Suped

Will BIMI work on multiple levels of subdomains?

8 Marketer opinions1 Expert opinion3 Technical articles2 Resources

Summary

BIMI can function on multiple levels of subdomains with the correct configuration. Each subdomain must have its own dedicated BIMI DNS record, and the Verified Mark Certificate (VMC) needs to explicitly include and be valid for each subdomain. The BIMI record must be published at the RFC5322.From domain or the organizational domain. Ensure the VMC lists the relevant domains in the Subject Alternative Name (SAN) field. Properly configured DNS records and accurate VMC validation are essential for the BIMI logo to display correctly across different subdomain levels. Setting up BIMI at the top-level domain will not automatically cascade down to subdomains; each subdomain must be configured independently.

Key findings

  • Individual DNS Records: Each subdomain requires its own distinct BIMI DNS record.
  • VMC Validation: The Verified Mark Certificate (VMC) must be valid for each subdomain where BIMI is used.
  • No Automatic Cascading: BIMI configuration on the top-level domain does not automatically apply to subdomains.
  • VMC SAN Field: The VMC must list each domain/subdomain in the Subject Alternative Name (SAN) field.
  • From Domain Matching: The domain in the BIMI DNS record must match the 'From:' domain in the email.

Key considerations

  • Accurate DNS Configuration: Ensure that each subdomain has correctly configured DNS records for BIMI.
  • VMC Scope Verification: Verify that the VMC covers all required subdomains and that each is correctly listed in the SAN.
  • Independent Configuration: Each subdomain that sends emails independently needs its own BIMI configuration.
  • Regular Testing: Test the BIMI implementation on each subdomain to ensure proper functionality and logo display.
  • Troubleshooting: If the BIMI logo is not displaying on a subdomain, check the DNS records and VMC validity specifically for that subdomain.

What email marketers say
8Marketer opinions

BIMI can work on multiple levels of subdomains, but it requires careful configuration. Each subdomain needs its own distinct BIMI DNS record, and the Verified Mark Certificate (VMC) must be valid for each specific subdomain. Simply setting up BIMI at the top-level domain will not automatically apply to subdomains. DNS records and VMC validation must be in place for each subdomain where the BIMI logo is intended to display. Proper configuration is essential to ensure the logo displays correctly across different subdomain levels.

Key opinions

  • Subdomain BIMI Record: Each subdomain must have its own individual BIMI DNS record.
  • VMC Validation: The VMC must be valid for each specific subdomain.
  • No Cascading: BIMI setup on the top-level domain does not automatically cascade down to subdomains.
  • Configuration: Proper DNS configuration is critical for BIMI to function correctly on subdomains.

Key considerations

  • DNS Configuration: Verify that the BIMI DNS records are correctly set up for each subdomain.
  • VMC Scope: Ensure the VMC includes all relevant subdomains in its Subject Alternative Name (SAN) field.
  • Troubleshooting: If the BIMI logo isn't displaying, check the DNS records and VMC validity for each subdomain.
  • Email Sending Practices: If emails are sent from different subdomains, each requires its own BIMI setup.
Marketer view

Email marketer from ValiMail.com (now Agari) mentions that while BIMI primarily works at the organizational domain level, it can be configured for subdomains. Each subdomain requires its own BIMI record and corresponding VMC validation.

June 2023 - ValiMail.com
Marketer view

Email marketer from DMARC Analyzer explains that BIMI can be implemented on subdomains, but each subdomain requires its own distinct BIMI DNS record. This involves setting up the appropriate TXT record for BIMI on each subdomain and ensuring that the VMC covers each domain that you want to use BIMI on.

April 2023 - DMARC Analyzer
Marketer view

Email marketer from ZeroBounce mentions that BIMI is compatible with subdomains, provided you correctly configure the DNS records for each subdomain. You must also ensure that your Verified Mark Certificate (VMC) is valid for the specific subdomains you are using.

November 2022 - ZeroBounce
Marketer view

Email marketer from OnlyDomains.com states that BIMI can function with subdomains, provided the DNS records for BIMI are correctly configured for each specific subdomain and that the VMC covers these subdomains. Proper configuration is essential for the logo to display correctly across different subdomain levels.

July 2021 - OnlyDomains.com
Marketer view

Email marketer from EmailVendorSelection shares that for BIMI to work across subdomains, each subdomain needs its own individual BIMI DNS record and the VMC must be valid for that specific subdomain. Failing to do so will result in the logo not being displayed.

December 2022 - EmailVendorSelection
Marketer view

Email marketer from Reddit explains that BIMI will work on multiple subdomain levels if each subdomain has its own BIMI record and the VMC is valid for each. You can't just set it up for the top-level domain and expect it to cascade down.

February 2024 - Reddit
Marketer view

Marketer from Email Geeks explains that a BIMI record has to be published at the RFC5322.From domain or the org domain of the From domain. He further clarifies that if a BIMI record is published at sample.com, it will work for email.xyz.sample.com, depending on the domains listed in the VMC.

July 2021 - Email Geeks
Marketer view

Email marketer from StackOverflow explains that BIMI logo may not show on subdomains due to DNS configuration problems. Requires checking if the BIMI record is correctly set up for each subdomain. It is crucial to ensure DNS records are valid for each subdomain where the BIMI logo should appear.

December 2023 - StackOverflow

What the experts say
1Expert opinion

BIMI can function on subdomains, provided that it is correctly set up. This means ensuring that each subdomain has the appropriate DNS records and that the VMC (Verified Mark Certificate) is valid for each subdomain.

Key opinions

  • Subdomain Configuration: Proper configuration is necessary for BIMI to work on subdomains.
  • DNS Records: Each subdomain must have its own DNS records configured for BIMI.
  • VMC Validation: The VMC must be valid for each subdomain intended to use BIMI.

Key considerations

  • Configuration Accuracy: Ensure all DNS records are correctly configured.
  • VMC Scope: Verify that the VMC covers each specific subdomain intended to use BIMI.
  • Testing: Test BIMI implementation on each subdomain to confirm proper functionality.
Expert view

Expert from Word to the Wise explains that BIMI should work on subdomains if properly configured with the corresponding DNS records and VMC validation for each subdomain.

November 2022 - Word to the Wise

What the documentation says
3Technical articles

BIMI can operate on subdomains if properly configured. This requires that the Verified Mark Certificate (VMC) explicitly includes the relevant domains and subdomains intended to display the BIMI logo. Each subdomain must have its own BIMI record, and the 'From:' domain in the email must match the domain in the BIMI DNS record. The VMC must list the domain or subdomain in the Subject Alternative Name (SAN) field.

Key findings

  • VMC Inclusion: The VMC must include all relevant domains and subdomains.
  • Individual BIMI Records: Each subdomain must have its own BIMI DNS record.
  • Domain Matching: The 'From:' domain must match the domain in the BIMI DNS record.
  • SAN Listing: The VMC needs to list the domain or subdomain in the Subject Alternative Name (SAN) field.

Key considerations

  • VMC Verification: Verify that the VMC covers all required subdomains.
  • DNS Record Accuracy: Ensure that each subdomain's BIMI DNS record is correctly configured.
  • Subdomain Independence: If subdomains send emails independently, each must have its own BIMI configuration.
Technical article

Documentation from the BIMI Group specifies that the domain in the BIMI DNS record must match the 'From:' domain in the email. This applies to subdomains as well; each subdomain must have its own BIMI record if it sends emails independently.

January 2024 - BIMI Group
Technical article

Documentation from DigiCert explains that BIMI needs a Verified Mark Certificate (VMC) that must list the domain or subdomain in the Subject Alternative Name (SAN) field. If you want BIMI to work on subdomains, ensure the VMC covers those specific subdomains.

March 2023 - DigiCert
Technical article

Documentation from Entrust.com explains that BIMI can work with subdomains, but the VMC (Verified Mark Certificate) must include the relevant domain and subdomains covered by the BIMI record. Each subdomain intended to display the BIMI logo needs to be explicitly listed within the certificate.

February 2024 - Entrust.com

Related resources
2Resources

Understanding BIMI | Kickbox University
Understanding BIMI | Kickbox University

Part 5 of our email authentication series covers BIMI: what it is, its implementation & benefits. BIMI allows senders to display their logo in the inbox

Kickbox Blog
How DMARC works with subdomains and the sp tag - Valimail
How DMARC works with subdomains and the sp tag - Valimail

Learn how DMARC works with your subdomains and the sp tag to bring DMARC to enforcement and protect your business from impersonation.

Valimail -

Related questions