Last updated: July 2026
In short: BIMI shows your brand logo next to your emails. After this guide you publish the
default._bimiTXT record in the nameserver settings — and know the prerequisites: DMARC, SVG logo, certificate.
Prerequisites
- A domainfactory account with access to the customer menu
- DMARC at enforcement (
p=quarantineorp=reject) - Logo as SVG Tiny PS and (for Gmail & co.) a VMC
What is BIMI?
BIMI (Brand Indicators for Message Identification) is a TXT record that points to your brand logo. Gmail, Apple Mail, and Yahoo show it next to your authenticated emails. BIMI is not a security method of its own, but the visible reward for clean SPF, DKIM, and DMARC — the last step.
The real work isn’t in the record
The TXT record is quickly set at domainfactory — TXT entries, per df, are explicitly intended for services “for which no dedicated entry type is available”. The effort is the prerequisites, which the BIMI Group names clearly:
- DMARC at enforcement. Your policy must “be at enforcement on the organizational domain and subdomains” — a
p=noneor apctunder 100 “policies or ‘pct’ less than 100 percent are not accepted”. See DMARC for domainfactory. - SVG logo. “Produce an SVG Tiny PS version of your official logo” — square, over HTTPS.
- VMC or CMC. In practice needed for display at Gmail & co. (“highly recommended, but Optional”). Self-asserted BIMI “records have limited support across the various Mailbox Providers”.
Step-by-step guide
1. Check the prerequisites
With the free MXAudit scanner you check SPF, DKIM, and DMARC — DMARC must be at quarantine/reject.
2. Provide the logo and (optionally) certificate
Place the logo as SVG Tiny PS over HTTPS, obtain a VMC/CMC, and serve the .pem file over HTTPS.
3. Create the BIMI TXT record
In the customer menu, under Nameserver settings, open the domain via Edit and create a TXT entry:
- Hostname:
default._bimi - Type:
TXT - Value:
v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem
Basic scheme per the BIMI Group: default._bimi.[domain] IN TXT "v=BIMI1; l=[SVG URL]; a=[PEM URL]". Without a certificate you leave out a= — it’s “currently optional”. A real record (ebay.com):
v=BIMI1;l=https://vmc.digicert.com/….svg;a=https://vmc.digicert.com/….pem
4. Wait and check
After DNS propagation, check the record with the MXAudit scanner or the BIMI Inspector of the BIMI Group.
Common mistakes
BIMI without DMARC enforcement. p=none isn’t enough; quarantine/reject is mandatory.
Wrong SVG format. Only SVG Tiny PS, square.
No VMC, expecting Gmail display. Without a certificate the logo usually stays invisible at the large providers.
Logo not over HTTPS. l= and a= must point to files publicly reachable over HTTPS.
Further reading
- BIMI Group: Implementation Guide (retrieved: July 10, 2026)
- BIMI Group: Creating an SVG logo (retrieved: July 10, 2026)
- Google Workspace Help: BIMI (retrieved: July 10, 2026)
