Skip to main content
New SPF lookups must resolve in milliseconds — why a DMARC tool's add-on isn't enough Learn Why → →

Free BIMI Record Checker

Verify your BIMI record, preview your brand logo, and check VMC certificate status - all in one free tool.

No signup required - check any domain instantly

Check Your BIMI Record

Enter your domain to analyze your BIMI configuration, preview your logo, and verify VMC status.

Queries {selector}._bimi.{domain} via DNS-over-HTTPS.

What is BIMI?

BIMI (Brand Indicators for Message Identification) is an email standard that allows organizations to display their brand logo alongside authenticated emails in supporting email clients like Gmail, Apple Mail, and Yahoo Mail.

When a recipient sees your logo next to your email, it builds instant trust and recognition. BIMI works by publishing a DNS TXT record at default._bimi.yourdomain.com that points to your SVG logo and optionally a Verified Mark Certificate (VMC).

BIMI requires a valid DMARC policy at enforcement level (p=quarantine or p=reject), making it the capstone of a complete email authentication setup.

Certificate Verification

What is a Verified Mark Certificate (VMC)?

What VMC Does

A VMC is a digital certificate that proves you legally own the logo displayed via BIMI. It's issued by certificate authorities like DigiCert or Entrust after verifying your trademark registration.

Why VMC Matters

Gmail requires a VMC to display BIMI logos. Without it, your logo may appear in Apple Mail and Yahoo Mail but not in Gmail - the world's most popular email client with over 1.8 billion users.

Technical Requirements

BIMI Logo Requirements

SVG Tiny PS Format

Your logo must be in SVG Tiny Portable/Secure (SVG Tiny PS) format - a restricted SVG profile that prevents embedded scripts or external references.

Square Aspect Ratio

The logo should be perfectly square with a centered design. Email clients will display it in a circular crop, so keep important elements away from edges.

HTTPS Hosting

The logo must be served over HTTPS from a publicly accessible URL. The server must allow cross-origin access for email clients to fetch the logo.

DMARC at Enforcement

Your domain must have a DMARC policy of quarantine or reject. BIMI will not work with p=none.

Reading Your Results

Understanding Your BIMI Check

BIMI is the visible payoff for getting email authentication right - your logo in the inbox. But it only appears when every prerequisite underneath it is in place, which is why a "valid" BIMI record still often shows no logo.

What the BIMI Checker Validates

The checker pulls the TXT record at default._bimi.yourdomain.com and inspects its two tags: l=, the HTTPS URL of your logo, and a=, the URL of your Verified Mark Certificate. It confirms the record is well-formed, the logo is reachable, and - crucially - that your domain has a DMARC policy at enforcement, because BIMI does nothing without it.

Why Your BIMI Logo Isn't Showing

Almost every "logo not appearing" case comes down to one of these:

  • DMARC isn't at enforcement. BIMI requires p=quarantine or p=reject; it will never display under p=none.
  • No VMC, and you're testing in Gmail. Gmail and Apple Mail require a Verified Mark Certificate to show the logo. Without one, some clients display it and Gmail won't.
  • Wrong logo format. The logo must be SVG Tiny PS - a standard SVG export is rejected.
  • Logo not served correctly. It must be on HTTPS and allow cross-origin fetches.
  • Record at the wrong host. It belongs at default._bimi, not the apex or _bimi.

The BIMI Setup Order

Build it bottom-up: first reach DMARC enforcement (which itself requires passing, aligned SPF or DKIM), then prepare an SVG Tiny PS version of your logo hosted over HTTPS, then publish the default._bimi record pointing to it, and finally add a VMC if you need the logo in Gmail. Skip a step and the checker will flag exactly which prerequisite is missing.

Reading the BIMI Record

A BIMI record looks like this:

v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem

The l= tag is required and points to the logo; a= is optional but needed for Gmail and Apple Mail display.

BIMI Is the Capstone of Authentication

Because BIMI depends on enforced DMARC, and DMARC depends on a passing, aligned SPF or DKIM result, the fastest path to a logo in the inbox is a healthy authentication stack. Run the domain authentication checker to see every layer, raise your policy with the DMARC checker, and let AutoSPF keep your SPF record valid and under the 10-lookup limit so DMARC stays at enforcement.

BIMI needs DMARC, and DMARC needs SPF

AutoSPF keeps your SPF record optimized so DMARC alignment passes and your BIMI logo can display. Setup takes 60 seconds.

Rated 5/5 on G2 · Trusted since 2018

What Our Customers Say

"AutoSPF Flattens SPF Records Seamlessly & Keeps Changes Logged - I am quite pleased with the product"

It does what it promises to do, and does it very well. I appreciate that it keeps a log of changes made, which prevents many mistakes. A client's SPF record would have way too many lookups, but AutoSPF makes that problem go away. The length of the SPF record is typically not the issue; it's the amount of lookups in the record that are. AutoSPF "flattens" the record, automatically expanding the defined lookups to IP addresses or ranges. And it auto-updates the record when the un-flattened lookups change.
PJ

Peter J.

President · Small-Business (50 or fewer emp.)

"Helped us go beyond capacity"

AutoSPF did exactly as described, it helped us get past our 10 lookup limit. Afterwards, we hit another limit regarding overall capacity and when contacted, they quickly provided us with a new solution to eliminate capacity issues entirely going forward, so now we can add as many SPF records as needed. They also provided us with a personalized support video explaining their new method in its entirety using our instance as the example.
VU

Verified User

Financial Services · Mid-Market (51-1000 emp.)