Prerequisites Before Starting
Before implementing BIMI, ensure you have:
- SPF configured: Properly authorizing your sending sources
- DKIM signing: All outbound email signed with valid DKIM
- DMARC published: At minimum p=none while monitoring
- Registered trademark: Required for VMC certificate (if targeting Gmail)
Step 1: Achieve DMARC Enforcement
BIMI requires DMARC with an enforcement policy. If you are still at p=none, you need to progress your policy.
Path to Enforcement
- Review DMARC aggregate reports for authentication issues
- Fix any SPF or DKIM failures
- Ensure alignment between From domain and authentication
- Move to p=quarantine with pct=10, gradually increasing
- Progress to p=quarantine pct=100
- Optionally move to p=reject for maximum protection
Do Not Rush Enforcement
Moving to enforcement too quickly can cause legitimate email to be filtered. Monitor reports carefully and fix all authentication issues before increasing your enforcement percentage.
Step 2: Create Your BIMI Logo
BIMI logos must meet specific technical requirements.
Format Requirements
- File type: SVG Tiny Portable/Secure (SVG P/S)
- Aspect ratio: Square (1:1)
- Background: Solid color, not transparent
- Content: Centered with appropriate padding
- Size: Keep under 32KB
Creating the SVG
- Start with your existing logo in vector format
- Convert to square aspect ratio with solid background
- Export as SVG
- Convert to SVG Tiny P/S format using a converter tool
- Validate with BIMI Group's SVG checker
Common Logo Problems
- Transparent backgrounds (must be solid)
- Non-square aspect ratios
- Embedded fonts (convert to paths)
- JavaScript or external references
- Unsupported SVG features
Step 3: Obtain a VMC Certificate
Gmail and Apple Mail require a Verified Mark Certificate. Yahoo displays logos without VMC.
VMC Requirements
- Trademark registration in an approved jurisdiction
- Logo matches registered trademark exactly
- Domain ownership verification
- Organization validation
VMC Providers
VMCs are issued by authorized Certificate Authorities:
- DigiCert
- Entrust
The VMC Process
- Apply with your chosen CA
- Submit trademark documentation
- Complete domain and organization verification
- Receive your VMC certificate
- Host the certificate at a public HTTPS URL
VMC Timeline
VMC issuance typically takes 1-4 weeks after application, assuming your trademark is already registered. If you need trademark registration, that adds 6-12 months to the timeline.
Step 4: Host Your Logo and Certificate
Logo Hosting
- Use HTTPS URL (required)
- Ensure public accessibility (no authentication)
- Use reliable hosting with high availability
- Set appropriate cache headers
Certificate Hosting
- Host the VMC PEM file at a public HTTPS URL
- Ensure the certificate chain is complete
- Keep URLs permanent (changing breaks BIMI)
Step 5: Publish Your BIMI Record
Add a TXT record to your DNS:
default._bimi.yourdomain.com TXT "v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/cert.pem"
Record Components
- Hostname: default._bimi.yourdomain.com
- v=BIMI1: BIMI version (required)
- l=: URL to your SVG logo (required)
- a=: URL to VMC certificate (required for Gmail)
Selector Options
The "default" selector works for most cases. You can use different selectors for different email streams, matching the selector in your email headers.
Step 6: Test and Validate
Validation Tools
- BIMI Group Inspector
- MXToolbox BIMI lookup
- Google Admin Toolbox
Testing Checklist
- BIMI record resolves correctly
- Logo URL is accessible and loads properly
- VMC URL is accessible and valid
- SVG validates as Tiny P/S format
- DMARC is enforcing at p=quarantine or p=reject
Live Testing
Send test emails to Gmail and Yahoo accounts. Allow 24-48 hours for caching and propagation. Logo display may not be immediate.