# BIMI



> BIMI can show a brand logo in some inboxes, but logo display depends on strong authentication and inbox support.



- Human page: https://mailrith.com/guides/bimi

- Markdown page: https://mailrith.com/guides/bimi.md

- Category: Authentication and Deliverability

- Reading time: 6 min read

- Related keywords: BIMI, BIMI guide, Authentication and Deliverability, Authentication and Deliverability guide, email sending guide, email marketing guide, email deliverability guide, DMARC, Sender Reputation and Spam Rate



## AI Agent Notes

- Use this page as plain-language guidance for the specific email sending issue named in the title.

- Preserve the distinction between Mailrith, an email delivery service, DNS, and inbox providers when explaining fixes.

- When a user is running a Mailrith free tool, pair that specific free-tool result with the relevant issue or step section from this guide.



### BIMI

BIMI can show a brand logo in some inboxes, but logo display depends on strong authentication and inbox support.

BIMI stands for Brand Indicators for Message Identification. In simple terms, BIMI lets some inboxes show a verified brand logo beside authenticated email.

Do not set up BIMI first. BIMI usually depends on strong DMARC enforcement and other brand verification steps. If SPF, DKIM, DMARC, permission, or list quality is weak, a logo will not fix the sending program.

A BIMI setup usually has three parts. First, your regular email authentication must be strong. Second, a BIMI DNS record must point to a logo file. Third, some mailbox providers require a certificate or verified mark certificate before they show the logo.

BIMI support varies by inbox provider. Some subscribers will not see the logo even when BIMI is configured correctly. Treat BIMI as brand polish, not as the foundation of deliverability.

Before you set up BIMI, make sure the sender identity, [SPF](https://mailrith.com/guides/spf.md), [DKIM](https://mailrith.com/guides/dkim.md), [DMARC](https://mailrith.com/guides/dmarc.md), [DMARC Alignment](https://mailrith.com/guides/dmarc-alignment.md), content, permission, and list quality are solid.

1. Set up SPF, DKIM, and DMARC first.
2. Move DMARC toward enforcement only after legitimate mail passes authentication and alignment.
3. Prepare a BIMI-compatible logo file. Then check the current certificate requirements for the inbox providers you care about.
4. Publish the BIMI DNS record only after the brand verification and authentication pieces are ready.
5. Test BIMI in inboxes that support it, and remember that some inboxes may never show the logo.

- Set up SPF, DKIM, and DMARC before you work on BIMI.
- Check whether the inbox providers you target support BIMI.
- Expect logo requirements and certificate requirements to vary by inbox provider.
- Do not use BIMI as a substitute for good sender reputation.
- If your DMARC policy is still `p=none`, BIMI may not work in many inboxes.
- A missing logo does not always mean email delivery is broken. It may mean the inbox provider does not show BIMI for that message.
- BIMI depends on the same domain trust covered in [Sender Reputation and Spam Rate](https://mailrith.com/guides/sender-reputation-and-spam-rate.md).

## Fix Common Issues
### Missing BIMI Record

A BIMI checker did not find a TXT record that starts with `v=BIMI1` at `default._bimi.yourdomain.com`.

1. Do not start BIMI setup until SPF, DKIM, DMARC, and alignment are working.
2. Prepare a BIMI-compatible SVG logo file.
3. Check whether the inbox providers you care about require a certificate.
4. Create the TXT record at `default._bimi` only after the logo file and verification pieces are ready.
5. After DNS propagation, run the BIMI checker again.

### Multiple BIMI Records

A BIMI checker found more than one BIMI TXT record at the same BIMI host.

1. Open the DNS zone for your domain.
2. Find every TXT record at `default._bimi`.
3. Choose one correct record that starts with `v=BIMI1` and keep that record.
4. Remove the duplicate or old BIMI records.
5. Run the BIMI checker again and confirm the BIMI result returns only one BIMI record.

### BIMI Logo URL Missing

A BIMI checker found a BIMI record, but the record does not include an `l=` logo URL.

1. Prepare the logo as a BIMI-compatible SVG file.
2. Host the logo at a stable HTTPS URL.
3. Edit the BIMI record and add `l=https://...` with the real logo URL.
4. Save the DNS record. After DNS propagation, run the BIMI checker again.

### BIMI Logo Is Not HTTPS

A BIMI checker found a BIMI logo URL that does not start with `https://`.

1. Move the logo file to a secure HTTPS URL.
2. Open the URL in a browser and confirm the logo loads without certificate warnings.
3. Update the BIMI `l=` value to the HTTPS URL.
4. Run the BIMI checker again.

### BIMI Logo Format Needs Review

A BIMI checker cannot tell whether the BIMI logo URL points to a BIMI-compatible SVG file.

1. Confirm the logo file is an SVG prepared for BIMI.
2. Do not use a PNG, JPG, or normal website logo file as-is.
3. Follow the exact logo requirements from the BIMI provider or certificate provider you use.
4. After you correct the logo file, update the BIMI record.

### BIMI Certificate Not Published

A BIMI checker found no `a=` certificate URL in the BIMI record.

1. Check whether the inbox providers you care about require a Verified Mark Certificate or Common Mark Certificate.
2. If a certificate is required, complete the brand verification process with the certificate provider.
3. Host the certificate at the URL the provider gives you.
4. Add the certificate URL to the BIMI record with `a=https://...`.
5. Run the BIMI checker again.

### DMARC Is Not Enforcing for BIMI

A BIMI checker says your domain's DMARC policy is missing, `p=none`, or otherwise not enforcing.

1. Use DMARC reports to find every system that sends mail as your domain.
2. Fix legitimate senders so they pass aligned SPF or aligned DKIM.
3. Send real test emails and confirm DMARC passes for those messages.
4. Move DMARC from `p=none` toward `p=quarantine` or `p=reject` only after legitimate mail is ready.
5. After the DMARC change propagates, run the BIMI checker again.

> Set up BIMI after the basics. A logo can support trust, but it cannot replace authentication, permission, and wanted email.

Related resources:
- [DMARC](https://mailrith.com/guides/dmarc.md): Understand the policy that BIMI commonly depends on.
- [Sender Reputation and Spam Rate](https://mailrith.com/guides/sender-reputation-and-spam-rate.md): Understand why logo display is not the same as deliverability.



## Related Guides

- [Sender Domains and Email Authentication](https://mailrith.com/guides/sender-domains-and-authentication.md): Your sender domain is what inbox providers learn to trust. Authentication proves that your email delivery service is allowed to send email for your domain.

- [From, Reply-To, and Return-Path](https://mailrith.com/guides/from-reply-to-and-return-path.md): An email can include several sender-related addresses. Each address has a separate role for delivery, authentication, or replies.

- [DNS, PTR, and Reverse DNS](https://mailrith.com/guides/dns-and-reverse-dns.md): DNS records identify your domain. Reverse DNS helps inbox providers check that a sending IP address has a valid hostname.
