2020: BIMI: Verified Brand Logos Come to the Inbox
For most of email’s history, the sender’s identity in your inbox has been represented by one of two things: a tiny generic avatar, or the first letter of their name in a colored circle. Not exactly inspiring trust. In 2020, an industry consortium led by companies including Google, Verizon Media, Fastmail, and others began rolling out a standard that would change that: BIMI, or Brand Indicators for Message Identification.
The promise was simple — when a verified brand sends you an email, you see their actual logo right there in the inbox, next to the subject line. No more guessing if that email is really from your bank. The logo is the proof.
The Problem BIMI Solves
Email has a trust problem, and it’s been getting worse for decades. Phishing attacks — where criminals impersonate legitimate brands to steal credentials or install malware — grew from a nuisance in the early 2000s to a multi-billion-dollar criminal industry. The Anti-Phishing Working Group reported over 1.2 million phishing attacks in Q3 2023 alone.
The core issue is that email was never designed with sender verification in mind. SMTP, the protocol that moves email between servers, will happily deliver a message claiming to be from bankofamerica.com regardless of whether Bank of America actually sent it. Authentication protocols like SPF, DKIM, and DMARC were layered on to address this, and they work well at the server level — a properly configured receiving server can detect forged sender addresses and block them.
But authentication is invisible to users. When a legitimate email passes all authentication checks and arrives in your inbox, there’s no visual indicator that says “this email was verified.” It looks exactly like any other email. BIMI bridges that gap by giving authenticated senders a visible trust signal: their brand logo.
How BIMI Works
BIMI operates through a chain of verification:
Step 1: DMARC enforcement. Before a brand can use BIMI, it must have DMARC (Domain-based Message Authentication, Reporting, and Conformance) implemented at an enforcement level — meaning the DMARC policy must be set to either “quarantine” or “reject” for messages that fail authentication. This ensures that only authenticated emails from the domain are delivered. A DMARC policy of “none” (monitoring only) doesn’t qualify.
Step 2: BIMI DNS record. The brand publishes a BIMI record in its DNS, pointing to an SVG (Scalable Vector Graphics) file of its logo. The SVG must meet specific format requirements — a particular profile called SVG Tiny Portable/Secure (SVG P/S) — designed to ensure logos render consistently across email clients.
Step 3: Verified Mark Certificate (VMC). For most email providers, particularly Gmail, the brand must also obtain a VMC from an approved certificate authority (DigiCert or Entrust, as of 2025). The VMC process requires the logo to be a registered trademark, verified through the certificate authority’s validation process. This step prevents bad actors from slapping a fake logo on their BIMI record.
Step 4: Display. When a BIMI-enabled email client receives a message that passes DMARC authentication and has a valid BIMI record (and VMC, where required), it displays the brand’s logo next to the message in the inbox.
The Adoption Curve
Gmail began supporting BIMI in July 2021, immediately making it relevant for 1.8 billion users. Apple followed with iOS 16 and macOS Ventura in September 2022, adding BIMI support to Apple Mail. Yahoo Mail, which had been involved in the standard from early on, also supports it.
The biggest holdout has been Microsoft Outlook. As of 2025, Microsoft has participated in BIMI working groups and conducted pilot tests but has not broadly deployed BIMI support in Outlook. Given Outlook’s dominance in corporate email, this gap limits BIMI’s impact in the B2B space.
Early adopters included major brands with both the resources and the motivation to implement BIMI. CNN, Bank of America, LinkedIn, and numerous other large organizations were among the first to display verified logos. For these brands, the visual trust signal was particularly valuable — they were common targets for phishing impersonation.
The Cost Question
BIMI implementation isn’t free. The VMC from DigiCert or Entrust typically costs $1,200 to $1,500 per year per logo. The logo must be a registered trademark, which itself involves application fees and legal costs. And the prerequisite DMARC enforcement requires technical configuration that many organizations haven’t completed.
For large enterprises, these costs are trivial. For small businesses, they represent a meaningful barrier. A local bakery or a small online store — exactly the kind of business that might benefit from visible trust signals — may not have a registered trademark or the budget for a VMC.
This has led to criticism that BIMI disproportionately benefits large, well-resourced brands while leaving smaller senders without the same trust signals. Proponents counter that the VMC requirement is essential to prevent abuse — without trademark verification, anyone could claim any logo.
Impact on Email Marketing
For email marketers, BIMI offers a tangible benefit beyond trust: visibility. Early studies suggest that emails with BIMI logos see measurably higher open rates — one report from Red Sift and Entrust found approximately a 10% increase in open rates for BIMI-enabled emails, though results vary by industry and audience.
The logo itself serves as a form of branding. In a crowded inbox where every message competes for attention, a recognizable logo stands out against the default avatars and initials that surround it. It’s a small visual advantage, but in email marketing, small advantages compound.
BIMI also creates an indirect incentive for better email authentication. Because BIMI requires DMARC enforcement, brands that want logos in the inbox must first get their authentication house in order. This has a positive ripple effect — better authentication means fewer spoofed emails, which means a safer inbox for everyone.
The Road Ahead
BIMI is still early in its adoption curve. The standard continues to evolve, with discussions about supporting animated logos, extending VMC availability to more certificate authorities, and potentially relaxing the trademark requirement for smaller senders.
The ultimate success of BIMI depends on whether Microsoft brings Outlook on board. Without Outlook support, BIMI remains valuable but incomplete — a trust signal that works in consumer email but disappears in the corporate inbox where phishing attacks often cause the most damage.
For brands serious about email deliverability and trust, BIMI is increasingly a must-have. But it starts with the foundation: proper SPF, DKIM, and DMARC configuration. Without those, the logo stays hidden and the inbox remains a place where trust is assumed rather than verified.
Infographic
Share this visual summary. Right-click to save.
Related Events
Frequently Asked Questions
What is BIMI for email?
BIMI (Brand Indicators for Message Identification) is an email standard that allows brands to display their verified logo next to their messages in supporting email clients. It requires DMARC enforcement and, for most providers, a Verified Mark Certificate.
Which email clients support BIMI?
As of 2025, BIMI is supported by Gmail, Apple Mail (iOS 16+/macOS Ventura+), Yahoo Mail, Fastmail, and several other providers. Microsoft Outlook has been testing BIMI support but has not fully rolled it out.
How do you set up BIMI for your domain?
To implement BIMI, a domain must first have DMARC set to enforcement (quarantine or reject policy), publish a BIMI DNS record pointing to an SVG logo file, and obtain a Verified Mark Certificate (VMC) from an approved certificate authority. The VMC typically requires a registered trademark.