- BIMI (Brand Indicators for Message Identification) displays your brand logo next to emails in Gmail, Apple Mail, and Yahoo Mail - increasing open rates by up to 10%
- It requires DMARC enforcement at
p=quarantineorp=rejectas a prerequisite, plus a Verified Mark Certificate (VMC) for Gmail - Implementation is a DNS TXT record pointing to your SVG logo - the technical setup takes minutes, the prerequisites take weeks
- For SaaS transactional emails, BIMI builds instant visual trust and reduces phishing false positives from cautious users
What BIMI actually does
Every email client shows a sender avatar next to each message. Without BIMI, that avatar is either a generic initial, a Gravatar, or whatever the client defaults to. With BIMI, your verified brand logo appears instead - consistently, across every message you send.
This matters more for transactional email than marketing. When a user receives a password reset or payment confirmation, seeing your logo instantly signals legitimacy. Without it, security-conscious users may hesitate to click - especially if the email asks them to take action.
Which email clients support BIMI
| Email Client | BIMI Support | VMC Required | Notes |
|---|---|---|---|
| Gmail | Yes | Yes | Requires VMC from DigiCert or Entrust |
| Apple Mail (iOS 16+) | Yes | No | Uses BIMI without VMC |
| Yahoo Mail | Yes | No | Early adopter, broad support |
| Fastmail | Yes | No | Supports since 2023 |
| Outlook | Partial | No | Rolling out via Microsoft 365 |
| Thunderbird | No | - | No current support |
| ProtonMail | No | - | No current support |
BIMI support as of March 2026
Prerequisites before you start
BIMI sits at the top of the email authentication pyramid. You cannot implement it without the layers below it already in place and enforced.
1. DMARC at enforcement level
Your domain must have a DMARC policy of p=quarantine or p=reject. A p=none policy (monitoring only) will not work. This is the most common blocker - many teams have DMARC set up but never moved past the monitoring phase.
_dmarc.yourdomain.com TXT "v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; pct=100"p=none to p=reject without reviewing your DMARC reports first will break email delivery for any services sending on your behalf that are not properly authenticated. Review your RUA reports for at least 2-4 weeks before enforcing.2. SPF and DKIM alignment
Both SPF and DKIM must pass and align with your From: domain. If you are using a service like Resend, this means configuring custom DKIM signing and verifying your sending domain - not relying on the shared domain.
3. Verified Mark Certificate (for Gmail)
A VMC is an X.509 certificate that cryptographically ties your logo to your domain. Only two Certificate Authorities issue them: DigiCert and Entrust. The process requires:
- A registered trademark for your logo (with an approved trademark office)
- Organization validation (similar to EV SSL certificates)
- Your logo in SVG Tiny PS format
- Budget: approximately $1,200-$1,500/year
If you do not have a registered trademark, you can still implement BIMI for Apple Mail and Yahoo without a VMC. Gmail added support for Common Mark Certificates (CMCs) as a lower-cost alternative, though adoption is still early.
Implementation: the DNS record
The BIMI record itself is a simple DNS TXT record. It points to your logo file and optionally to your VMC certificate.
default._bimi.yourdomain.com TXT "v=BIMI1; l=https://yourdomain.com/brand/logo.svg; a=https://yourdomain.com/brand/vmc.pem"The l= parameter points to your logo SVG. The a= parameter points to your VMC (omit it if you do not have one). Both URLs must be served over HTTPS.
SVG logo requirements
BIMI logos must follow strict SVG requirements. Regular SVGs from your design team will not work without conversion.
- Format: SVG Tiny 1.2 Portable/Secure (SVG Tiny PS)
- Dimensions: exactly square (1:1 aspect ratio)
- Background: solid color, not transparent
- No external references: no links, no scripts, no embedded images
- File size: under 32KB
- The
baseProfileattribute must be set totiny-ps
<svg version="1.2" baseProfile="tiny-ps"
xmlns="http://www.w3.org/2000/svg"
viewBox="0 0 100 100" width="100" height="100">
<rect width="100" height="100" fill="#1a1a2e" rx="0"/>
<circle cx="50" cy="50" r="30" fill="#e2b714"/>
<!-- Your actual logo paths here -->
</svg>baseProfile attribute.Verifying your BIMI setup
After publishing your DNS record and hosting your SVG, verify the setup before expecting logos to appear.
# Check your BIMI DNS record
dig TXT default._bimi.yourdomain.com
# Verify DMARC is at enforcement level
dig TXT _dmarc.yourdomain.com
# Test your SVG is accessible
curl -I https://yourdomain.com/brand/logo.svgOnline validators to check your full BIMI chain:
- BIMI Group Inspector - validates DNS, SVG, and VMC
- MXToolbox BIMI Lookup - quick DNS check
After validation passes, logo display is not immediate. Gmail caches BIMI lookups and may take 24-48 hours to start showing your logo. Yahoo and Apple Mail are typically faster.
When to implement BIMI (and when to wait)
- You already have DMARC at p=quarantine or p=reject
- Your brand has a registered trademark (needed for Gmail VMC)
- You send transactional emails that require user trust (payments, auth)
- Your users are primarily on Gmail, Apple Mail, or Yahoo
- You want to reduce 'is this phishing?' support tickets
- Your DMARC is still at p=none (fix DMARC first)
- You are on a shared sending domain (e.g., Resend's default domain)
- Your user base is primarily on Outlook or other unsupported clients
- You do not have budget for a VMC and your users are mostly on Gmail
- Your sending volume is low (under 1,000 emails/month)
BIMI and your React Email templates
BIMI operates at the DNS and sending infrastructure level - it does not require any changes to your email templates. Your React Email components continue to work exactly as before. The logo appears in the inbox list view, not inside the email body.
That said, BIMI creates an expectation of brand consistency. If your inbox avatar shows a polished logo but the email inside looks like a plain-text afterthought, the disconnect hurts more than having no logo at all. This is where well-designed templates matter.
import { Html, Head, Body, Container, Img, Text } from "@react-email/components";
// Your BIMI logo appears in the inbox list view.
// Inside the email, use the same brand assets for consistency.
export function PaymentConfirmation({ amount, date }: Props) {
return (
<Html>
<Head />
<Body style={{ backgroundColor: "#f9fafb", fontFamily: "sans-serif" }}>
<Container style={{ maxWidth: "560px", margin: "0 auto" }}>
<Img
src="https://yourdomain.com/brand/logo-email.png"
alt="YourBrand"
width={120}
height={40}
/>
<Text style={{ fontSize: "20px", fontWeight: 600 }}>
Payment of ${amount} confirmed
</Text>
<Text>Processed on {date}. No action required.</Text>
</Container>
</Body>
</Html>
);
}Real-world impact numbers
| Metric | Before BIMI | After BIMI | Source |
|---|---|---|---|
| Open rate | Baseline | +10% average lift | Red Sift / Entrust study |
| Brand recall | Baseline | +18% improvement | BIMI Group pilot data |
| Phishing report rate | Baseline | -34% fewer false reports | Yahoo Mail internal data |
| Time to trust | ~3 seconds | ~1 second | Eye-tracking study, Litmus 2025 |
Measured impact of BIMI implementation
The open rate lift is meaningful but secondary. The primary value for SaaS transactional email is the reduction in phishing false positives. When users see your verified logo, they are significantly less likely to ignore or report legitimate auth emails as suspicious.
p=reject, then add BIMI as the finishing touch that makes your transactional emails visually trustworthy before users even open them.