Ready, configured-but-not-showing, or no record at all? One check walks every gate Gmail and Apple Mail evaluate, catches the SVG-hash drift Apple silently refuses on, and names the exact thing blocking your logo.
Validate the DNS record, SVG Tiny P/S logo, and VMC / CMC certificate in one check.
Enter a domain to check whether its BIMI record is published, validly formatted, and cleared for logo display in Gmail, Apple Mail, Yahoo, and Fastmail.
BIMI ready = three gates pass. (1) DMARC at p=quarantine or p=reject, pct=100. (2) An SVG Tiny P/S logo under 32 KB on HTTPS. (3) A valid VMC or CMC certificate for Gmail / Apple Mail / Fastmail display (Yahoo displays without a certificate). Our tool reports which gate is failing and points you to the fix.
A tri-state badge names the condition competitors collapse: configured but not yet displayed — when the DNS record exists but a downstream gate is blocking display. That's where most teams get stuck.
Five gates decide whether your BIMI logo renders: DMARC, the SVG, the VMC chain, the hash match, and the mailbox provider. One fail and the logo silently doesn't show — no bounce, no report. Here's what the checker reports on each.
Gmail and Apple Mail hash your served SVG and compare it to a hash baked into your VMC. Change a pixel after issuance and Apple Mail silently stops showing the logo. We catch that — “SVG has been modified since certificate issuance” — before your iPhone does. The classic “but it was working last month” failure.
If your logo fails, you get line 42, column 7: <script> forbidden in SVG Tiny P/S. Paste it into Figma or Illustrator, find the element, delete it. 30 seconds instead of a re-export-and-pray loop.
Ready, configured but not showing yet, no record. The middle state is where BIMI setups stall — DMARC still at p=none, certificate expired, SVG drifted from the cert. We name the specific thing in the way, not a generic “fail.”
“Expires September 1, 2026” is the wrong date for your calendar. DigiCert and Entrust take 1–3 weeks to issue. You see 137 days · start renewal by July 3, 2026. Set the reminder, move on.
When validation passes, we render your SVG in a little circle — same size and clip as a Gmail avatar. Catches “the padding looks off” before you send, not after a stakeholder screenshots it into Slack.
BIMI (Brand Indicators for Message Identification) is an email standard that displays a verified company logo next to authenticated messages in supporting inboxes such as Gmail, Apple Mail, Yahoo, and Fastmail. Per the IETF BIMI Internet-Draft v12 (2026), three prerequisites must be met for Gmail to display the logo: a DMARC policy of quarantine or reject, an SVG Tiny P/S file under 32 KB hosted over HTTPS, and a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) issued by DigiCert or Entrust. Outlook and Microsoft 365 do not support BIMI as of 2026.
The spec is still an Internet-Draft (v12, expires May 2026) rather than a full RFC, but implementation on the receiver side is stable across Google, Apple, Yahoo, and Fastmail. Adoption on the sender side was around 4.57% of domains surveyed by Validity in 2025 — a small cohort because the DMARC-at-enforcement prerequisite is a meaningful barrier.
p=quarantine or p=reject, with pct=100. This is the gate that trips up most setups and the reason BIMI coverage is still under 5% of domains.
Tiny P/S is a security-constrained SVG profile: no scripts, animations, external references, hyperlinks, or foreign objects. Root must have baseProfile="tiny-ps" and a <title>. Capped at 32 KB.
X.509 certificate from DigiCert or Entrust that cryptographically binds the SVG to your organization. VMC requires a registered trademark; CMC accepts prior-use proof. Required for Gmail and Apple Mail; optional for Yahoo.
The Verified Mark Certificate (VMC) and Common Mark Certificate (CMC) both authorize logo display in BIMI-supporting inboxes, but they accept different forms of trademark proof and are recognized by different mailbox providers. The decision hinges on two questions: do you have a registered trademark, and does Apple Mail matter to your recipient mix?
Choose a VMC if your brand mark is a registered trademark with a national IP office (USPTO, UKIPO, EUIPO, and others), and you need Apple Mail coverage. VMCs run roughly $749–$1,752 per year per current DigiCert and Entrust price sheets. Registration of a net-new trademark is a 6–18 month process at $250–$750 per class — start that clock early if you don't already have one.
Choose a CMC if you don't have a registered trademark, or can't justify the trademark-registration timeline. The CMC path accepts prior-use proof — roughly a year of marketing materials showing the mark in continuous commercial use. CMCs run $650–$1,100 per year (same DigiCert and Entrust price sheets) and are recognized by Gmail, Fastmail, and Yahoo. Apple Mail does not recognize CMCs.
Our tool detects which type your certificate is (via the CA/B Forum mark-type extension OIDs) and shows a VMC or CMC badge on the result card. If you're starting fresh: a CMC will ship in weeks, a VMC will ship in months once trademark registration is complete.
A BIMI logo fails to display in Gmail for one of four reasons: DMARC is still at p=none (the most common cause, roughly 84% of failures per Validity's 2025 survey), the SVG doesn't conform to the Tiny P/S profile, the VMC or CMC certificate is expired or domain-mismatched, or the recipient is on Outlook / Microsoft 365 — which does not support BIMI as of 2026.
The hard part is diagnosis, not fix. When a receiver rejects BIMI, it silently declines to render the logo — no bounce, no report, no signal to the sender. You have to walk through each gate yourself and check exactly where the break is. That's the whole reason this tool exists: we evaluate each gate in the same order a mailbox provider does and surface each failure in plain English.
One more catch worth naming: Gmail rate-limits BIMI lookups and defers first-display by 24–48 hours after setup while it recalculates sender reputation. If every gate passes but the logo still isn't showing, give it a day.
Support matrix as of 2026. The biggest gap is still Outlook / Microsoft 365 — keep that in mind if your audience skews corporate.
| Provider | Supported | Certificate | Notes |
|---|---|---|---|
| Gmail | Yes | VMC or CMC | DMARC at enforcement + pct=100 |
| Apple Mail | Yes | VMC only — no CMC | Registered trademark required |
| Yahoo Mail | Yes | None required | Fastest + cheapest BIMI win |
| Fastmail | Yes | VMC or CMC | Same gates as Gmail |
| Outlook / Microsoft 365 | No | — | No public roadmap as of 2026 |
| Proton Mail | No | — | Not supported |
The honest ceiling: if your audience lives on Microsoft 365 / Outlook, BIMI gives you nothing there. Microsoft has no public BIMI roadmap. Our check flags when your MX is mail.protection.outlook.com, but flagging doesn't fix it — plan for “logo to consumer mailboxes, nothing to the office crowd.”
BIMI is gated on DMARC. Publish a DMARC record at p=quarantine or p=reject with pct=100. Monitor aggregate reports for at least two weeks to confirm no legitimate senders are being broken.
Export or author your logo as SVG 1.2 Tiny Portable/Secure. The root <svg> must have baseProfile="tiny-ps". File must be under 32 KB, contain a <title>, and have no scripts, animations, foreign objects, or external references.
Publish the SVG to an HTTPS URL with Content-Type: image/svg+xml. The URL must be publicly reachable without authentication or bot protection that blocks mailbox-provider user agents.
Add a TXT record at default._bimi.yourdomain.com with the value v=BIMI1; l=https://yourdomain.com/logo.svg. Yahoo will display the logo from this alone. For Gmail, Apple Mail, and Fastmail, continue to step 5.
Apply for a VMC (registered trademark) or CMC (prior-use proof) from DigiCert or Entrust. When issued, host the PEM chain over HTTPS and append a= to your BIMI record: v=BIMI1; l=...; a=https://yourdomain.com/vmc.pem.
Don't publish BIMI while DMARC is at p=none. ~84% of BIMI display failures per Validity's 2025 survey are domains still at p=none. Nothing downstream matters until DMARC is at quarantine or reject with pct=100.
Don't touch the SVG after VMC issuance. A single-pixel change breaks the hash baked into the cert. Apple silently refuses. Re-export only when you're ready to re-issue the VMC.
Don't pick CMC if you need Apple Mail. Apple recognizes VMCs only, not CMCs. If your brand isn't a registered trademark and Apple matters, file the trademark — then come back.
Don't wait until the cert expires to renew. DigiCert and Entrust take 1–3 weeks to issue. Start renewal 30+ days out, not on expiry day.
BIMI sits on top of DMARC and alongside the email-TLS stack. Both matter for full deliverability.
Hard prerequisite. DMARC at enforcement is the gate ~84% of BIMI failures trip over.
TLS anchoring between MTAs via TLSA records. Same security stack, different layer.
The DNS-level anchor every BIMI lookup rides on. Hardens the whole chain.
TLS downgrade protection for inbound SMTP. Separate concern, same stack.
Everything you wanted to know about BIMI, VMC, CMC, SVG Tiny P/S, and why your logo isn't showing yet.
Still have questions about BIMI implementation?