Documentation
Sign inGet started
Get started
Guides
API Reference
SDKs & CLI
Knowledge Base
Changelog

BIMI

BIMI (Brand Indicators for Message Identification) displays your verified brand logo next to your messages in supporting inboxes — Gmail, Yahoo Mail, Apple Mail, and others. It is a visual reward for getting email authentication right: a recipient scanning their inbox sees your logo instead of generic initials, which builds trust, reinforces your brand on every send, and makes spoofed mail easier to spot because the imitation arrives without it.
BIMI is a DNS standard, not a Bird feature — there is no BIMI API in Bird's v1 surface. You publish the record yourself at your DNS provider, on a domain you have already verified with Bird. This page covers the prerequisites, the record, the logo format, and the certificate some providers require.

Prerequisites

BIMI builds on top of email authentication, so everything in DKIM, SPF & DMARC comes first:
  • A verified sending domain on Bird. Your domain's DKIM, return-path, and DMARC records must be published and verified — see Sending domains if you have not set one up yet.
  • DMARC at enforcement. This is the key gotcha: BIMI requires a DMARC policy of p=quarantine or p=reject, which is stricter than what Bird's send gate accepts. Bird only requires that a valid DMARC record exists — its recommended starting value uses p=none — so a domain can be fully verified and sending on Bird while still not qualifying for BIMI. Mailbox providers also evaluate the policy at your organizational domain (the registrable apex, e.g. example.com), so a p=quarantine on a subdomain does not count if the apex policy is p=none, and an apex record with sp=none weakening subdomain enforcement disqualifies you too.

Moving DMARC to enforcement

Do not jump from p=none to p=reject in one step. At enforcement, mail that fails DKIM and SPF alignment gets quarantined or rejected — and that includes any legitimate mail flowing through senders you forgot about (a CRM, a ticketing system, an old newsletter tool). The safe path:
  1. Stay on p=none and read your aggregate reports (rua) for a few weeks to inventory every source sending as your domain. Mail sent through your verified Bird domain passes DKIM with alignment, so it is safe at any policy.
  2. Fix or retire unauthenticated sources, then move to p=quarantine, optionally ramping with pct= (e.g. pct=25) to enforce on a fraction of failing mail first.
  3. Once the reports are clean at full quarantine, move to p=reject if you want the strongest policy. Both quarantine and reject satisfy BIMI.

The BIMI DNS record

BIMI is a single TXT record at the default._bimi selector under your domain:
TypeHostValue
TXTdefault._bimi.example.comv=BIMI1; l=https://example.com/brand/logo.svg; a=https://example.com/brand/vmc.pem
  • v=BIMI1 — the version tag, always first.
  • l= — an HTTPS URL to your logo in SVG Tiny PS format (see below).
  • a= — an HTTPS URL to your Verified Mark Certificate (see below). Omit the tag or leave it empty (a=;) if you are publishing without a certificate; providers that require one simply will not show the logo.
Publish it like any other TXT record at your DNS provider — the same place you published your Bird verification records. Like DMARC, the record is looked up at your sending domain first, falling back to the organizational domain, so a single record at the apex covers subdomains that do not declare their own.

Logo requirements

The l= URL must point to an SVG in the SVG Tiny Portable/Secure (SVG Tiny PS) profile — a locked-down SVG subset that forbids scripts, external references, and animation. A regular SVG export from a design tool will usually be rejected until converted; free SVG Tiny PS converters and validators are available from the BIMI Group and certificate authorities. Beyond the profile:
  • Square aspect ratio, with the logo centered — clients render it in a circle or rounded square, so keep meaningful content away from the corners.
  • Solid background color, not transparent — transparency renders unpredictably across clients.
  • Served over HTTPS from a publicly reachable URL, ideally small (under 32 KB is a common guideline).
  • The SVG's <title> element should contain your brand name.

Verified Mark Certificates (VMC)

A VMC is a certificate from an authorized certification authority (currently DigiCert and Entrust) that attests you own the logo — typically by tying it to a registered trademark, though some CAs also offer marks based on prior use. The CA validates your organization and the mark, then issues a .pem certificate that embeds the logo itself; you host it at the a= URL.
Whether you need one depends on the mailbox provider:
  • Gmail requires a VMC (or its sibling, the Common Mark Certificate). Without one, Gmail will not display your logo even if your record and DMARC policy are perfect.
  • Yahoo Mail does not require a certificate, but it does require DMARC enforcement at the organizational domain and applies its own sender-reputation bar — new or low-volume senders may not get the logo immediately even with a valid record.
  • Other BIMI-aware clients fall somewhere in between; requiring a VMC is the trend.
If your audience is mostly Gmail, budget for the certificate — it is the larger cost and lead time in a BIMI rollout, since trademark validation takes time. You can publish the record with only l= first and add a= when the certificate is issued.

Verifying it works

Bird does not check or report BIMI status — verify it with the standard ecosystem tools:
  • Run your domain through a BIMI inspector (the BIMI Group and several email-tooling vendors offer free ones). These check the record syntax, fetch and validate the SVG, verify the VMC, and confirm your DMARC policy qualifies — and tell you exactly which requirement is unmet.
  • Send a real message through your Bird domain to a Gmail and a Yahoo mailbox and look for the logo. Allow for propagation and provider-side evaluation: the logo often appears within hours of a correct setup but can take longer, especially on Yahoo where reputation factors in.
If the logo does not appear, the cause is almost always one of: DMARC not at enforcement on the organizational domain, an SVG that fails the Tiny PS profile, a missing VMC on Gmail, or insufficient sending reputation.

Next steps

  • Set up or check your domain's verification records: Sending domains
  • Understand the authentication records BIMI builds on, including the DMARC policy upgrade: DKIM, SPF & DMARC