Last updated: July 2026

In short: BIMI shows your brand logo next to your emails in the inbox. After this guide you publish the default._bimi TXT record at OVHcloud — and know the real prerequisites: DMARC, SVG logo, certificate.

Prerequisites

  • A domain whose DNS zone is hosted at OVHcloud (“OVHcloud DNS servers in use for the domain name concerned”)
  • DMARC at enforcement (p=quarantine or p=reject)
  • Logo as SVG Tiny PS and (for Gmail & co.) a VMC

What is BIMI?

BIMI (Brand Indicators for Message Identification) is a TXT record that points to your brand logo. Gmail, Apple Mail, and Yahoo then show it next to your authenticated emails. BIMI is not a security method of its own, but the visible reward for clean SPF, DKIM, and DMARC — and thus the last step.

The real work isn’t in the record

The TXT record is the same at every provider and quickly set. The effort is the prerequisites, which the BIMI Group names clearly:

  1. DMARC at enforcement. Your policy must “be at enforcement on the organizational domain and subdomains” — a p=none or a pct under 100 is out: “policies or ‘pct’ less than 100 percent are not accepted”. If your OVHcloud DMARC is still on none, first work through the DMARC guide for OVHcloud.
  2. SVG logo. “Produce an SVG Tiny PS version of your official logo” — square, reachable over HTTPS.
  3. VMC or CMC. The BIMI Group lists it as “Highly recommended, but Optional”; in practice Gmail & co. require a certificate for display. Self-asserted “BIMI records have limited support across the various Mailbox Providers”.

Step-by-step guide

1. Check the prerequisites

With the free MXAudit scanner you check SPF, DKIM, and DMARC — DMARC must be at quarantine/reject.

2. Provide the logo and (optionally) certificate

Place the logo as SVG Tiny PS over HTTPS, obtain a VMC/CMC from a Mark Verifying Authority, and also serve the .pem file over HTTPS.

3. Create the BIMI TXT record at OVHcloud

Open Web Cloud → DNS zone for your domain and click Add an entry, then choose the TXT record type. The BIMI Group’s basic scheme is default._bimi.[domain] IN TXT, so create:

  • Sub-domain: default._bimi
  • Type: TXT
  • Value: v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem

Without a certificate you leave out a= — the BIMI Group notes the “a= tag is currently optional (reservered for VMC/CMC)”, though the large mailbox providers usually need it for display.

4. Wait and check

After DNS propagation (OVHcloud allows up to 24 hours), check the record with the MXAudit scanner or the BIMI Inspector of the BIMI Group.

Common mistakes

BIMI without DMARC enforcement. Record set, but DMARC on p=none — no logo. quarantine/reject is mandatory.

Wrong SVG format. Only SVG Tiny PS, square. Normal SVGs are rejected.

No VMC, expecting Gmail display. Without a certificate the logo usually stays invisible at the large providers.

Logo not over HTTPS. l= and a= must point to files publicly reachable over HTTPS.

Further reading