Set Up BIMI: A Step-by-Step Guide
- A Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) for your domain from a third-party Certificate Authority (CA).
- DMARC set up for your domain.
- A public web server that supports BIMI.
Before You Get Started: Verify Your Logo’s Eligibility for VMC or CMC
To use your logo with BIMI, it must be certified through a VMC or CMC issued by a CA.
For VMC Eligibility:
- Your logo must be trademarked by an intellectual property office recognized by VMC issuers. We recommend consulting with your legal team or an attorney to handle the trademarking process, which typically takes 6-12 months.
- A VMC is the most secure option for BIMI.
Set Up DMARC to Support BIMI
BIMI requires that messages be authenticated using DMARC, an email standard that handles unauthenticated messages based on a policy you set. To implement DMARC, you must first set up SPF or DKIM for your domain.
For BIMI to work, your domain’s DMARC policy must meet the following conditions:
- The policy option (
p) must be set to quarantine or reject (BIMI does not supportp=none). - The percent option (
pct) must be set to 100 to apply the DMARC policy to all outgoing mail from your domain.
For detailed DMARC setup instructions, visit Set up DMARC.
Ensure Your Web Server Supports BIMI
Your web server must use the HTTPS protocol, with TLS 1.2 or later for secure connections. The TLS certificate must reference the trusted root CA certificate.
For web server requirements, see Fetch and Validation of Verified Mark Certificates (which applies to CMCs as well).
Step 1: Create Your Logo File
Logos used with BIMI must be in Scalable Vector Graphics (SVG) format. SVG is a flexible, open-standard format that adapts to different screen resolutions. When applying for a VMC or CMC, you must submit your logo in SVG format.
Requirements for BIMI SVG Files:
- Minimum dimensions of 96x96 pixels.
- Specify size in absolute pixels (e.g.,
width="96" height="96"), not relative dimensions. - The logo should be centered in a square with a 1:1 ratio (e.g., 539.63 x 233.58 pixels).
- A solid color background is preferred; transparent backgrounds may not display correctly.
- The SVG file must be no larger than 32 KB.
- Include the
<desc>element for accessibility.
BIMI SVG Standards:
- Exclude external links (except XML namespaces), scripts, animations, or interactive elements.
- The root
<svg>element should not includex=ory=attributes. - Set the
baseProfileattribute totiny-ps.
Example SVG tag:
htmlCopyEdit<svg version="1.2" baseProfile="tiny-ps" viewBox="0 0 200 200" xmlns="http://www.w3.org/2000/svg">
Step 2: Get a VMC or CMC & Associated Files
Gmail and other email clients only support BIMI with PEM files, which provide additional security by embedding your VMC/CMC certificate.
- Submit your trademarked logo (in SVG format) and request a VMC or CMC from an approved CA listed at Mark Certificate Issuers.
- Once issued, you'll receive a PEM file containing the entity certificate and your logo’s certification.
- Obtain any intermediate CA certificates and root CA certificates and append them to the PEM file in the correct order: entity certificate, intermediate CA certificates, root CA certificate.
Step 3: Upload the PEM File
- Upload the PEM file (with all appended certificates) to your domain’s public web server.
- Copy the PEM file’s URL (e.g.,
https://images.example.com/brand/certificate.pem) for use in the next step.
- Upload the SVG file to your domain's public web server.
- Copy the SVG file URL for inclusion in the BIMI assertion TXT record.
Step 4: Add a BIMI TXT Record
To activate BIMI for your domain, you must add a BIMI assertion TXT record in your domain's DNS settings. This change can take up to 48 hours to reflect in recipient inboxes.
Examples of BIMI Assertion TXT Records:
- For PEM file:
- For SVG file:
For more details, see section 4.2 of Brand Indicators for Message Identification (BIMI).
Source: Support.Google.com