In a world where privacy measures continue to rise, it’s imperative that our email programs continually instill trust with our subscribers. A key way to do that? Set up BIMI, or Brand Indicators for Message Identification for short.
A survey by Red Sift found that BIMI resulted in a 90% increase in consumer confidence in sender legitimacy. Since its first formalized spec in 2019, BIMI has come a long way with big names like Google, Verizon Media (which owns Yahoo Mail) behind this emerging email standard.
With its growing adoption, now’s the time to look into how to set up BIMI for your domain. We’ll walk you through it in this blog post.
What is BIMI?
You’ve likely seen it in action, in your own inbox. Take a look at the example below: The logo that appears next to the brand’s message is known as a verified sender logo.
To sum it up, BIMI allows you to display a sender logo alongside your messages in the inbox, when verified under a set of BIMI specifications. It’s a way to verify your brand and sender information, similar to other email authentication standards you’ve probably heard of, like DMARC, DKIM, and SPF. And, just like those others, BIMI is essentially a text record that lives on your servers. Email clients that support BIMI will check for that record to confirm that your emails are legit.
The feature that distinguishes BIMI? During the verification process, email clients will pull in your brand logo to display alongside your message. So, not only does BIMI authenticate you behind the scenes, it puts your brand front and center in subscribers’ inboxes, creating a better, more memorable experience in the process.
And since email subscribers deliver an average of $36 return for every $1 invested—giving an experience to remember is worth your effort!
How to set up BIMI
When BIMI was first introduced, the setup process was fairly involved, requiring approval to participate in the pilot program run by the AuthIndicators Working Group ( guides the development of BIMI). Over the years, the setup process has been simplified. In fact, you might’ve completed half the setup unknowingly if you’re using authentication protocols like DMARC already.
For those just getting started—or anyone who wants a refresher—here’s a step-by-step guide to getting BIMI set up for your domain.
1. Authenticate your organization’s emails with SPF, DKIM, and DMARC
BIMI isn’t a one-stop solution for sender verification. It works in tandem with existing authentication protocols to tell recipients that you are, in fact, who you say you are. So, you’ll need to make sure that your sending domain has SPF, DKIM, and DMARC (three standards in the email industry) properly implemented.
Specifically, you’ll want to:
- Ensure SPF, DKIM, and DMARC are all aligned. It’s the first (and most important) step toward using BIMI to display your logo.
- You will need to set up the DMARC record on the “From” domain. When setting up the DMARC record, the reject policy in that record must either be p=quarantine or p=reject.
Note: BIMI requires DMARC, and DMARC requires your domain to have DKIM records set up in order to work. While DMARC only requires either SPF or DKIM to align, it’s best to include SPF records for added security support.
Curious about how DMARC works? We have an in-depth blog post that will get you up to speed.
2. Produce an SVG Tiny PS version of your logo
The major benefit of BIMI is the inclusion of your brand logo in inboxes that support the protocol. To include your logo, BIMI requires you to supply it in a specific, secure vector format, in the correct size and shape. You’ll need to link out to a scalable vector graphics (SVG) version of your logo in your BIMI record.
SVG is a file format that ensures your graphic is crisp and clear, even when scaled across different devices. While not the best for complex graphics, SVG is the perfect solution for logos and icons.
The general rules of thumb are:
- Square aspect ratio
- Solid background color
- Center your image (it may appear in a rounded frame)
- Keep it under 32 kilobytes
From a design standpoint, make sure your logo is centered and has enough space surrounding it. In cases where the logo is rounded or corners are cut off, this ensures it won’t look awkward and is immediately recognizable.
A good example can be seen and inspected on the BIMI website.
Once you’ve got your SVG file, upload it to a publicly accessible server. (Anything temporary or private will mean your subscribers won’t be able to see your logo next to your email in the inbox, defeating the purpose of BIMI.)
3. Acquire a VMC for your logo (optional)
This step is optional but recommended. It requires additional steps and resources in order to implement, but if you want your logo to show up in Gmail, you’ll need to get your VMC setup (with either DigiCert or Entrust).
4. Publish a BIMI record for your domain in DNS
Once DMARC is properly set up and your logo file is hosted on a publicly accessible server, create a text record on your domain’s nameservers.
While that can happen in a lot of different ways depending on your DNS provider (and may require the help of your engineering or ops team), the text record itself is very straightforward.
You’ll need to access your DNS and create a new TXT record at the default._bimi subdomain, and add the following values as follows:
default._bimi.[domain] IN TXT “v=BIMI1; l=[SVG URL]; a=[PEM URL];"
Here are the parts you need to fill in:
- Domain is your domain name (i.e., litmus.com).
- SVG URL is the address where your logo file is hosted.
- PEM URL is an optional field for pointing to where your (also optional) Verified Mark Certificate (VMC) is hosted.
For most DNS providers, you enter your BIMI record in two parts.
The first is:
The second field is the actual record text:
The Litmus BIMI record looks like this:
There’s also a BIMI record generator that spits out all of this information for you. Just give it your domain, SVG image, and optional VMC file.
5. Use the BIMI Inspector tool to ensure proper set up
Once all of that is configured and added to your DNS, you might wonder: Did I set up BIMI correctly?
Give it a little bit of time (usually around 24 hours) to make its way around the world and various data centers. Then, use the AuthIndicator Group’s BIMI Inspector to check your domain name and see if BIMI is properly configured. It will notify you of potential issues with your logo and allow you to preview it in different display scenarios—and even Dark Mode.
Looking for more inbox credibility? Think BIMI.
BIMI is an emerging email standard and we think any protocol that increases subscriber trust is worth investing in. Plus, as BIMI support grows, you’ll already be set!
Want to get BIMI up and running for your own emails?
Check out our guide to getting started with BIMI up and running—and start creating a better experience for your subscribers today.
Originally published February 16, 2021 by Jason Rodriguez. Last updated April 18, 2022.