BIMI (Brand Indicators for Message Identification) is an email standard that lets domain owners publish a brand logo in DNS for display in supported email clients. It requires DMARC enforcement and typically a mark certificate (VMC or CMC) to verify logo ownership.

How much does BIMI cost?

BIMI costs include a mark certificate (roughly $1,100–$1,750/year) and potentially trademark registration ($350+ depending on jurisdiction, taking 6–12 months). The cheapest path is a Common Mark Certificate, which doesn't require a trademark but does require proof of prior logo use.

Does BIMI require DMARC?

Yes. BIMI requires DMARC at enforcement level — p=quarantine or p=reject with pct=100. DMARC at p=none does not qualify for BIMI.

Email authentication

What is BIMI?

BIMI lets you display your brand logo next to your emails in supported inboxes. It's the visible reward for getting DMARC right — but it has prerequisites, costs, and limitations that MSPs should understand before recommending it to clients.

What BIMI is and how it works

BIMI (Brand Indicators for Message Identification) is a DNS-published signal that lets a sending domain specify a logo for mailbox providers to display next to authenticated mail. It doesn't change whether a message is delivered — it only affects the visual presentation in inboxes that support it.

The BIMI DNS record:

Published as a TXT record at default._bimi.<your-domain>:

default._bimi.yourdomain.com  TXT  "v=BIMI1; l=https://assets.yourdomain.com/bimi/logo.svg; a=https://assets.yourdomain.com/bimi/certificate.pem"

Note: l= is the logo URL, a= is the evidence document (certificate). Some providers require a certificate in a=; others may display logos from self-asserted records without one.

The record includes:

v=BIMI1 — identifies the record as BIMI
l= — logo URL (HTTPS link to an SVG, or left blank when using a certificate-based approach)
a= — evidence document URL (HTTPS link to a PEM certificate file)

The logo must be SVG Tiny PS (Portable/Secure profile):

No scripts, animations, or interactive elements
No external links or references
Root element must not include x= or y= attributes
baseProfile="tiny-ps" and version="1.2" required
Gmail adds practical constraints: minimum 96×96 pixels, recommended 32 KB or smaller, centered in a square

SVG Tiny PS compliance errors are among the most common BIMI implementation blockers.

Prerequisites for BIMI

DMARC at enforcement:

BIMI requires DMARC with p=quarantine or p=reject and pct=100. p=none does not qualify. A domain that is technically enforced but running pct<100 may also be blocked from BIMI display in some providers.

→ If your domain isn't at enforcement yet: What is DMARC?

A mark certificate (VMC or CMC):

Gmail requires a third-party certificate — either a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC):

VMC: requires a registered trademark in a recognized intellectual property office. Enables the Gmail verified checkmark (blue check).
CMC: designed for logos that aren't registered trademarks. Requires proof of at least 12 months of public logo use (verifiable via archive sources like archive.org). Displays the logo in Gmail but without the verified checkmark.

Certificate issuers:

The BIMI Group maintains a list of accepted Mark Verification Authorities (MVAs). Mailbox providers choose which issuers they accept, so acceptance by one provider doesn't guarantee acceptance by another. Check current issuer availability before purchasing — the landscape has shifted recently, and some historical issuers may no longer offer new certificates.

HTTPS hosting:

The certificate PEM and any standalone SVG must be hosted over HTTPS (TLS 1.2 or later recommended). Gmail expects intermediate and root CA certificates appended to the entity certificate PEM in the correct order.

Which providers display BIMI

Gmail:

Requires VMC or CMC. Displays the verified checkmark only for VMC. Requires DMARC at enforcement (p=quarantine or p=reject) with pct=100. Gmail expanded verified checkmark display to Android and iOS apps.

Apple Mail:

Supports BIMI on macOS Ventura 13, iOS 16, and iPadOS 16 or later. Apple's architecture requires the recipient's mailbox provider to validate BIMI and add specific headers — the sender alone can't guarantee Apple Mail display.

Yahoo:

Does not currently require a VMC for BIMI logos to appear. If a BIMI record includes a VMC, Yahoo uses it to inform eligibility, but self-asserted records may display logos without a certificate. This is why organizations often see BIMI “working” in Yahoo first and mistakenly assume Gmail will also display the logo.

Other providers:

BIMI support is not universal. The BIMI Group publishes a support landscape. Many providers do not display BIMI.

What BIMI costs

Certificate pricing (representative current public pricing from DigiCert):

CMC: approximately $1,416/year
VMC: approximately $1,752/year

Pricing varies by issuer, region, and plan structure. Other issuers may offer different pricing. Mark certificates are generally managed on annual renewal cycles and sold as annual subscriptions.

Trademark registration (VMC only):

If the logo isn't already trademarked:

USPTO: base filing fee around $350 per class
EUIPO: base online fee around €850 for one class
WIPO Madrid System: base fee of 653 CHF (black-and-white) or 903 CHF (color), plus jurisdiction-specific fees

Trademark registration can take 6–12 months.

For MSPs advising SMBs: Model the total cost including certificate + trademark (if needed) + implementation labor. For a client without an existing trademark, the all-in cost for VMC-based BIMI can exceed $2,000/year plus a multi-month wait for trademark registration.

When BIMI is worth pursuing — and when it isn't

BIMI makes sense when:

The domain is already at DMARC enforcement (p=reject or p=quarantine, pct=100)
A significant portion of recipients use providers that display BIMI (primarily Gmail, Apple Mail, Yahoo)
The organization has a recognizable logo and wants to reinforce brand identity in the inbox
The CMC path is available (logo has 12+ months of public use), avoiding the trademark requirement

BIMI is probably not worth pursuing when:

The domain isn't at DMARC enforcement yet — getting to enforcement first provides more risk reduction than BIMI
Recipients are primarily on providers that don't display BIMI
The organization has no registered trademark and no 12+ months of provable public logo use — BIMI becomes a multi-quarter project with uncertain return
Budget is limited — the certificate cost is recurring and the engagement lift data is directional, not definitive

On ROI claims:

Some vendor-commissioned studies report open rate increases when logos display in inbox avatar slots. These findings are directional but should be treated with caution — email open rate measurement is increasingly noisy due to prefetching, bot traffic, and privacy changes. Prefer downstream measures (clicks, replies, conversions, spoofing incident reduction) over open rate lift.

The strongest non-marketing argument for BIMI:

BIMI forces improvements in authentication hygiene. To qualify, you must have aligned DKIM, enforced DMARC, properly hosted assets, and certificate-level change control. The security and governance benefits of meeting those prerequisites may be more valuable than the logo display itself.

Get to enforcement first

BIMI requires DMARC enforcement. DMARCit helps you get there — see every sender, fix alignment gaps, and move from monitoring to enforcement with confidence.

See your senders See how it works 7-day free trial · Cancel anytime