What Is BIMI? Email Brand Indicators Explained
A practical guide to BIMI, including what the BIMI record contains, how selector-based publishing works, and how BIMI fits into email trust.
Tools For This Topic
What BIMI is
BIMI (Brand Indicators for Message Identification) is a standard that allows a domain to publish branding information that supported email clients may display alongside messages.
It is designed as a visual trust signal, typically showing a verified brand logo next to authenticated email.
BIMI does not replace core authentication mechanisms such as SPF, DKIM, or DMARC. It sits on top of them and depends on a strong underlying email security posture.
Where a BIMI record is published
A BIMI record is published as a TXT record under a selector-based hostname.
default._bimi.example.com. 3600 IN TXT "v=BIMI1; l=https://example.com/logo.svg"The selector (commonly "default") allows structured publishing similar to other email-related DNS records.
Querying the wrong selector or hostname is a common troubleshooting issue.
What a BIMI record looks like
A BIMI record contains a version tag and references to branding and optional authority information.
v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pemA more complete real-world example might look like:
default._bimi.example.com. 3600 IN TXT "v=BIMI1; l=https://cdn.example.com/brand/logo.svg; a=https://cdn.example.com/brand/vmc.pem"What each value means
- v=BIMI1: identifies the record as a BIMI policy
- l: the URL of the SVG logo that may be displayed
- a: an optional authority reference, often used for Verified Mark Certificates (VMCs)
How BIMI fits into email trust
BIMI is a presentation layer built on top of authenticated email.
For BIMI to work reliably, domains typically need DMARC enforcement (quarantine or reject) and proper DKIM alignment.
Without this foundation, most email providers will ignore BIMI records.
What to check in practice
- Whether the BIMI TXT record exists at the correct selector
- Whether the record syntax and tags are correctly formatted
- Whether the logo URL is accessible and returns a valid SVG
- Whether the domain has a DMARC policy at enforcement level
- Whether DKIM alignment is working correctly
# Check BIMI record
nslookup -type=txt default._bimi.example.com
# Using dig
dig TXT default._bimi.example.comWhy BIMI matters
BIMI can improve brand recognition and user confidence by displaying verified logos in supported email clients.
It also encourages organisations to adopt stronger authentication practices, since BIMI depends on them.
However, BIMI should be treated as a visual enhancement rather than a standalone security control.
Common mistakes
- Publishing BIMI before SPF, DKIM, and DMARC are properly configured
- Using inaccessible or incorrectly formatted logo files
- Querying the wrong selector or hostname
- Expecting BIMI to work without DMARC enforcement
- Treating BIMI as a substitute for authentication
Use These DNS Pro Tools
If you want to validate this topic in practice, these DNS Pro tools are the fastest next step.
Related Tools
Related Articles
What Is TLS-RPT? SMTP TLS Reporting Explained
A practical reference guide to TLS-RPT, including what the record looks like, what the tags mean, and how it fits alongside MTA-STS.
How to Publish BIMI (Step-by-Step Guide)
A practical guide to publishing BIMI, including record format, selector usage, logo requirements, and what to validate before rollout.
What Is DKIM and How Does It Work?
Learn what DKIM is, how DKIM works, what a selector does, what the public key record contains, and why DKIM matters for email authentication.