BIMI sits one layer above DMARC. It is the protocol that takes the trust you have built by getting to p=quarantine or p=reject, and turns it into your logo appearing next to your messages in the inbox. Gmail rolled out BIMI logo display in 2021. Yahoo followed. Apple Mail joined in 2023 with iOS 16. By 2026, every major consumer mailbox honors BIMI in some form, and several B2B clients have started to as well.
We shipped DMARC support before BIMI existed. We added BIMI support so that domain owners who do the hard work of getting to enforcement get a complete picture of the visual trust layer that DMARC unlocks. This post walks through what the platform actually does with your BIMI record, what it validates, and what it tells you when something is wrong.
What BIMI Actually Is
BIMI publishes a TXT record at default._bimi.<your-domain>. The selector defaults to default, but it can be customized, and the record uses the same tag=value format as DMARC. A complete record looks like:
v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem
Three tags matter.
v=BIMI1declares the version. Required. Currently onlyBIMI1exists.l=is the URL of the logo image. The image MUST be SVG Tiny PS (a constrained SVG profile defined in the BIMI draft) and MUST be served over HTTPS.a=is the URL of the Verified Mark Certificate (VMC), a certificate issued by a Certificate Authority that has independently verified your right to use the logo. Gmail and Yahoo will not display the logo without a valid VMC. The BIMI standard makes the certificate optional, but the practical reality of 2026 is that you need one.
There is a prerequisite that lives outside the BIMI record itself. Your domain has to be at DMARC enforcement (p=quarantine or p=reject) with sp= set to the same level or stricter. A domain at p=none is, by spec, not eligible for BIMI logo display, and the major receivers enforce that strictly.
What This Means for Your Domain
Getting BIMI to actually display is a four-step path:
- Reach DMARC enforcement. This is the hardest step, and the one most domains never finish.
- Produce an SVG Tiny PS asset of your logo. Standard SVG exported from Illustrator or Figma will not work; the profile is intentionally restricted (no scripts, no external references, no animations, single root element with a
baseProfile="tiny-ps"attribute). - Obtain a Verified Mark Certificate from one of the small number of CAs that issue them (DigiCert and Entrust are the established names). This requires a registered trademark on the logo in most jurisdictions.
- Publish the TXT record at
default._bimi.<your-domain>pointing at the logo URL and the VMC URL, both served over HTTPS.
Most domains get stuck at step 1 or step 3. The platform will tell you which one is blocking you.
How Excello Mail Supports BIMI
We added BIMI to the same domain analysis pipeline that produces our DMARC, SPF, and DKIM views. When you analyze a domain, the platform runs the BIMI check in parallel with the others and surfaces the result on the same screen.
- Record discovery. We query
default._bimi.<your-domain>and detect any TXT record starting withv=BIMI1. If nothing is published, the BIMI section of the report tells you so explicitly, instead of staying silent. - Record parsing. When a record is present, we parse it into its constituent tags and surface each one separately. The logo URL (
l=) and the VMC URL (a=) appear as clickable links so you can sanity-check what your record actually points at. - Validation. We check the record for the structural problems that block logo display in practice: missing
v=BIMI1, empty logo URL, non-HTTPS URLs, malformed tags. The errors come back in plain language, not as raw parser exceptions. - VMC awareness. We surface the certificate URL alongside the logo URL, and our documentation calls out that omitting the VMC leaves Gmail and Yahoo unable to display the logo, even when the rest of the record is valid. We do this because the BIMI spec technically allows the omission, and the consequence is invisible until a real Gmail account fails to render the logo.
- DMARC prerequisite visibility. Because the platform already shows your DMARC policy on the same screen, you can see in one view whether your domain is at the enforcement level that BIMI requires. A domain at
p=nonewith a perfectly valid BIMI record will not display, and the report makes the relationship between the two records explicit. - Multilingual. All BIMI documentation, validation messages, and field descriptions are available in English, Spanish, and Portuguese, the same as the rest of the platform.
The result: when a domain owner asks “why is my logo not showing up in Gmail,” the answer is usually visible on a single page in the platform, instead of requiring them to manually run dig against four record types and cross-reference three RFCs.
Try Excello Mail
Excello Mail is a fully managed DMARC monitoring and email security analysis platform. Beyond DMARC reporting (now compliant with RFC 9989, RFC 9990, and RFC 9991), we surface your SPF posture, your DKIM key inventory, and your BIMI configuration on the same domain page. If you have not yet reached enforcement, we guide you from p=none through to p=reject without breaking your legitimate mail. If you have reached enforcement, we make sure the BIMI layer that sits on top of that work is configured correctly.
Have a BIMI record that is published but not displaying? Sign up for an account and our team will trace the gap with you.