How to Set Up BIMI for Your Brand: Step-by-Step Guide

Brand Indicators for Message Identification (BIMI) is a standard that allows organizations to display their official logo next to email messages in supported inboxes. It works with the authentication methods you already use, helping people quickly see that the email actually came from your domain. When everything is set up properly, BIMI adds to your brand’s look and makes it easier for inbox providers to distinguish real messages from the fake or suspicious ones.

Many teams confuse BIMI with DMARC or assume it replaces traditional authentication. DMARC remains responsible for aligning SPF and DKIM and enforcing domain protection policies. BIMI simply builds on top of that foundation. Another element often introduced in the same conversation is the certificate requirement, like Verified Mark Certificate or Common Mark Certificate[AC1.1], used to verify and validate your logo. Once everything is set up, mailbox providers can display your brand mark with confidence.

Setting up BIMI requires careful preparation, clean configuration, and a few specific file formats. This guide walks you through the complete process, from logo preparation to DNS publishing.

What You Need Before Starting - Prerequisites
Before you begin implementing BIMI, confirm that all prerequisites are fully met. Otherwise, your BIMI record may be technically correct but still ignored by mailbox providers.

1. Your Logo Meets BIMI Requirements
   Your logo must follow the BIMI-approved format, SVG Tiny Portable/Secure (SVG Tiny PS). This restricted format removes scripting and external dependencies and guarantees the image renders safely in inboxes. The SVG must be square, simple, and optimized for small rendering. Google recommends avoiding transparency and keeping the mark centered with clean edges.

2. DMARC Is Properly Configured
   BIMI requires a domain with a fully enforced DMARC policy. Your domain must pass SPF or DKIM alignment consistently, and the DMARC policy must be set to p=quarantine or p=reject. A policy of p=none prevents BIMI from working in Gmail and other supporting providers. Also make sure pct=100 is set so full enforcement applies to all outgoing messages.[AC2.1]

3. Hosting Server Supports BIMI Files
   Google mandates that BIMI-related files must be available via a public HTTPS server accessible, and a TLS version of 1.2 or higher is recommended for compatibility. When you serve PEM or SVG files, use proper MIME types so email clients can retrieve them correctly. If you already host assets or brand files on a secure domain, you can reuse the same infrastructure as long as the path remains consistently reachable.

Step 1 - Create a BIMI-Compatible SVG Version of Your Logo
The first technical step is preparing your BIMI logo. It must follow the SVG Tiny PS specification, which is more restrictive than standard SVG. It prohibits embedded scripts, filters, animations, and external references. Many vector-exporting tools offer an option to export Tiny SVG, although you may still need to manually inspect the file for unsupported tags.

Gmail adds a few extra rules & recommendations on top of the BIMI standard

1. Logo must be at least 96 x 96 pixels in absolute pixel value

2. The artwork should be centered in a square with a solid background

3. File size should be less than 32KB

4. SVG should include a tag to improve accessibility

Make sure the file uses baseProfile="tiny-ps", version="1.2", and avoids unsupported properties like root x= or y= attributes. Once the SVG passes these checks, you can safely use it for validation.

Step 2 - Obtain a VMC or CMC Certificate
Once your SVG is ready, the next requirement is certificate issuance. BIMI certificates help mailbox providers confirm that the brand displaying a logo is truly associated with the domain sending the emails.

What is BIMI Certificate Cost? The validation can involve business registry checks, video calls, and domain control verification. VMC certificate price starts as low as \(749 for trademark-verified brands, while the CMC certificate cost of \)649 applies to organizations without registered marks.

What You Need to Apply To request a BIMI certificate, you will need:
● Your SVG Tiny PS logo
● Proof of domain ownership
● Verified organization information, often through a third-party identity validation process
● Trademark certificates if applying for a VMC certificate

Issuance Files You Receive Once approved, you’ll receive a PEM file containing your logo and certificate details. The issuing authority will also provide intermediate certificates and a CA root chain. You will need these files in Step 3 when hosting them publicly. Keeping them organized is important because any mismatch between the certificate served by your domain and the certificate referenced in your DNS will prevent BIMI activation.

Step 3 - Upload Your PEM or SVG to Your Public Web Server
After receiving the certificate and preparing the SVG, store the files on an HTTPS-accessible location. Many organizations place their BIMI files in a dedicated directory, such as: https://example.com/.well-known/bimi/

If you’re using a PEM file (required for Gmail):

1. Upload the PEM file and any associated chain files to your public web server. Example: https://images.domain123.com/brand/certificate.pem

2. Make note of the exact URL because this is what you’ll reference in your BIMI DNS record.

If you’re using an SVG file instead of PEM (not supported by Gmail or any major email client):

1. Upload the SVG to a public server under the same domain used to send your email.

2. Save the SVG URL, since it will also be included in your DNS entry.

Whichever method you use, the URL you publish in DNS must be reachable without redirects or authentication.

Suggested naming patterns include logo.svg, logo.pem, certificate.pem, bimi.pem. Mailbox providers expect the URL to return the correct MIME type. For SVG, this is typically image/svg+xml. For PEM, it is usually application/x-pem-file.

Step 4 - Publish Your BIMI TXT Record in DNS
The DNS TXT record is the central reference point that mailbox providers check during BIMI validation. BIMI uses a specific syntax that identifies version and location of your hosted files.

A typical PEM-based record

v=BIMI1;l=;a=https://images.domain123.com/brand/certificate.pem

An SVG-based variant

v=BIMI1;l=https://images.domain123.com/brand/bimi-logo.svg

When you create the TXT record, keep everything inside one pair of quotes and make sure there aren’t any extra spaces or random line breaks. DNS changes usually take 24 to 48 hours to settle, and the logo often shows up a little later.

Common mistakes include:

● Incorrect URL paths
● SVG files served with the wrong MIME type
● Using p=none in DMARC
● Splitting TXT records into multiple lines unintentionally

Step 5 - Verify Your BIMI Implementation
You can check your configuration with BIMI testing tools, once your DNS update is complete. Such tools will validate your DMARC alignment, inspect your SVG or PEM file and confirm that your DNS syntax is correct.

Mailbox providers roll out BIMI visuals at different speeds. Not every provider supports it fully, and some only display logos for messages that pass DMARC with DKIM alignment. Gmail in particular may take additional time before the logo appears.

If the logo fails to show:

● DMARC Misalignment Inspect your DKIM selector or SPF records. Even minor errors cause BIMI to fail silently.

● Wrong MIME Type Confirm your server correctly identifies SVG and PEM files.

● Incorrect File Path Confirm the exact path in your TXT record matches the public URL.

Final Checklist (Quick Validation Before Going Live) Before announcing BIMI availability, confirm that

● DMARC policy is p=quarantine or p=reject
● pct=100 is applied
● SVG meets SVG Tiny PS specs
● VMC or CMC certificate chain is uploaded
● BIMI TXT record points to the correct URLs
● Files are accessible over HTTPS from all regions

This final check avoids the silent failures that are common in BIMI testing.

Conclusion
BIMI implementation strengthens the visual identity of your outbound communication. It helps recipients to distinguish genuine messages from unverified senders. BIMI is a natural step that delivers clear user-facing benefits for teams that are already committed to strong email authentication through DMARC. If you’re starting with a CMC because it’s quicker to obtain, you can always upgrade to a VMC later once trademark registration is complete. A consistent, authenticated logo across major mailbox providers builds trust that is difficult to achieve through content alone. With the right preparation and attention to detail, your organization can deploy BIMI without friction and maintain a more recognizable presence in customers' inboxes.