There are currently two classes of BIMI records. The simplest is considered to be “self-asserted,” meaning that you publish your logo without it being verified as belonging to your domain. The only requirement for self-asserted BIMI logos is that they be in SVG P/S format. Some mailbox providers accept self-asserted BIMI records today (e.g. Yahoo!, AOL, and Netscape) and may begin to display the logo on qualified messages.
If you left the “a=” attribute blank in the BIMI record, you’ve published a self-asserted logo. Some mailbox providers (e.g. Gmail), however, do not accept a self-asserted BIMI record and require that the logo be “certified” as being associated with a specific company and domain. To address this, there are some organizations that have been authorized to act as Mark Verifying Authorities (MVAs) that vouch for the legitimacy of a proffered logo. These MVAs will verify the association of logos with domains, and issue Verified Mark Certificates (VMCs) that can be added to your BIMI record in the “a=” evidence attribute.
Use the BIMI Group Inspector to gain visibility into your BIMI-readiness.
*Note: the BIMI Group generator is an open source visibility tool. Images must be hosted by the individual brands.
- A registered trademark for the image. You will find information on supported jurisdictions within this document: BIMI Group: VMC Guidelines.
- An SVG Tiny P/S version of your logo. Information and BIMI Group conversion tools located here
- DMARC enforcement on your brand’s organizational domain
- Policy must be at enforcement – either “p=quarantine” or “p=reject” on the organizational domain
- No sp=none or pct<100
- BIMI record for your domain in DNS
Participating Certificate Authorities
At this time, VMCs are being issued by two BIMI-qualified Certification Authorities
* The BIMI Working Group is a neutral standards body and is unable to make recommendations regarding DMARC or certificate vendors.
Image Source: Google Cloud