How to Implement Brand Indicators for Message Identification (BIMI):-
BIMI (Brand Indicators for Message Identification) is an email authentication standard that displays your brand logo in email clients. This enhances brand recognition and security by reducing phishing risks. Here’s a step-by-step guide on how to implement BIMI for your domain.
Step 1: Meet the Pre-requirements:
| 1 | Set Up a DMARC Policy | Your domain must have a DMARC policy with quarantine or reject enforcement. | v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf; pct=100; ri=86400 |
| 2 | Obtain a Verified Mark Certificate (VMC) | Email providers like Gmail require a VMC to display your brand’s logo. |
The logo must be trademarked and submitted in SVG format. |
| 3 | Prepare a Compliant Logo | The logo must be in SVG Tiny 1.2 format. | The “baseProfile” attribute set to “tiny-ps” The “version” attribute set to “1.2”. A <title> element must be included that reflects the company name, though there are no strict requirements for the content of the element. A <desc> (i.e. the “description”) element is not required, but this should be included to support accessibility. |
Self-asserted logos:- logos that are published without verification certificates and are supported by Yahoo, Fastmail, and others. BIMI works without VMC or the CMC, meaning that the entry point for BIMI is very attainable. I always recommend starting your BIMI journey with this option.
Select VMC or CMC Certificate for BIMI
Before applying for a BIMI certificate, you must decide whether you need a Verified Mark Certificate (VMC) or a Certificate Mark Certificate (CMC):
Verified Mark Certificate (VMC)
Required by most major mailbox providers like Gmail, Yahoo, and Fastmail.
Validates that your organization owns the trademarked logo displayed in recipients’ inboxes.
Issued by certificate authorities like DigiCert, GlobalSign, or Entrust.
Certificate Mark Certificate (CMC)
They are issued by certification authorities (Entrust or DigiCert) recognized by the BIMI Working Group.
The verification process includes checking your brand’s logo and DMARC policy.
Like VMCs, CMCs involve an annual fee for issuance and maintenance.
This is a good alternative for smaller businesses that may not have trademarked their logo or for businesses making changes to their logos that have not been processed by the trademark authority yet.
At Google, a CMC is required for logo presentation, along with qualifying local reputation and volume.
Less commonly used but an alternative for certain email ecosystems.
Some mailbox providers may not require a VMC but still follow BIMI standards.
Recommended: If you want your logo to be displayed in Gmail and other major providers, choose VMC.
| Id | Feature | Verified Mark Certificate (VMC) | Certificate Mark Certificate (CMC) |
| 1 | Purpose | Required by major mailbox providers like Gmail, Yahoo, and Fastmail. | Alternative to VMC for certain email providers. CMCs offer a similar level of verification as VMCs. |
| 2 | BIMI Requirement | Mandatory for most providers to display a logo in the inbox. | Not required by all mailbox providers but can still be used with BIMI. |
| 3 | Trademark Requirement | A trademarked logo is mandatory. You must have used the logo for at least 12 months before the Mark verification date on a domain you control. |
May not always require a trademarked logo. |
| 4 | Supported Providers | Google/Gmail (enhanced support, blue checkmark) Apple (Digitally certified label in message details) au.com Yahoo Fastmail Cloudmark La Poste Onet ZohoMail Zone Zoner |
Some providers that do not enforce VMC requirements. |
| 5 | Issuing Authorities | DigiCert, Entrust. | Less widely available compared to VMC. |
| 6 | Cost | $1,000 – $1,500 per year. | Typically lower cost or no cost in some implementations. |
| 7 | Verification Process | Strict validation of logo ownership and DMARC compliance. | Less stringent than VMC. |
Gmail now supports Common Mark Certificates (CMC), a new type of BIMI certificate being issued by Certificate Authorities (CA). CMCs allow a broader range of senders to utilize BIMI, who might not have the registered trademark required for a Verified Mark Certificate (VMC). With a CMC, the sender’s brand avatar will be displayed without the Gmail-verified checkmark.
Step 2: Choose a BIMI Certificate Provider (once your logo ready)
| id | Provider | Features | Cost (Approx.) |
|---|---|---|---|
| 1 | DigiCert | Global CA, automated verification, supports BIMI VMCs. in 2020 DigiCert is partnering with Valimail to help firms embrace BIMI (Brand Indicators for Message Identification), an email security standard that helps brands display a logo in their email subject lines with Verified Mark Certificates (VMCs). |
Starts at $1,499/year |
| 2 | Entrust | Trusted CA for BIMI, offers compliance assistance | Starts at $1,499/year (Not supported by Chrome) |
| 3 | GlobalSign (Upcoming) | Expected to issue BIMI VMCs soon | TBD |
Important Note About Entrust:-
Google Chrome does not currently support Entrust VMCs, which affects the display of the BIMI logo in Gmail and other Google services.
Step 3: Free BIMI Tools
There are no free VMC providers, but you can check your BIMI readiness with these free tools:
BIMI Group – https://bimigroup.org/
Valimail BIMI Monitor – https://www.valimail.com
EasyDMARC BIMI Lookup Tool – https://easydmarc.com/tools/bimi-lookup.
Step 4: BIMI Support for Subdomains:-
If you manage multiple subdomains, check which providers:
DigiCert – Supports as per below
| Domain Structure | Number of Logos | VMC Configuration |
| Single domain | One | One |
| Single domain | Multiple (more than one) | Multiple: One VMC per logo |
| Multiple domains | One | One |
| Multiple subdomains | One | One |
| Multiple domains | Multiple (more than one) | Multiple: One VMC per logo |
| Multiple subdomains | Multiple (more than one) | Multiple: One VMC per logo |
Entrust – Allows subdomain BIMI, but each subdomain needs an individual VMC.
Valimail – Offers BIMI services and may support subdomain setups upon request.
Step 5: Apply for a BIMI Certificate:-
Trademark Your Logo – Register your brand’s logo with a trademark office. The following trademark offices are approved for BIMI (Brand Indicators for Message Identification).
| United States (US) | United States Patent and Trademark Office (USPTO) | https://www.uspto.gov/ |
| Canada (CA) | Canadian Intellectual Property Office | https://www.ic.gc.ca/eic/site/cipointernet-internetopic.nsf/eng/home |
| European Union (EU) | European Union Intellectual Property Office | https://euipo.europa.eu/ohimportal/en |
| United Kingdom (GB) | UK Intellectual Property Office | https://www.gov.uk/government/organisations/intellectual-property-office |
| Germany (DE) | Deutsches Patent- und Markenamt | https://www.dpma.de/ |
| Japan (JP) | Japan Trademark Office | https://www.jpo.go.jp/e/ |
| Spain (ES) | Spanish Patent and Trademark Office O.A. | https://www.oepm.es/es/index.html |
| Australia (AU) | IP Australia | https://www.ipaustralia.gov.au/ |
| India (IN) | Intellectual Property India | https://ipindia.gov.in/trade-marks.htm |
| South Korea (KR) | Korean Intellectual Property Office | https://kipo.go.kr/en |
| New Zealand (NZ) | Intellectual Property Office of New Zealand (IPONZ) | https://www.iponz.govt.nz/ |
Document List:-
=> Basic Business & Applicant Information
Trademark Application Form – The official form required for trademark registration.
Applicant’s Name & Address – Details of the individual or company filing for the trademark.
Business Registration Certificate – Proof that the business is legally registered.
Nationality & Legal Status – If an individual, provide a valid ID (passport, driver’s license); if a company, submit incorporation documents.
=> Logo-Related Documents
Trademarked Logo Image – A clear, high-resolution image of your logo in JPG, PNG, or PDF format.
Trademark Class & Description – A description of the products/services under the trademark.
List of Goods & Services (Nice Classification) – Specify the categories your logo applies to.
Usage Proof (if applicable) – Screenshots of website, product packaging, or marketing materials showing the logo in use.
=> Legal & Authorization Documents
Power of Attorney (if using a trademark attorney) – Required in some jurisdictions.
Declaration of Use – Sworn statement confirming actual logo usage in commerce.
Consent Letter (if needed) – Required if the logo contains a personal name, celebrity likeness, or a third-party design element.
=> Government Fees & Payment Proof
Trademark Application Fee Payment Receipt – Proof of payment for the application fee.
Additional Fees – Fees for extra trademark classes, priority claims, or expedited processing.
=> Priority Claim Documents (If Claiming Earlier Rights)
Certified Copy of Foreign Trademark – If filing based on an existing international trademark.
Translation of Documents – Official translations of any non-English documents.
Note:- Each country has different requirements—check with the relevant trademark office for specifics.
Processing times vary but typically range from 6 months to 2 years, depending on jurisdiction and any opposition.
logo is already trademarked check with:- World Intellectual Property Organization’s (WIPO) website and search for your organization’s logo
To use your logo with BIMI, you must get a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC) from an approved CA. You can work with your legal team or a lawyer to get your logo trademarked
Select a BIMI Certificate Provider:- Now need to contact VMC cert provider if your logo is ready as per above Step 2.
Certificate Provider Verification:-
When you apply for a Verified Mark Certificate (VMC) for BIMI, the certificate authority (CA)—such as DigiCert or Entrust—performs a strict verification process before issuing the certificate. This ensures that only legitimate businesses with a trademarked logo can display their logo in email inboxes.
=> Steps Involved in VMC Verification
The CA checks if your logo is officially registered as a trademark with a recognized trademark office.
You must provide proof of trademark registration from authorities like:
United States Patent and Trademark Office (USPTO) (https://www.uspto.gov)
European Union Intellectual Property Office (EUIPO) (https://euipo.europa.eu)
World Intellectual Property Organization (WIPO) (https://www.wipo.int)
Logos that are NOT trademarked will be rejected from the VMC process.
=> Domain Ownership Verification
The CA verifies that you own and control the domain for which you are requesting the VMC.
This is done via a DNS TXT record or WHOIS lookup.
The domain must be DMARC-compliant with a policy of p=quarantine or p=reject to qualify for BIMI.
=> Business Identity Validation
The CA confirms that your business is legally registered and active.
You must submit: Legal business name, Address & registration details, Government-issued business license or incorporation documents
The CA checks these details against public and government records to ensure authenticity.
=> Contact Person Verification
You must designate a verified individual as the certificate contact person.
This person must prove their identity using a government-issued photo ID (passport, driver’s license), Company email, and phone verification.
=> Final Approval & Certificate Issuance
Once all the above verifications are completed, the CA issues the VMC certificate.
The certificate is digitally signed and tied to your verified domain and logo.
After approval, you can publish your BIMI record (DNS TXT record) to activate logo display in email clients.
Add a BIMI TXT Record to Your DNS:-
It might surprise you to hear that BIMI also incorporates the idea of a selector for publishing an assertion record in a similar manner to DKIM. This could be utilized to have alternative logos between your corporate email, or different brands using the same email domain. Should you only have the need for one logo you can publish your BIMI record under the ‘default’ selector.
default._bimi.example.com TXT “v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem”
v=BIMI1; → Specifies the BIMI version (always “BIMI1”).
l=URL → The location (URL) of the brand logo in **SVG format**.
a=URL → The URL of the **Verified Mark Certificate (VMC)** issued by a CA (DigiCert, Entrust).
host -t txt default._bimi.linkedin.com
default._bimi.linkedin.com descriptive text “v=BIMI1; l=https://media.licdn.com/media/AAYQAQQhAAgAAQAAAAAAABrLiVuNIZ3fRKGlFSn4hGZubg.svg; a=https://media.licdn.com/media/AAYAAQQhAAgAAQAAAAAAALe_JUaW1k4JTw6eZ_Gtj2raUw.pem;”
host -t txt default._bimi.cnn.com
default._bimi.cnn.com descriptive text “v=BIMI1; l=https://amplify.valimail.com/bimi/time-warner/I0vDrJpkRnB-cable_news_network_inc2025.svg; a=https://amplify.valimail.com/bimi/time-warner/I0vDrJpkRnB-cable_news_network_inc2025.pem”
BIMI Work Without a Website?
1. BIMI Requirements
Domain Authentication: To implement BIMI, you need to have your email domain authenticated using DMARC (Domain-based Message Authentication, Reporting & Conformance).
SVG Logo: You must have a logo in SVG format that meets specific requirements.
BIMI Record: You need to publish a BIMI record in your domain’s DNS settings.
2. Website Not Required
No Website Needed: Technically, you do not need an active website for BIMI to work. The essential requirements are:
A domain with DMARC configured.
A valid SVG logo hosted somewhere accessible via HTTPS.
A BIMI DNS record pointing to the logo.
3. Hosting the Logo
Logo Hosting: If you do not have a website, you can host your SVG logo on a third-party service that supports HTTPS. This could be a cloud storage service or an image hosting platform that allows direct linking.
Once you have your VMC, update your organizational domain’s DNS with a BIMI TXT record and ALL subdomains will inherit it from this org/root/top-level domain. is this correct?
Yes, but dmarc/dkim is required for each domain subdomain.