Last updated: July 2026

In short: BIMI shows your brand logo next to your emails. After this guide you publish the default._bimi TXT record at united-domains — and know the prerequisites: DMARC, SVG logo, certificate.

Prerequisites

  • A domain in the united-domains portfolio
  • DMARC at enforcement (p=quarantine or p=reject)
  • Logo as SVG Tiny PS and (for Gmail & co.) a VMC

What is BIMI?

BIMI (Brand Indicators for Message Identification) is a TXT record that points to your brand logo. Gmail, Apple Mail, and Yahoo show it next to your authenticated emails. BIMI is not a security method of its own, but the visible reward for clean SPF, DKIM, and DMARC — the last step.

The real work isn’t in the record

At united-domains, SPF and DKIM are already automatically active for mailbox domains — a good starting point. But BIMI still lacks the real prerequisites, which the BIMI Group names clearly:

  1. DMARC at enforcement. Your policy must “be at enforcement on the organizational domain and subdomains” — a p=none or a pct under 100 “policies or ‘pct’ less than 100 percent are not accepted”. See DMARC for united-domains.
  2. SVG logo. “Produce an SVG Tiny PS version of your official logo” — square, over HTTPS.
  3. VMC or CMC. In practice needed for display at Gmail & co. (“highly recommended, but Optional”). Self-asserted BIMI “records have limited support across the various Mailbox Providers”.

Step-by-step guide

1. Check the prerequisites

With the free MXAudit scanner you check SPF, DKIM, and DMARC — DMARC must be at quarantine/reject.

2. Provide the logo and (optionally) certificate

Place the logo as SVG Tiny PS over HTTPS, obtain a VMC/CMC, and serve the .pem file over HTTPS.

3. Create the BIMI TXT record

In the domain management, click the email symbol next to the domain, then go to the DNS entries. Create a TXT record:

  • Hostname: default._bimi
  • Type: TXT
  • Value: v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem

Basic scheme per the BIMI Group: default._bimi.[domain] IN TXT "v=BIMI1; l=[SVG URL]; a=[PEM URL]". Without a certificate you leave out a= — it’s “currently optional”. A real record (ebay.com):

v=BIMI1;l=https://vmc.digicert.com/….svg;a=https://vmc.digicert.com/….pem

4. Wait and check

After DNS propagation, check the record with the MXAudit scanner or the BIMI Inspector of the BIMI Group.

Common mistakes

BIMI without DMARC enforcement. p=none isn’t enough; quarantine/reject is mandatory.

Wrong SVG format. Only SVG Tiny PS, square.

No VMC, expecting Gmail display. Without a certificate the logo usually stays invisible at the large providers.

Logo not over HTTPS. l= and a= must point to files publicly reachable over HTTPS.

Further reading