant SVG logo, obtaining a Verified Mark Certificate (VMC) for Gmail and other providers, and publishing the BIMI DNS record. A VMC at the root domain inherits to subdomains. VMC providers are functionally similar but differ in application and support. BIMI enhances brand recognition and trust, impacting open rates. Testing and monitoring are crucial. Serving the logo with the correct MIME type and HTTPS is important.

Key opinions

  • VMC Inheritance: A VMC applied to the root domain will extend its verification to all compliant subdomains, simplifying the process for organizations with multiple sending domains.
  • DMARC Requirement: A DMARC policy of p=quarantine or p=reject is mandatory for BIMI to function, ensuring only authenticated emails are delivered and preventing spoofing attacks.
  • BIMI Implementation Steps: Key implementation steps include configuring SPF, DKIM, and DMARC; creating a compliant SVG logo; obtaining a VMC (required by Gmail); and publishing the BIMI DNS record.
  • VMC Provider Similarity: While the functional outcome of VMC providers is the same, the application process, implementation assistance, and support can vary, influencing the overall user experience.
  • Logo Display and Verification: VMCs provide logo display and verification at Google, Apple, Onet (Poland), and Zone (Estonia) domains

Key considerations

  • VMC Provider Choice: Consider factors such as price, ease of application, and customer support when selecting a VMC provider, as the experience can vary despite the end result being the same.
  • SVG Hosting Requirements: Ensure the SVG logo is served with the correct MIME type (image/svg+xml) and is accessible via HTTPS to comply with security requirements.
  • BIMI Testing: Test your BIMI implementation with online validators and by sending test emails to various email providers to identify and resolve any configuration issues before a full rollout.
  • BIMI Monitoring: Monitor email deliverability metrics, such as open rates and click-through rates, to assess the impact of BIMI on your email marketing campaigns and identify any areas for improvement.
  • BIMI and Brand Recognition: BIMI is a great option to help brand recognition and trust with potential clients and helps ensure recipients that the email is legitimate and from a trusted source.
Marketer view

Email marketer from OnlyB2B.com answers that in a B2B context, BIMI can significantly enhance brand recognition and build trust with potential clients. Displaying a verified logo in the inbox helps to cut through the clutter and assures recipients that the email is legitimate and from a trusted source.

June 2024 - OnlyB2B.com
Marketer view

Email marketer from Reddit.com suggests that when choosing a VMC provider, consider factors such as price, ease of application, and support. While the end result (the VMC itself) is functionally the same, the experience of obtaining it can vary. They recommend comparing the application processes and customer support offerings of different providers.

February 2023 - Reddit.com
Marketer view

Marketer from Email Geeks points out that using `sp=none;` will not work for BIMI implementation, indicating a stricter policy is needed.

May 2024 - Email Geeks
Marketer view

Email marketer from Mailosaur.com responds that after setting up BIMI, it's important to monitor its performance. Keep an eye on email deliverability metrics, such as open rates and click-through rates, to assess the impact of BIMI on your email marketing campaigns. Also, use BIMI validators to check for any errors.

June 2024 - Mailosaur.com
Marketer view

Email marketer from EmailDrips shares advice for testing your BIMI implementation by utilizing free online BIMI validators and sending test emails to different email providers like Gmail and Yahoo. These tools will assist you in identifying any setup problems before a full rollout.

January 2023 - EmailDrips.com
Marketer view

Email marketer from Litmus.com emphasizes that BIMI requires a DMARC policy of `p=quarantine` or `p=reject`. This ensures that only authenticated emails are delivered, protecting your brand and recipients from spoofing and phishing attacks. This is a strict requirement to implement BIMI, and there are no exceptions.

February 2025 - Litmus.com
Marketer view

Email marketer from ZeroBounce.net explains that the steps to implement BIMI are: 1. Ensure SPF, DKIM, and DMARC are configured correctly. 2. Create a compliant SVG logo. 3. Obtain a VMC. 4. Publish the BIMI DNS record.

August 2021 - ZeroBounce.net
Marketer view

Marketer from Email Geeks notes that there is no functional difference between VMC providers from Google's perspective, but application, implementation, and support processes may vary.

February 2025 - Email Geeks
Marketer view

Marketer from Email Geeks shares that VMCs provide logo display and verification at Google, Apple, Onet (Poland), and Zone (Estonia) domains. He provides links to Kickbox and Spamresource for reference. He also mentions testing on Yahoo without a VMC is possible, and provides a link for their BIMI requirements.

June 2023 - Email Geeks
Marketer view

Email marketer from StackOverflow.com advises that when hosting your SVG logo, ensure the server is configured to serve the file with the correct MIME type (`image/svg+xml`). Also, the URL must be accessible via HTTPS to comply with security requirements.

September 2021 - StackOverflow.com
Marketer view

Email marketer from SparkPost.com responds that implementing BIMI can improve brand recognition and trust by displaying your logo next to your email in the inbox. This visual cue can help recipients quickly identify and trust your messages, leading to increased engagement and open rates.

January 2024 - SparkPost.com
Marketer view

Email marketer from Mailjet.com shares that setting up BIMI involves ensuring SPF, DKIM, and DMARC are correctly configured for your domain. They emphasize that DMARC must be set to `p=quarantine` or `p=reject` for BIMI to function properly. They also highlight the necessity of a VMC for Gmail and other supporting providers.

April 2021 - Mailjet.com
Marketer view

Marketer from Email Geeks confirms that a VMC at the root domain will inherit to all compliant subdomains.

January 2024 - Email Geeks

What the experts say
2Expert opinions

BIMI support is growing, with Gmail requiring a VMC while Yahoo offers it without for reputable senders. Successful BIMI implementation requires collaboration between marketing and IT to meet technical requirements, particularly ensuring proper SPF, DKIM, and DMARC configuration.

Key opinions

  • BIMI Support Variation: Mailbox providers differ in their BIMI requirements. Gmail mandates a VMC, while Yahoo provides an alternative for senders with good reputations.
  • Interdepartmental Collaboration: Successful BIMI implementation relies on marketing and IT teams working together.

Key considerations

  • Reputation Matters: Building and maintaining a strong sending reputation can open doors to BIMI benefits without the need for a VMC on some platforms like Yahoo.
  • Technical Expertise: Proper configuration of SPF, DKIM, and DMARC is crucial for BIMI implementation. Ensure your technical team is well-versed in these authentication methods.
Expert view

Expert from Word to the Wise responds by advising close collaboration between marketing and IT teams during BIMI implementation to ensure all technical requirements are met. Ensuring SPF, DKIM and DMARC are configured properly is very important and often where the BIMI implementation fails.

November 2024 - Word to the Wise
Expert view

Expert from Spam Resource explains that BIMI support is steadily increasing among mailbox providers. He highlights that while Gmail requires a VMC, other providers like Yahoo offer BIMI support without a VMC for senders with a strong reputation and adherence to their guidelines.

February 2022 - Spam Resource

What the documentation says
6Technical articles

BIMI implementation involves several technical requirements. The BIMI DNS record must be placed under `default._bimi` and include the SVG logo URL. The SVG logo must be a vector graphic, properly scaled, and accessible via HTTPS. Gmail requires a VMC from an approved provider. DMARC must be set to `p=quarantine` or `p=reject`. Yahoo offers BIMI without a VMC for senders with strong reputations.

Key findings

  • BIMI DNS Record Location: The BIMI DNS TXT record must be placed under the `default._bimi` selector of your domain.
  • SVG Logo Requirements: The SVG logo must be a vector graphic, properly scaled, free of embedded links/scripts, and accessible via HTTPS.
  • Gmail's VMC Requirement: To display your logo in Gmail, a Verified Mark Certificate (VMC) is required from an approved certification authority.
  • DMARC Policy Enforcement: A DMARC policy of `p=quarantine` or `p=reject` is necessary for BIMI to function, ensuring only authenticated emails are delivered.
  • Yahoo's Alternative: Yahoo offers BIMI support without a VMC for senders with high reputations and adherence to their sending guidelines.

Key considerations

  • DNS Record Accuracy: Ensure your BIMI DNS record is correctly formatted according to the BIMI Group specifications to avoid implementation issues.
  • SVG Security: Carefully create and host your SVG logo to avoid security vulnerabilities. Ensure it doesn't contain any malicious code or scripts.
  • VMC Selection: Choose a VMC provider that is approved by the BIMI ecosystem and meets your organizational needs in terms of support and certification process.
  • Reputation Management: If targeting Yahoo users, prioritize building and maintaining a strong sending reputation to potentially qualify for BIMI without a VMC.
Technical article

Documentation from Entrust.com specifies the SVG logo used for BIMI must meet certain requirements. It must be a vector graphic, properly scaled, and free of any embedded links or scripts. Ensure the SVG is accessible via HTTPS.

April 2024 - Entrust.com
Technical article

Documentation from Yahoo explains that Yahoo supports BIMI without the requirement of a VMC if you meet their requirements for authentication and reputation. Senders must meet a high sending reputation by following all of Yahoo's guidelines to be able to test BIMI without paying for a VMC.

July 2022 - Yahoo
Technical article

Documentation from BIMI Group details the exact structure of the BIMI DNS record. The 'v' tag specifies the version of BIMI, the 'l' tag contains the URL of the brand logo in SVG format, and the 'a' tag contains the URL of the authentication authority. Ensure that the record is correctly formatted to comply with BIMI standards. The record MUST be a TXT record and placed under the `default._bimi` selector

January 2024 - BIMI Group
Technical article

Documentation from Digicert.com specifies that a Verified Mark Certificate (VMC) is required to display your logo in Gmail and other email clients that support BIMI. The VMC verifies your ownership of the logo and ensures it meets the necessary security standards. It also specifies the VMC provider needs to be an approved certification authority

April 2022 - Digicert.com
Technical article

Documentation from Valimail.com explains that the BIMI DNS record should be placed under the selector `default._bimi`, and it should contain the location of the SVG image of your logo. The record format is a TXT record with the value `v=BIMI1; l=https://example.com/logo.svg; a=;` where `l` is the URL of the SVG logo and `a` is an optional field for the location of the Authentication Record for Verified Mark Certificates (VMC).

March 2022 - Valimail.com
Technical article

Documentation from Google specifies that for BIMI to work with Gmail, senders must authenticate their emails with SPF and DKIM. Senders must use DMARC to specify how to handle unauthenticated messages. For BIMI to display the sender's logo in Gmail, the DMARC policy must be set to p=quarantine or p=reject.

December 2021 - Google