Set up BIMI for your newsletter: the 2026 operator guide

What BIMI does (and where it doesn't)

BIMI (Brand Indicators for Message Identification) is the open standard that lets your verified sender logo appear next to your newsletter in supported inboxes. Gmail rolled it out widest in 2021, Apple Mail picked it up on iOS 16, Yahoo and Fastmail support it, and Outlook still does not. So roughly 60 to 65 percent of consumer inboxes will render the badge if your BIMI email setup is correct. Microsoft accounts will keep showing whatever fallback initial they always did.

What BIMI is not is a deliverability lever. People sell it that way. It is not. Gmail's own developer documentation says BIMI does not affect inbox placement. What it does shift is perceived trust, click rate on senders the recipient half-recognises, and reply rate from finance, security, and legal contacts. When we audit BIMI launches for clients in B2B SaaS, we see a CTR lift of around 4 to 7 percent on first sends to cold list segments. Not nothing. Not life-changing either.

And here is the part nobody mentions in the BIMI marketing. If you have never enforced DMARC, the BIMI launch is the deadline that finally forces you to. That is the real win, more than the badge. Every team we helped with BIMI ended up cleaning up a forgotten subdomain or a rogue SendGrid sub-account nobody owned.

The four prerequisites you can't skip

Before you touch a single DNS record, you need four things in place. They have to be in this order. We have watched teams try to do them in parallel and end up debugging which step broke the chain.

First, SPF and DKIM, both passing on every send and both aligned with the From: header. Most senders pass one and fail alignment on the other. Run a header check on three recent sends and confirm both lines say "PASS" and the d= domain matches your visible sender. If either fails alignment, fix that before you do anything else.

Second, DMARC at p=quarantine or p=reject with pct=100. A policy of p=none does not count, no matter how many forum threads tell you it might. Mailbox providers explicitly check for enforcement. We recommend at least 30 days of p=quarantine before moving to reject, with daily DMARC aggregate reports going to an inbox a human reads.

Third, a square logo in SVG Tiny Portable/Secure format (SVG Tiny PS 1.2). The exact spec matters - SVG 1.1 will fail validation. The file must contain no scripts, no animations, no external references, no embedded raster images. Host it over HTTPS with a valid certificate, on a domain you control.

Fourth, for Gmail, Yahoo, and Fastmail, a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC). Apple Mail will accept BIMI without one, which is why teams launching for an iOS-heavy audience can skip this step. Everyone else has to budget for it.

The DNS record, exactly

This is the part operators come for, so here is the record. Publish a TXT record at default._bimi.yourdomain.com with this value:

v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/cert.pem

Three tags matter. v is the version (always BIMI1). l is the URL of the SVG. a is the URL of the VMC or CMC certificate in PEM format. If you are launching Apple-only without a certificate, you can omit the a tag entirely, and Apple Mail will still render the logo. Gmail will not.

If you send from multiple subdomains (news.yourdomain.com, marketing.yourdomain.com), publish a BIMI record on each subdomain you send from, or rely on the organisational record at the parent domain. The selector default works for almost everyone. You only need custom selectors (s=brand2 on the BIMI-Selector header) if you run multiple brands off the same domain.

SVG specs that trip everyone up

The SVG Tiny PS 1.2 specification is short, but the failure modes are not obvious from reading it. Here is what we see break in real launches.

The viewBox must be square. A 1:1 ratio. If your logo is wide, you need to centre it on a square coloured background. Inkscape exports rectangular viewBoxes by default, which is why most first attempts fail validation.

The SVG must include a baseProfile="tiny-ps" attribute on the root element and a version="1.2" attribute. Without either one, every mailbox validator rejects the file. Most SVG editors will not add these attributes for you. You will need to open the file in a text editor and add them by hand.

No external references means no linked fonts, no linked images, no use of <use> elements pointing outside the document. Convert all text to paths. If your logo has a wordmark in a custom typeface, this is the step that takes longest.

File size under 32 kilobytes after minification. Run it through SVGO with default settings before publishing - most logos drop from 200KB to under 10KB.

And one last gotcha. The file must be served with content-type image/svg+xml, not text/xml or application/xml. Cloudflare and S3 default to the right one. WordPress and some Nginx configs do not. Test with curl -I before you trust your host.

VMC vs. CMC: when you need a certificate

Until late 2023, the only path to a BIMI certificate was a Verified Mark Certificate from DigiCert or Entrust. A VMC requires a trademarked logo (USPTO, EUIPO, or another participating registry). Cost lands around 1,500 to 2,000 dollars per year, plus trademark filing fees if you do not already have one. That priced out most small senders, and rightly so.

The Common Mark Certificate (CMC) closed the gap. CMC costs roughly 600 dollars per year and skips the trademark requirement. You prove logo ownership through a notarised affidavit and proof of use over the prior year. Gmail and Yahoo accept CMC the same way they accept VMC. Apple Mail does not check either.

Here is the honest tradeoff. If you already have a registered trademark, get a VMC - issuance is faster and the certificate has cleaner provenance. If you do not, get a CMC and put the trademark on the roadmap for later. We have seen brands sit on a VMC application for four months because their lawyer was slow on the trademark filing. CMC would have launched the logo three months earlier.

Where your logo will (and won't) show

Gmail shows BIMI logos in the web client, Android Gmail app, and iOS Gmail app. The Inbox tab matters. Promotions tab senders also get the logo, but only on Gmail accounts where the user has BIMI display enabled (it is on by default but some workspace admins disable it).

Apple Mail shows BIMI on iOS 16 and later, iPadOS 16 and later, and macOS Ventura and later. Older versions do not. So your audience skew matters. If your list is half on iOS 14 and 15 still, half of your Apple audience will not see anything.

Yahoo Mail and AOL show BIMI in the web client and mobile apps. Fastmail shows it. Outlook does not - not desktop, not web, not the mobile app, not Microsoft 365. Microsoft has talked about BIMI support since 2022 and has not shipped. We assume nothing about when they will. Plan for half your B2B audience to never see the logo.

Troubleshooting: the five most common BIMI failures

When the logo does not appear, the cause is almost always one of these five. We troubleshoot BIMI for a few clients per month and the pattern is consistent.

DMARC is still at p=none. The team published the BIMI record and the SVG, but never moved DMARC to enforcement. The BIMI record technically passes validation but no inbox renders the logo. Fix: move to p=quarantine pct=100 for 30 days, then p=reject.

The SVG fails Tiny PS validation. Most often the missing baseProfile attribute, sometimes a stray script tag from a Sketch export, sometimes a viewBox that is not square. Fix: validate at bimigroup.org/svg-validator and read the actual error message. Do not skim it.

The certificate is for the wrong domain. The VMC was issued for yourdomain.com but the BIMI record is on send.yourdomain.com, and the certificate does not cover the subdomain. Fix: reissue the certificate with a subjectAltName covering the sending domain, or move the BIMI record to the apex.

The SVG is served with the wrong content-type or behind a redirect. Mailbox providers follow one redirect at most, and some refuse to follow any. Host the file at a stable URL with content-type image/svg+xml. Test with curl -sI https://yourdomain.com/bimi/logo.svg.

Volume threshold not met. Gmail does not render BIMI for senders with fewer than roughly 5,000 monthly Gmail recipients. The most painful one to debug, because everything looks correct and nothing shows. Yahoo and Apple have lower or no thresholds.

If you have ruled out all five, run a header check on a recent send with the same header-reading method used to identify ESPs. The Authentication-Results header will tell you which step the mailbox provider rejected. Look for bimi=pass, bimi=temperror, or bimi=fail with a reason code. The reason code is the truth, not the BIMI record validator.

Why we recommend BIMI even when it isn't required

None of this is mandatory. You can send newsletters forever without a BIMI badge. So why bother? Two reasons we tell every client.

One, BIMI launches surface every authentication crack in your sending setup. Old subdomains. Forgotten transactional senders. Vendors who never aligned DMARC. The audit you do to qualify for BIMI is the audit you should have done two years ago for spam-filter health and authentication compliance. BIMI is the forcing function.

Two, the logo compounds. Subscribers who see your badge on every send build a mental shortcut. After BIMI launch, the average CTR on returning-subscriber segments in our analyser dashboard creeps up by 2 to 4 points over the next two quarters, beyond what subject line and send-time work predict. It is also one of the only newsletter wins that cannot be copied by a competitor overnight, because they would need to redo the trademark and certificate work first.

If you are weighing BIMI against other deliverability projects, do the SPF/DKIM/DMARC cleanup first. Then BIMI. Reading the BIMI status of a competitor's sends is a fast way to gauge how mature their email program really is - we cover the broader header-reading technique in how to reverse engineer a competitor newsletter, with a tooling comparison in Newsletrix vs. Litmus on deliverability.

Frequently asked questions

Do I need a VMC certificate for BIMI to work?

Gmail, Yahoo, and Fastmail require a Verified Mark Certificate (VMC) or, since late 2023, the cheaper Common Mark Certificate (CMC). Apple Mail accepts BIMI without a certificate. So if your audience is mostly Gmail, you need a VMC or CMC; if it skews iOS, you can launch without one and your logo will still show in Apple Mail.

Why is my BIMI logo not showing up in Gmail?

The five most common causes are: DMARC is set to p=none instead of quarantine or reject, the SVG is not Tiny PS 1.2 compliant, the SVG is not served over HTTPS with a valid certificate, the VMC has expired or was never issued, and the sender has fewer than ~5,000 monthly Gmail recipients. Gmail also throttles BIMI display for newly-set-up domains for 24 to 72 hours after the first valid send.

What DMARC policy is required for BIMI?

BIMI requires DMARC enforcement at p=quarantine or p=reject with pct=100. Policies at p=none are rejected by every mailbox provider. The DMARC record must also be at the organisational domain or a higher level, not just the subdomain you send from, and SPF or DKIM must be aligned with the From: header domain.

How do I make a BIMI-compliant SVG?

Export your logo as a square SVG, then convert it to SVG Tiny Portable/Secure (SVG Tiny PS 1.2). The file cannot contain scripts, animations, external references, or raster images. Centre the logo on a coloured background that meets WCAG contrast against both light and dark inbox themes. Validate the file at bimigroup.org's SVG validator before publishing, and host it over HTTPS with a valid certificate.

Does BIMI affect open rates?

BIMI does not influence inbox placement, and Gmail's own documentation says so explicitly. What it does shift is open rate on senders the recipient half-recognises, because the logo turns a fuzzy sender memory into a confident click. In B2B SaaS we see a 4 to 7 percent CTR lift on first sends to cold list segments after BIMI launch; in retail and creator newsletters, the effect is smaller because senders already have brand recognition through the From: name.

Related reading