All Collections
Learn about BIMI
Being BIMI Ready and why it needs DMARC in an enforcement policy
Being BIMI Ready and why it needs DMARC in an enforcement policy

Read about BIMI and why it needs DMARC in an enforcement policy

Faisal Misle avatar
Written by Faisal Misle
Updated over a week ago

What is BIMI?

BIMI is a protocol that allows organizations to display their trademark logo alongside the sender name for their legitimate emails. The logo is displayed by the receiving email server when it's confirmed that the email is legitimate. Organizations that want their brand to benefit from BIMI must adopt the highest standard of email security. BIMI relies on existing email security protocols such as SPF, DKIM and DMARC.

To implement BIMI, organizations must comply with the following:

  • Implement DMARC protection at p=quarantine at 100% or p=reject

  • Confirm you have a trademark on the logo you want to display

  • Generate the appropriate vector image for your logo (Tiny SVG)

  • Issue a Verified Mark Certificate (VMC) from a registered certificate provider

  • Publish the BIMI record in your DNS


BIMI will help display your brand logo next to your legitimate emails. Please make sure you have the correct trademark for the logo you want use and that such logo is BIMI friendly. Here are some considerations

  • Logo can be at 1:1 or 2:1 aspect ratio. Aspect ratios over 2:1 will not be rendered in legible way

  • You can't use part of your trademark logo, it has to be all the trademark logo. If a component of your logo is more adequate for BIMI, you may want to trademark it separately to be able to use it. Please consider a trademark application may take 3 to 6 months.

  • You need to prepare a vector image of your logo. This will need to be implemented in the Tiny SVG format.

Selecting the correct logo, alongside getting DMARC ready, is a good place to start your BII


To ensure security and protection for your organization, BIMI can only be implemented on a domain that has a DMARC protection policy of at least p=quarantine, and that policy is at 100%.

DMARC is a protocol that allows domain owners to obtain visibility to email services that are sending on their behalf, and also to block unauthorized senders. DMARC is the only protocol that can prevent illegitimate services from sending on behalf of a domain once that domain is at a policy of quarantine or reject.

DMARC works with existing protocols SPF and DKIM. These protocols need to be configured on your valid email sending services before moving into a DMARC protection policy.

We recommend 5 steps to get reject using OnDMARC:

  • Implement DMARC in reporting mode (p=none) - Know who is sending on your behalf

  • Identify your known senders - Monitor SPF & DKIM

  • Actions - Implement the instructions to configure your email sources

  • Investigate Feature - Test your configuration

A protection policy of p=reject is the strongest form of DMARC protection, when implemented it will protect your organization, brand reputation and your supply chain from receiving phishing emails sent on behalf of your organization.

Once you have the correct logo and your DMARC policy configured and implemented. You need to apply for the VMC (Verified Mark Certificate) and go through the verification process. At the end of that process the certification body can issue your VMC.

The last step is to host your VMC and your logo, and to upload your BIMI record to your DNS.

OnDMARC can help you in every step of your BIMI implementation. You can also generate and manage your certificate from within OnDMARC.

Did this answer your question?