BIMI: the logo-in-the-inbox feature, and whether it's worth the effort

BIMI is a DNS-based standard that tells supported email clients to display your brand logo next to your mail. Gmail has supported it since 2021. Apple Mail since iOS 16. Yahoo Mail and Fastmail are on board. Microsoft Outlook still isn't, as of 2026.

What BIMI is: a trust signal. Your logo only appears when your mail passes DMARC enforcement, so every user who sees it has cryptographic confirmation that the message is authentically from your domain. That's the whole point.

What BIMI isn't: a deliverability fix. It doesn't influence inbox placement. It's a display feature that runs on top of mail that's already been delivered. It cannot rescue a program with bad reputation; it can't even help much with a program with mediocre authentication. The underlying DMARC work that BIMI forces you to do — that helps. BIMI itself is polish.

1. DMARC at enforcement. Your DMARC policy needs to be p=quarantine or p=reject, not p=none. For most programs this is the longest part of the entire BIMI project — enforcement without breaking legitimate mail is a real piece of engineering work, not a weekend task.

2. A compliant SVG logo. Specifically SVG Tiny PS (Portable/Secure profile). Most brand logos need reworking. Scripts, external references, and certain filters are all disallowed. Budget for a real design pass, not a quick export.

3. A Verified Mark Certificate for Gmail. Gmail specifically won't display BIMI without a VMC. VMCs are issued by a small set of certificate authorities (DigiCert, Entrust, GlobalSign) and require a registered trademark on the logo. Running cost: $1,000–$2,000 per year, plus trademark fees if you don't already have one.

4. DNS configuration. A BIMI TXT record pointing at the SVG and (for Gmail) the VMC. This is the easy part. The three items above are where the time goes.

Gmail's VMC requirement is decisive because Gmail is usually 40%+ of any consumer audience. You can technically run BIMI without a VMC — Apple Mail and Yahoo will still display a self-asserted logo — but skipping the VMC cuts off the biggest slice of your reach.

Measured effects of BIMI on program performance:

Open rate: vendor case studies claim 5–10% lift. Independent measurement tends to land at 2–7%. The effect is larger for brands where the logo genuinely adds recognition over text-only sender display — so, brands people already know.

Brand trust signals: anecdotal but consistent. Users report higher trust and lower spam-reporting intent when a recognisable logo sits next to the sender name.

Complaint rate: marginally lower, because the logo kills the "this looks like phishing" reflex for some users.

Large, recognisable brands. If users actually recognise your logo, BIMI converts that recognition into a real signal in the inbox. Smaller or less-recognised brands get less of this, because there's less to recognise.

Programs with high deliverability stakes. Financial services, healthcare, government, commerce at scale. Anywhere phishing impersonation is a genuine threat, BIMI is a small but meaningful defence against lookalike attacks — users learn to trust the logo and distrust its absence.

Programs already at DMARC enforcement. If you're already at p=quarantine or p=reject, BIMI is mostly an SVG project plus a VMC purchase. If you're not yet at enforcement, do DMARC for its own sake first — BIMI is a downstream benefit, not a reason to accelerate.

The SPF/DKIM/DMARC guide covers the authentication fundamentals that sit underneath all of this.

No DMARC enforcement yet. Don't chase BIMI as a way to get DMARC done. If authentication is a distant future, BIMI is a more distant future. Fix the fundamentals first, then revisit.

Low-volume programs. Run the numbers. A 5% open-rate lift on 100K sends/month works out to about 5K additional opens — maybe $500–$5,000 in incremental value depending on per-open economics. The VMC alone is $1,500/year. BIMI genuinely may not pay for itself at that scale.

Logos that can't easily be trademarked. VMC needs a registered trademark in most cases. If your logo is a generic shape, a common word, or otherwise hard to trademark, the trademark project alone ends up costing more than the BIMI itself. You're solving the wrong problem.

If you've decided to pursue BIMI, the order of operations matters. Skipping a step costs weeks.

1. Get to DMARC p=none and monitor DMARC reports for at least 30 days to confirm your authentication is correct and you've found every legitimate sending source.

2. Progress DMARC to p=quarantine pct=10, then pct=50, then pct=100, monitoring at each step for collateral damage to legitimate mail.

3. Once at p=quarantine pct=100 or p=reject, hand the logo to design for the Tiny PS version.

4. Register the trademark if not already. Trademark registration takes 6–12 months in most jurisdictions, so start this in parallel with step 3 if you can.

5. Purchase a VMC from one of the authorised CAs.

6. Publish the BIMI DNS record pointing at the SVG and VMC URLs.

7. Test with real Gmail and Apple Mail addresses. The logo should appear within a day or two.

Total elapsed time from standing start: 3 to 12 months depending on how much authentication cleanup is needed. From DMARC-already-enforced: 2 to 6 weeks.

The Deliverability Management skilltreats BIMI as a step-5 item, sequenced after authentication, reputation monitoring, and hygiene are healthy. It's a brand-and-trust enhancement, not a foundation piece. Programs that try to do it first almost always abandon it halfway through DMARC rollout.