BIMI record

Per IETF Draft (BIMI WG)

Brand logo in the mailbox (Gmail, Yahoo, Apple Mail) via the default._bimi TXT record.

What is this, and when do I need it?

What is this?

BIMI (Brand Indicators for Message Identification) is a standard that displays your company logo in the recipient's mailbox - right next to the message instead of an anonymous initial avatar. Supported by Gmail, Yahoo, Apple Mail, AOL and others.

BIMI only works if your domain runs DMARC strictly. That is the real lever: BIMI is the reward for clean mail authentication, not a shortcut to it.

When do I need it?

When the brand should be visible - useful for any company with its own logo that regularly sends newsletters or transactional mail. No value for purely internal mail traffic.

Prerequisite: DMARC must be at quarantine or reject. If you are still in the p=none observation phase, enable BIMI later.

Should already be in place

  • Ohne VMC oder CMC zeigen die großen Mailbox-Provider das Logo nur eingeschränkt an (Yahoo gar nicht, Gmail nur für bestimmte Kategorien).
DNS TXT record per IETF Draft (BIMI WG)
default._bimi.example.com.	TXT	"v=BIMI1; l=https://example.com/bimi/logo.svg"

Kostenlos, ohne Gewähr (Best-Effort). Erzeugte wie geprüfte Angaben sind unverbindlich; für fehlerhafte oder unvollständige Ergebnisse und Konfigurationen übernehmen wir keine Haftung. Anwendung und Prüfung erfolgen in eigener Verantwortung, vor dem Produktiveinsatz bitte testen.

Free, no warranty (best effort). Generated and inspected values are non-binding; we accept no liability for erroneous or incomplete results or configurations. Use and verification are your own responsibility; please test before production use.

Prerequisites for the logo to show

  • DMARC: p=reject with pct=100 for bulk senders (Gmail); p=quarantine is only enough at low volume.
  • SVG-PS profile (Portrait-Square Tiny 1.2): root element <svg baseProfile="tiny-ps" version="1.2">, square viewBox, a <title> element, no scripts, no external references, no foreignObject. Practical max 32 KB. Convert from regular SVG to SVG-PS via the SVG converter on this site.
  • Mark certificate: a VMC (Verified Mark Certificate) needs a registered trademark; currently authorised VMC CAs are DigiCert and Entrust (GlobalSign left the market in 2023). Since 2024 DigiCert and Entrust additionally offer a CMC (Common Mark Certificate), which does not require trademark registration but at least one year of public logo use. CMC is cheaper and the only path to BIMI display for non-trademark holders.
  • Selector: default is the default selector; individual sending selectors (via the DKIM s= tag) can run in parallel for sub-brands or seasonal logos.

Inspect an existing BIMI record

Reads <selector>._bimi.<domain> and checks v/l/a tags. Selector optional (default "default").

Server path: this inspection does NOT run browser-local. We fetch the DNS record or HTTPS response via our server. We do not log the queried domain or the result. 12 requests per minute per IPv4 address or IPv6 /64 subnet.

How to add this record at your DNS provider

The record generated above has three parts: the record type (typically TXT, occasionally CAA), the host (a subdomain like _dmarc, _smtp._tls or empty for the root domain) and the value (the actual payload in quotes). Every DNS provider asks for these same three fields - only the menu wording differs.

INWX (Dernium default for new customers)
  1. Sign in at www.inwx.de.
  2. Tab Nameserver → pick the domain → Nameserver-Sets verwaltenDNS-Einträge.
  3. Button Neuen Eintrag anlegen.
  4. Pick a type (e.g. TXT), enter the host (empty for the root domain, otherwise e.g. _dmarc), paste the value, leave TTL at 3600.
  5. Save. Propagation typically within 5-15 minutes.
Strato
  1. Sign in to the Strato customer area.
  2. Menu Domains → pick the domain → Verwalten.
  3. Section DNS-VerwaltungNameserver/DNS-Einstellungen anpassen.
  4. Under Eigene DNS-Verwaltung pick the right record type (TXT records have their own block), enter host and value.
  5. Save. Strato typically propagates within 30-60 minutes.
Hetzner DNS Console
  1. Sign in at dns.hetzner.com.
  2. Click on the zone of your domain.
  3. Button Add record → pick a type, enter the name (use @ for the root domain), paste the value.
  4. Save. Propagation typically under 5 minutes.
IONOS (1&1)
  1. Sign in to the IONOS customer center.
  2. Menu Domains & SSL → click the domain → DNS.
  3. Button Eintrag hinzufügen → pick a type, enter the host, paste the value into the content field.
  4. Save. Propagation typically 15-60 minutes.
Cloudflare
  1. Sign in to Cloudflare, pick the domain.
  2. Tab DNSRecords.
  3. Button Add record → pick a type, enter the name (use @ for the root domain), paste the value, leave proxy status on DNS only for TXT/CAA records.
  4. Save. Propagation typically under 2 minutes.

Note: If your DNS provider is not listed, you usually find the right place under headings like "DNS management", "Zone editor", or "Records". When in doubt, your provider's support helps; the paths shown here are vendor-specific and can shift slightly with redesigns.