Last updated: July 2026

In short: BIMI shows your brand logo next to your emails. After this guide you publish the default._bimi TXT record in the nameserver settings — and know the prerequisites: DMARC, SVG logo, certificate.

Prerequisites

  • A domainfactory account with access to the customer menu
  • DMARC at enforcement (p=quarantine or p=reject)
  • Logo as SVG Tiny PS and (for Gmail & co.) a VMC

What is BIMI?

BIMI (Brand Indicators for Message Identification) is a TXT record that points to your brand logo. Gmail, Apple Mail, and Yahoo show it next to your authenticated emails. BIMI is not a security method of its own, but the visible reward for clean SPF, DKIM, and DMARC — the last step.

The real work isn’t in the record

The TXT record is quickly set at domainfactory — TXT entries, per df, are explicitly intended for services “for which no dedicated entry type is available”. The effort is the prerequisites, which the BIMI Group names clearly:

  1. DMARC at enforcement. Your policy must “be at enforcement on the organizational domain and subdomains” — a p=none or a pct under 100 “policies or ‘pct’ less than 100 percent are not accepted”. See DMARC for domainfactory.
  2. SVG logo. “Produce an SVG Tiny PS version of your official logo” — square, over HTTPS.
  3. VMC or CMC. In practice needed for display at Gmail & co. (“highly recommended, but Optional”). Self-asserted BIMI “records have limited support across the various Mailbox Providers”.

Step-by-step guide

1. Check the prerequisites

With the free MXAudit scanner you check SPF, DKIM, and DMARC — DMARC must be at quarantine/reject.

2. Provide the logo and (optionally) certificate

Place the logo as SVG Tiny PS over HTTPS, obtain a VMC/CMC, and serve the .pem file over HTTPS.

3. Create the BIMI TXT record

In the customer menu, under Nameserver settings, open the domain via Edit and create a TXT entry:

  • Hostname: default._bimi
  • Type: TXT
  • Value: v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem

Basic scheme per the BIMI Group: default._bimi.[domain] IN TXT "v=BIMI1; l=[SVG URL]; a=[PEM URL]". Without a certificate you leave out a= — it’s “currently optional”. A real record (ebay.com):

v=BIMI1;l=https://vmc.digicert.com/….svg;a=https://vmc.digicert.com/….pem

4. Wait and check

After DNS propagation, check the record with the MXAudit scanner or the BIMI Inspector of the BIMI Group.

Common mistakes

BIMI without DMARC enforcement. p=none isn’t enough; quarantine/reject is mandatory.

Wrong SVG format. Only SVG Tiny PS, square.

No VMC, expecting Gmail display. Without a certificate the logo usually stays invisible at the large providers.

Logo not over HTTPS. l= and a= must point to files publicly reachable over HTTPS.

Further reading