There are currently two classes of BIMI records. The simplest is considered to be “self-asserted,” meaning that you publish your logo without it being verified as belonging to your domain. The only requirement for self-asserted BIMI logos is that they be in SVG P/S format. Some mailbox providers accept self-asserted BIMI records today (e.g. Yahoo!, AOL, and Netscape) and may begin to display the logo on qualified messages.

If you left the “a=” attribute blank in the BIMI record, you’ve published a self-asserted logo. Some mailbox providers (e.g. Gmail), however, do not accept a self-asserted BIMI record and require that the logo be “certified” as being associated with a specific company and domain. To address this, there are some organizations that have been authorized to act as Mark Verifying Authorities (MVAs) that vouch for the legitimacy of a proffered logo. These MVAs will verify the association of logos with domains, and issue Verified Mark Certificates (VMCs) that can be added to your BIMI record in the “a=” evidence attribute.

Use the BIMI Group Inspector to gain visibility into your BIMI-readiness.

*Note: the BIMI Group generator is an open source visibility tool. Images must be hosted by the individual brands.

VMC Requirements

  • A registered trademark for the image. You will find information on supported jurisdictions within this document: BIMI Group: VMC Guidelines.
  • An SVG Tiny P/S version of your logo. Information and BIMI Group conversion tools located here 
  • DMARC enforcement on your brand’s organizational domain
    • Policy must be at enforcement – either “p=quarantine” or “p=reject” on the organizational domain
    • No sp=none or pct<100
  • BIMI record for your domain in DNS

Participating Certificate Authorities
At this time, VMCs are being issued by two BIMI-qualified Certification Authorities

* The BIMI Working Group is a neutral standards body and is unable to make recommendations regarding DMARC or certificate vendors.

Image Source: Google Cloud