BIMI Lookup
Check if your BIMI DNS record is correctly published, your logo URL is reachable, and your DMARC policy meets the enforcement requirement for brand logo display in Gmail and Apple Mail.
Use BIMI Lookup in 4 Steps
What is BIMI Lookup?
BIMI Lookup checks the default._bimi.yourdomain.com DNS TXT record that lets brands display a verified logo in email inboxes. Use this tool to verify your BIMI record is published, your SVG logo URL is reachable, and your DMARC prerequisite is met before your logo appears in Gmail, Apple Mail, or Yahoo.
The Architecture of BIMI: Verified Visual Identity
BIMI is more than just a profile picture for your emails. It is a standardized, DNS-based protocol (RFC 9091) that links your verified brand logo to your sending domain. When a user sees your official, high-resolution logo next to your name in their Gmail or Apple Mail inbox, they are receiving implicit confirmation that the email has been authenticated and verified by the receiving mail provider.
The technical workflow is a multi-step verification process. When an email arrives, the receiving mail server first checks your SPF, DKIM, and DMARC status. If your DMARC policy is at an enforcement level (reject or quarantine), the server then queries your DNS for a BIMI record at default._bimi.yourdomain.com. This record contains a URL pointing to your logo file and, optionally, a URL pointing to a Verified Mark Certificate (VMC) that proves you own the trademark for that logo.
| Support Status | Mail Client / Provider | VMC Required? | Impact on Brand |
|---|---|---|---|
| Full Support | Google Gmail | Yes | High — Verified Blue Checkmark |
| Full Support | Apple Mail (iOS/macOS) | No (Optional) | High — Integrated Inbox Logo |
| Partial Support | Yahoo Mail | No (Optional) | Medium — Growing Integration |
| No Support | Microsoft Outlook | Not Applicable | None — Uses Internal Profiles |
The table above shows that Google Gmail requires a VMC for logo display, while Apple Mail and Yahoo allow self-asserted BIMI where the logo displays based purely on the DNS record. This divide makes BIMI a tiered implementation: every brand can start with basic BIMI for Apple users, while larger enterprises invest in VMCs to capture the Gmail audience with a Verified blue checkmark.
Prerequisites: What You Need Before Publishing a BIMI Record
BIMI has the strictest prerequisites of any email standard. If even one of these pillars is weak, the receiving mail server will silently ignore your BIMI record entirely.
The primary hurdle is DMARC Enforcement. Your DMARC policy must be set to either p=quarantine or p=reject. A policy of p=none (which is what most companies start with for monitoring) is explicitly excluded from the BIMI standard. Furthermore, many providers require your Percentage tag (pct) to be 100.
- SPF & DKIM Maturity: Your domain must have functional SPF and DKIM records. DKIM signatures must use at least 1024-bit keys (2048-bit is the industry recommendation).
- Identifier Alignment: Your
From:header domain must match the domain used in your SPF and DKIM signatures. This "alignment" is what allows DMARC to pass successfully. - HTTPS Availability: Your logo file must be hosted on a secure
https://server with a valid SSL certificate. Plainhttp://URLs will be rejected. - Reputation Health: Some providers (like Google) also perform an internal reputation check. Even if your settings are perfect, if your domain has a bad reputation due to high spam complaints, they may temporarily suppress your BIMI logo.
Authentication alignment is often the hidden failure point. Many companies use external ESPs like SendGrid or Mailchimp but forget to set up Branded Links or Custom Return Paths. In these cases, the ESP signs the mail with their domain, but your email says it is from your domain. This results in a DMARC pass but an Alignment Fail, which is fatal for BIMI. You must ensure that every mail flow originating from your domain is fully aligned and authenticated before attempting to publish your BIMI record.
VMC vs. Self-Asserted BIMI
| Feature | Self-Asserted BIMI | VMC-Verified BIMI |
|---|---|---|
| Cost | $0 / Free | ~$1,200–$1,500 per year |
| Requirements | DNS Record + SVG Logo | Trademark + DNS + SVG + VMC |
| Wait Time | Immediate | 1–4 Weeks (Verification) |
| Verified Mark | No | Yes (Gmail Verified Checkmark) |
| Gmail Support | No | Yes |
| Apple Mail Support | Yes | Yes |
A VMC is a digital proof of ownership for your logo, issued by an authorized Certificate Authority like DigiCert or Entrust. It proves to the mail world that you hold a registered trademark for the logo you are trying to display. To get a VMC, your logo must be a registered trademark in one of the approved global offices (like the USPTO in the US or EUIPO in Europe). If your logo is not yet a registered trademark, implement self-asserted BIMI today and upgrade once your trademark registration completes.
The SVG Tiny P/S Requirement
You cannot use a .png, .jpg, or even a standard .svg file. BIMI requires a specific, secure subset of the SVG format called SVG Tiny Portable/Secure (Tiny P/S). Exporting an SVG from Adobe Illustrator or Figma and simply changing the file extension will not work. You must use a specialized BIMI SVG Converter tool to sanitize the file.
- Square Aspect Ratio: Your logo should be perfectly square (1:1). Most mail clients display the logo in a circle, so ensure your branding is centered.
- Solid Background: Avoid transparency. A white logo on a transparent background will vanish in Dark Mode.
- No Animations: BIMI does not support animated logos. It must be a static vector.
- File Size: Keep it under 32KB. Larger files may fail to load on mobile.
- MIME Type: Your server must return
image/svg+xml. Servingtext/plainorapplication/octet-streamwill cause the client to ignore the image for security reasons.
BIMI Record Syntax and DNS Configuration
BIMI is published as a DNS TXT record at default._bimi.yourdomain.com. The record must begin with the version tag v=BIMI1. The two primary tags are l= (Location of the logo URL) and a= (Authority, or the VMC certificate URL).
; Self-Asserted BIMI Record (no VMC):
default._bimi.yourdomain.com TXT "v=BIMI1; l=https://cdn.example.com/logo.svg"
; VMC-Verified BIMI Record:
default._bimi.yourdomain.com TXT "v=BIMI1; l=https://cdn.example.com/logo.svg; a=https://cdn.example.com/vmc.pem"
If you are using a self-asserted setup, omit the a= tag entirely to avoid validation confusion. Set your TTL to 3600 (1 hour) so you can fix mistakes quickly if your logo URL changes.
# Verify your BIMI record is visible to the public internet:
dig TXT default._bimi.yourdomain.com +short
# Check that your logo URL is accessible and returns the correct MIME type:
curl -sI https://cdn.example.com/logo.svg | grep -i content-type
# Expected: content-type: image/svg+xml
Troubleshooting Common BIMI Failures
| Failure Symptom | Likely Cause | Recommended Fix |
|---|---|---|
| Logo missing in Gmail | No VMC or p=none DMARC | Purchase VMC or enforce DMARC policy |
| Logo missing in Apple Mail | SVG not Tiny P/S compliant | Re-export with a BIMI SVG converter tool |
bimi=fail in email headers | Logo URL not accessible | Check HTTPS availability and MIME type |
bimi=skipped in email headers | DMARC at p=none | Upgrade DMARC to quarantine or reject |
| BIMI check times out | Logo URL behind firewall/VPN | Expose logo URL to the public internet |
| Logo appears then disappears | SSL cert expired on logo host | Monitor SSL expiry for your logo CDN |
Check email headers for BIMI-Location or Authentication-Results. If you see bimi=fail or bimi=skipped, the header often provides a specific reason such as no-vmc, policy-not-at-enforcement, or logo-fetch-failed. Remember that BIMI results are heavily cached — after fixing a mistake, allow 24–72 hours for old bad results to expire from provider caches like Gmail or Yahoo.
Volume thresholds are another invisible barrier. Some providers, particularly Gmail, only display BIMI logos for domains that reach a minimum sender volume or trust level. If you only send a handful of emails per month, the solution is time and consistent, high-volume, clean sending behavior.
Frequently Asked Questions
yourdomain.com
Get guides like this by email
DNS, email auth, and security playbooks delivered when they publish. No spam.