Technical Reference · 2026 Edition

Why Your BIMI Logo is Not Showing in Gmail

Last updated min read

Why Your BIMI Logo is Not Showing in Gmail

You configured your DNS records, published your default._bimi TXT string, and confirmed your logo displays in Yahoo Mail. When you send a test message to a Gmail address, the recipient sees a generic gray silhouette instead of your brand logo.

This behavior is not a DNS propagation issue. Gmail enforces stricter BIMI validation than other mailbox providers. To display your logo in Gmail, you must meet requirements that self-asserted records do not satisfy.

The Reality of self-asserted BIMI

The BIMI standard defines two deployment types: Self-Asserted and Certified.

A self-asserted record references an SVG file hosted on your domain, with no cryptographic proof of ownership: v=BIMI1; l=https://yourdomain.com/logo.svg;

Support for self-asserted records varies by mailbox provider. Yahoo Mail and AOL accept self-asserted records. If your DMARC policy is set to p=quarantine or p=reject and your SVG file conforms to the SVG Tiny P/S profile, Yahoo displays your logo without requiring a certificate [1].

The Gmail Requirement: The Verified Mark Certificate

Gmail does not accept self-asserted BIMI records. To prevent logo spoofing, Google requires cryptographic proof of trademark ownership.

To display your logo in Gmail and Apple Mail, you must obtain a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC) from a WebTrust-accredited Certificate Authority (CA), such as Entrust or DigiCert [2].

During certificate issuance, the CA verifies your organization's legal identity and confirms trademark ownership of the logo. The CA then issues a .pem certificate file that binds the logo to your domain.

The a= Tag Requirement

After you receive the certificate, add the a= tag to your BIMI DNS record. The tag must point to the publicly hosted .pem file:

v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/cert.pem;

When Gmail receives a message from your domain, it performs the following checks:

  1. Verifies the message passes DMARC authentication.
  2. Retrieves the BIMI TXT record.
  3. Downloads the certificate from the a= tag.
  4. Cryptographically validates the certificate against the Root CA.
  5. Renders the logo and the verified checkmark in the inbox.

If the a= tag is missing or the certificate fails validation, Gmail suppresses the logo and displays the default avatar. No error is returned to the sender.

How to Fix the Issue

A self-asserted record is not sufficient for Gmail. To display your logo across all major mailbox providers, deploy a certified BIMI record.

Step 1: Technical Prerequisites

Before you apply for a VMC, verify your infrastructure meets the requirements. You need a DMARC policy of p=quarantine or p=reject and an SVG Tiny P/S logo file that conforms to the W3C profile. You can generate a compliant SVG and audit your DMARC configuration at makeBIMI.

Step 2: The Certificate Audit

VMC issuance requires trademark verification, identity notarization, and cryptographic key generation. Organizations often use a managed service such as veriBIMI to handle the CA application, compliance documentation, and certificate delivery.

Step 3: Deployment

After the CA issues the certificate, publish it at the URL referenced in the a= tag and update your DNS record. Gmail typically begins displaying your logo and verified checkmark within 48 hours of DNS propagation.

References

[1] AuthIndicators Working Group. "BIMI Implementation Guide." BIMI Group, https://bimigroup.org/implementation-guide/ [2] Google Workspace Admin Help. "Set up BIMI." Google Support, https://support.google.com/a/answer/10911320