How to Publish BIMI (Step-by-Step Guide)

Before publishing BIMI (Brand Indicators for Message Identification), your domain must already have a strong email authentication posture.

• SPF
• DKIM
• DMARC

In practice, this means properly configured SPF, DKIM, and a DMARC policy at enforcement level such as p=quarantine or p=reject.

BIMI is not an authentication mechanism. It builds on existing authentication to display a brand logo in supported mail clients.

If DMARC is not enforced, BIMI will not function as intended.

BIMI records are published as TXT records under a selector-based hostname.

The default selector is typically default._bimi.example.com.

Selectors allow flexibility for future changes, but most deployments use the default selector.

Using the wrong selector or querying the wrong hostname is a common troubleshooting issue.

• BIMI Check

You can verify BIMI TXT records using a DNS lookup tool such as DNS Pro.

A BIMI record is a TXT record containing structured tag-value pairs.

v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem

Key components include the version tag, the logo location, and the optional Verified Mark Certificate reference.

• v=BIMI1 defines the version
• l= specifies the location of the SVG logo file
• a= optionally specifies the Verified Mark Certificate (VMC)

The record must be correctly formatted. Syntax errors or missing tags can cause BIMI to be ignored.

BIMI logos must meet strict requirements to be accepted by mailbox providers.

The logo must be in SVG format, typically SVG Tiny PS, publicly accessible over HTTPS, and properly formatted.

If the logo is invalid, inaccessible, or incorrectly formatted, BIMI will fail even if the DNS record is correct.

Some providers also require the logo to be registered and validated through a Verified Mark Certificate.

• BIMI TXT record exists at the correct selector such as default._bimi
• Record syntax is valid and correctly formatted
• Logo URL is accessible over HTTPS
• Logo file meets SVG format requirements
• DMARC policy is set to quarantine or reject
• DKIM is signing messages correctly
• Optional VMC is valid if required by provider

• DMARC policy not set to enforcement
• Incorrect selector or hostname used
• Broken or inaccessible logo URL
• Invalid SVG format or unsupported image type
• Incorrect TXT record formatting
• Expecting BIMI to work instantly without provider support

BIMI display depends on support from receiving mail providers, and not all providers implement it in the same way.

Some providers require a Verified Mark Certificate before displaying logos, while others may show logos under less strict conditions.

Even with a correct setup, BIMI may not appear consistently across all inboxes.

This makes validation and testing across different providers an important part of deployment.

• Confirm DMARC policy is set to quarantine or reject
• Verify SPF and DKIM are passing and aligned
• Check BIMI TXT record at the correct selector
• Validate record syntax and tag values
• Confirm logo URL is reachable and valid SVG
• Check for VMC requirements depending on provider
• Test across multiple mail providers to confirm behaviour

BIMI depends heavily on correct email authentication.

• SPF
• DKIM
• DMARC
• DNS Propagation

You should ensure SPF, DKIM, and DMARC are fully configured before troubleshooting BIMI. DNS propagation delays can also affect results.

If you want to validate this topic in practice, these DNS Pro tools are the fastest next step.

• BIMI Check
• Email Security Check
• DMARC Checker