What are the requirements for BIMI SVG files and how do I validate them?

Summary

BIMI SVG files have specific requirements for proper display and security. These include a square aspect ratio, a file size under 32KB, and use of the SVG Tiny 1.2 base profile with centering within a square viewport. Mailbox providers may ignore non-compliant elements, such as `<style>` and 'gradientTransform', which fail RNC validation. The SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 must be adhered to for security, disallowing exploitable features. Validation involves using online validators, checking for compliance with BIMI specifications, and ensuring proper DNS records (DMARC, SPF, DKIM). The SVG logo should not contain external links or scripting, and text should be converted to outlines. Optimization involves removing unnecessary metadata and reducing nodes/paths. Display depends on email client support and requires DMARC authentication, a registered trademark, and sometimes a Verified Mark Certificate (VMC). BIMI provides enhanced brand visibility, trust, and can positively impact email marketing metrics. Security checks are crucial to avoid malicious content.

Key findings

  • SVG Specs: SVG files must have a square aspect ratio, be under 32KB, use SVG Tiny 1.2 base profile, and be centered.
  • Compliance: Mailbox providers may ignore non-compliant elements like `<style>` and 'gradientTransform'.
  • Security Standard: Adherence to SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 is critical for security.
  • Validation Methods: Validation involves using online validators and checking BIMI specifications and DNS records.
  • Content Restrictions: SVG logos must not contain external links or scripts; text should be outlined.
  • Optimization: Optimize file size by removing metadata and reducing nodes/paths.
  • DMARC/VMC: BIMI display requires DMARC and sometimes a Verified Mark Certificate (VMC).
  • Security Checks: SVG logos must be thoroughly checked for malicious content.

Key considerations

  • Technical Compliance: Adhere to all specified SVG technical requirements (size, aspect ratio, SVG version).
  • Security Hardening: Harden SVGs to prevent XSS or data exfiltration by not allowing any Javascript in the files and scrubbing unnecessary metadata and comments.
  • Validation Process: Thoroughly validate SVG files using online validators and manual checks.
  • DNS Configuration: Ensure proper DNS records (DMARC, SPF, DKIM) are correctly configured.
  • Trademark & VMC: Secure a registered trademark and a Verified Mark Certificate (VMC) when needed.
  • Text Rendering: Text should be converted to outlines to prevent unexpected font issues.
  • Email Client Compatibility: Recognize and account for varying support among email clients.

What email marketers say
9Marketer opinions

BIMI SVG files must adhere to specific requirements for validation and display. These include adhering to the SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 specification, optimizing file size by removing unnecessary metadata and reducing nodes/paths, and ensuring proper file formatting (avoiding embedded raster images or disallowed features). Validation involves checking for compliance with BIMI specifications, proper DNS records (DMARC, SPF, DKIM), and using BIMI validators. Display depends on email client support and requires DMARC authentication. The benefits of BIMI include enhanced brand visibility, trust, and improved email marketing metrics.

Key opinions

  • SVG Standard: BIMI SVG files must adhere to the SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 specification to avoid security vulnerabilities.
  • File Size: Optimizing SVG file size is crucial; remove unnecessary metadata and reduce nodes/paths.
  • Formatting: Incorrect file formatting, embedded raster images, or disallowed SVG features can prevent BIMI SVG logos from displaying.
  • Validation: Validation involves checking SVG compliance, ensuring proper DNS records (DMARC, SPF, DKIM), and using BIMI validators.
  • Display: BIMI logos are displayed by participating email providers if the sending domain has implemented DMARC authentication and the SVG logo meets the specified requirements.
  • Brand Trust: BIMI enhances brand visibility and trust in the inbox, helping recipients identify legitimate emails.
  • Email Marketing Metrics: BIMI can improve email marketing metrics, including brand recognition, engagement, and deliverability.

Key considerations

  • Security: Ensure the SVG adheres to the SVG P/S subset of SVG Tiny 1.2 specification to avoid security vulnerabilities.
  • Optimization: Optimize the SVG file size for fast loading times and compatibility with email clients.
  • Compliance: Verify the SVG's compliance with BIMI specifications and proper DNS setup.
  • Client Support: Recognize that BIMI's visual aspect depends on email client support; not all clients currently display BIMI logos.
  • DMARC: DMARC authentication is a prerequisite for BIMI logo display.
  • Visual check: Always render the output from the SVG to ensure it matches your expectation - particularly that text displays correctly and no features are lost.
Marketer view

Email marketer from Email on Acid Blog shares that validating BIMI involves checking the SVG logo for compliance with BIMI specifications, ensuring proper DNS records (DMARC, SPF, DKIM) are set up, and using BIMI validators.

March 2024 - Email on Acid Blog
Marketer view

Email marketer from Agari (Proofpoint) shares that BIMI provides enhanced brand visibility and increased brand trust in the inbox. It allows email recipients to quickly identify legitimate emails, reducing the risk of phishing attacks.

May 2022 - Agari (Proofpoint)
Marketer view

Email marketer from SparkPost explains that BIMI logos are displayed by participating email providers if the sending domain has implemented DMARC authentication and the SVG logo meets the specified requirements.

October 2021 - SparkPost
Marketer view

Email marketer from ZeroBounce explains that BIMI, by ensuring authentication and brand display, can have a positive impact on email marketing metrics, improving brand recognition, engagement, and deliverability.

September 2023 - ZeroBounce
Marketer view

Email marketer from Reddit suggests optimizing the SVG file size by removing unnecessary metadata and using vector graphics software to reduce the number of nodes and paths.

December 2023 - Reddit
Marketer view

Email marketer from Mailhardener explains that the SVG file size should be kept as small as possible to ensure fast loading times and avoid issues with email clients or mailbox providers that might have size restrictions.

July 2023 - Mailhardener
Marketer view

Email marketer from Litmus shares that BIMI's visual aspect depends on email client support. While BIMI adoption is growing, not all email clients or browsers currently display BIMI logos.

July 2024 - Litmus
Marketer view

Email marketer from Valimail Blog shares that BIMI SVG files can be validated using online validators and that it must adhere to the SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 specification to avoid security vulnerabilities.

November 2021 - Valimail Blog
Marketer view

Email marketer from Email Marketing Forum suggests that issues with BIMI SVG logos not displaying can often be traced back to incorrect file formatting, embedded raster images, or the presence of disallowed SVG features.

July 2022 - Email Marketing Forum

What the experts say
5Expert opinions

BIMI SVG files have specific requirements to ensure proper display and security. Mailbox providers may ignore non-compliant elements like `<style>` and 'gradientTransform', which fail RNC validation. SVG conversion tools can fix issues, and validators flag errors. Security is paramount; BIMI logos must be checked for malicious content and external links. Key requirements include DMARC compliance, a registered trademark, a Verified Mark Certificate (VMC), and a properly formatted SVG file.

Key opinions

  • Non-compliant elements: Mailbox providers might ignore non-compliant elements, such as `<style>` and 'gradientTransform'.
  • RNC Validation: `<style>` and 'gradientTransform' fail RNC validation.
  • SVG Conversion Tools: SVG conversion tools can fix potential issues.
  • BIMI Validator: The BIMI validator flags errors in SVGs.
  • Security Checks: BIMI logos must be checked for malicious content and external links.
  • Key Requirements: BIMI requires DMARC compliance, a registered trademark, and a Verified Mark Certificate (VMC).

Key considerations

  • Compliance: Ensure the SVG file is compliant with BIMI standards.
  • Validation: Use BIMI validators and conversion tools to check and fix issues.
  • Security: Thoroughly check the SVG for malicious content and external links before deployment.
  • DMARC Setup: Verify DMARC compliance is in place before implementing BIMI.
  • Trademark and VMC: Obtain a registered trademark and a Verified Mark Certificate (VMC) for the logo.
Expert view

Expert from Email Geeks explains that mailbox providers (MBP) could choose to ignore non-compliant elements in BIMI SVGs, but `&lt;style&gt;` and "gradientTransform" both fail the RNC (Relax NG Compact syntax, a schema language).

September 2024 - Email Geeks
Expert view

Expert from Spam Resource explains that BIMI logos need to be very carefully checked for malicious content and external links. It is crucial to ensure that they are safe and secure to prevent exploitation.

January 2023 - Spam Resource
Expert view

Expert from Email Geeks clarifies that the BIMI validator flags errors in SVGs.

November 2022 - Email Geeks
Expert view

Expert from Email Geeks shares to try running the SVG through the SVG conversion tools to fix potential issues.

June 2022 - Email Geeks
Expert view

Expert from Spam Resource shares that BIMI requirements involve DMARC compliance, a registered trademark, and a Verified Mark Certificate (VMC) for the logo in addition to a properly formatted SVG file.

July 2022 - Spam Resource

What the documentation says
5Technical articles

BIMI SVG requirements include a square aspect ratio, a file size under 32KB, use of the base profile of SVG Tiny 1.2, and centering within a square viewport. SVG Tiny 1.2 is designed for limited resource devices, and BIMI uses a subset. SVG P/S ensures security by disallowing exploitable features. The SVG logo must not contain external links or scripting, and text should be converted to outlines. Some mail clients require a Verified Mark Certificate (VMC) to display the BIMI logo, which verifies brand ownership.

Key findings

  • SVG Requirements: BIMI SVGs must have a square aspect ratio, be under 32KB, use SVG Tiny 1.2, and be centered within a square viewport.
  • SVG Tiny 1.2: SVG Tiny 1.2 is a profile for limited-resource devices.
  • SVG P/S Security: SVG P/S is a secure subset, disallowing exploitable features.
  • Content Restrictions: The SVG logo should not contain external links or scripting.
  • Text Handling: Text in the SVG should be converted to outlines.
  • VMC Requirement: A Verified Mark Certificate (VMC) may be required for BIMI logo display in some mail clients.

Key considerations

  • Technical Specs: Adhere to the specified dimensions and size limitations for the SVG file.
  • Security: Avoid using disallowed SVG features and ensure the SVG is secure.
  • Content Security: Remove any external links or scripts from the SVG file.
  • Text Rendering: Convert all text to outlines to ensure consistent rendering across email clients.
  • VMC Acquisition: Check if a VMC is required by your target email clients and obtain one if necessary.
Technical article

Documentation from BIMI Group Website explains that BIMI SVG logos must be a square aspect ratio, be smaller than 32KB, and use only the base profile of SVG Tiny 1.2. They should also be centered within a square viewport.

March 2022 - BIMI Group Website
Technical article

Documentation from IETF explains that SVG Tiny 1.2 is a profile of SVG intended for devices with limited resources, specifying the features and syntax allowed. BIMI builds on a further subset of this

November 2021 - IETF
Technical article

Documentation from dmarcian knowledge base explains that the SVG logo should not contain any external links or scripting, and all text must be converted to outlines to prevent font-related rendering issues.

August 2023 - dmarcian Knowledge Base
Technical article

Documentation from DigiCert explains to display a BIMI logo in some mail clients, a Verified Mark Certificate (VMC) is required. The VMC verifies the logo and the brand's right to use it.

June 2022 - DigiCert
Technical article

Documentation from W3C explains that SVG P/S is designed to be a secure subset of SVG, disallowing features that could be exploited for malicious purposes. It uses a content security policy.

May 2022 - W3C