Look up the BIMI TXT record at default._bimi.yourdomain and validate the v=BIMI1, l= logo, and a= certificate tags. It is free, instant, and runs entirely in your browser over DNS-over-HTTPS, with no signup and nothing stored.
Create a free Unspam account to re-run these checks on a schedule and get alerted the moment your setup breaks. No credit card.
BIMI (Brand Indicators for Message Identification) is a DNS TXT record that tells supporting inboxes which logo to show next to your messages. It is published at default._bimi.yourdomain and starts with v=BIMI1, followed by an l= tag pointing to your logo and an optional a= tag pointing to your certificate. The logo at the l= URL must be an SVG in the SVG Tiny PS (Portable/Secure) profile, square, and served over HTTPS. BIMI only takes effect after your domain already passes DMARC at an enforcement policy, so it is the last step in email authentication, not the first. A correct BIMI record gives your brand a verified logo in Gmail, Apple Mail, Yahoo, and other supporting clients, which builds recognition and trust.
This is the version tag and it must come first. If the record does not begin with v=BIMI1, inboxes will ignore it.
The l= tag is the HTTPS URL of your logo, which must be an SVG in the SVG Tiny PS profile, square (1:1), and reachable without redirects or login. A blank or missing l= means no logo will display.
The a= tag is the HTTPS URL of your VMC or CMC certificate (a .pem file). It is optional in the spec, but Gmail and Apple require a certificate before they will show your logo.
BIMI only works if your domain already has a DMARC policy of p=quarantine or p=reject (with pct=100). A p=none policy is not enough and will block your logo from rendering.
A pass means a valid BIMI record exists with an HTTPS SVG logo URL. We do not fetch the file, so confirm it loads and is SVG Tiny PS. Inbox display still depends on your DMARC policy and, for Gmail and Apple, a valid certificate.
BIMI requires your domain to be at an enforcement policy of p=quarantine or p=reject before any logo will show. A monitoring-only p=none policy blocks BIMI entirely. Move DMARC to enforcement at pct=100 first, then publish or revisit your BIMI record.
The file at your l= URL must be an SVG in the SVG Tiny PS (Portable/Secure) profile, not a PNG, JPG, or a regular full-feature SVG. A standard SVG export usually needs editing to strip unsupported elements and add a title element. Use a BIMI-specific SVG tool or converter to produce a compliant file.
Gmail and Apple Mail require a certificate (a= tag) before they display your logo, even if the rest of the record is valid. Apple accepts only VMCs, while Gmail accepts a VMC or CMC. Without the a= tag, your logo may show in some clients but not in Gmail or Apple Mail.
Both the l= and a= URLs must be public HTTPS links that load directly with no redirects, no authentication, and a valid TLS certificate. If either URL returns an error or redirects, inboxes will skip your logo. Host the files on a stable, publicly accessible HTTPS path.
The BIMI record lives at the default._bimi subdomain of your domain, for example default._bimi.example.com, not at the root. Publishing it at the apex or under a different selector means inboxes will not find it. Confirm the selector and host before saving the TXT record.
