BIMI Troubleshooting: Why Your Logo Is Not Displaying (Complete Guide)
Diagnose and fix the 7 most common reasons your BIMI logo is not appearing in email clients. Covers DMARC policy, SVG validation, MIME types, VMC/CMC certificates, DNS propagation, and client support.
BIMI Troubleshooting: Why Your Logo Is Not Displaying (Complete Guide)
Brand Indicators for Message Identification (BIMI) lets mailbox providers display your logo next to authenticated emails. When the logo fails to appear, the cause is almost always one of seven well-defined problems. This guide walks through each one in order of frequency, gives you the exact diagnostic steps, and tells you how to fix it.
Before You Start: How BIMI Logo Display Works
When a receiving mail server processes an inbound message, it:
- Checks that the sending domain passes DMARC at an enforcing policy.
- Looks up the BIMI DNS TXT record at
default._bimi.. - Fetches the SVG logo from the URL in the
l=tag. - (For providers that require it) Validates the Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) from the URL in the
a=tag. - Renders the logo in the inbox UI.
A failure at any step silently suppresses the logo. No error is shown to the sender or recipient.
Cause 1: DMARC Policy Is Not at p=quarantine or p=reject
This is the single most common reason BIMI logos do not display.
Every BIMI-supporting mailbox provider — including Google, Yahoo, Apple, Fastmail, and others — requires a DMARC policy of p=quarantine or p=reject before they will render a logo. A policy of p=none is treated as no enforcement and BIMI is ignored entirely.
How to Diagnose
Run a DNS lookup on your DMARC record:
dig TXT _dmarc.yourdomain.com
Check the p= value in the response. Also check:
sp=— the subdomain policy. If your email is sent from a subdomain,sp=nonewill block BIMI on that subdomain even if the root domain is atp=reject.pct=— the percentage tag. Some providers requirepct=100. A value below 100 may cause inconsistent logo display.
How to Fix
- Confirm your email authentication (SPF and DKIM) is passing consistently before raising the policy.
- Move DMARC from
p=nonetop=quarantine, monitor for two to four weeks. - Move to
p=rejectonce you are confident no legitimate mail is failing. - Set
pct=100explicitly. - If sending from subdomains, add
sp=quarantineorsp=reject.
Example of a correct DMARC record:
v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:[email protected];
Note: Raising your DMARC policy affects mail delivery. Do not skip the monitoring phase.
Cause 2: SVG File Is Not Accessible Over HTTPS
The mailbox provider's servers fetch your logo at the time of rendering. If the file returns anything other than a valid 200 OK response over HTTPS, the logo is suppressed.
Common Sub-causes
| Symptom | Likely Cause |
|---|---|
| 404 Not Found | Wrong URL in the l= tag, file moved or deleted |
| 403 Forbidden | CDN or WAF blocking non-browser user agents |
| 301/302 Redirect | Some providers do not follow redirects |
| SSL certificate error | Expired or self-signed TLS certificate on the hosting domain |
| HTTP URL | Plain HTTP is not accepted; HTTPS is mandatory |
How to Diagnose
- Copy the exact URL from your
l=tag. - Test it with
curlto simulate a non-browser fetch:
curl -I "https://yourdomain.com/bimi/logo.svg"
- Check the HTTP status code, the
Content-Typeheader, and whether any redirect occurs. - Test from multiple geographic locations or use an online HTTP header checker to rule out geo-blocking.
How to Fix
- Confirm the URL in your BIMI DNS record exactly matches the hosted file path — including case sensitivity.
- If using a CDN, whitelist the user agents used by major mailbox providers, or configure the CDN to serve the file publicly without bot protection.
- Ensure the hosting domain has a valid, trusted TLS certificate (not self-signed).
- If a redirect is unavoidable, update the
l=tag to point directly to the final URL. - Verify the file is accessible from outside your own network.
Cause 3: Server Returns the Wrong MIME Type
Even if the SVG file is accessible, the mailbox provider validates the Content-Type header returned by your server. The correct MIME type is image/svg+xml. Any other value — including text/plain, application/octet-stream, or text/html — will cause the logo to be rejected.
How to Diagnose
curl -I "https://yourdomain.com/bimi/logo.svg"
Look for the Content-Type line in the response headers:
Content-Type: image/svg+xml
If you see anything else, the MIME type is misconfigured.
How to Fix
The fix depends on your web server or hosting platform.
Apache — add to .htaccess or server config:
AddType image/svg+xml .svg .svgz
Nginx — add to mime.types or server block:
types {
image/svg+xml svg svgz;
}
Amazon S3 / CloudFront — set the Content-Type metadata on the object to image/svg+xml when uploading. S3 does not infer MIME types automatically.
Cloudflare Pages / Netlify — add a _headers file:
/bimi/logo.svg
Content-Type: image/svg+xml
After making changes, re-run the curl -I check to confirm the header is correct.
Cause 4: SVG File Fails W3C Tiny P/S Validation
BIMI does not accept standard SVG files. The specification requires SVG Tiny 1.2 Portable/Secure (SVG Tiny P/S), a restricted profile designed to be safe for rendering in untrusted contexts. Most SVG files exported from design tools such as Adobe Illustrator, Figma, or Inkscape do not conform to this profile without modification.
Common Validation Failures
| Issue | Why It Fails |
|---|---|
| Missing or wrong baseProfile | Must be baseProfile="tiny" in the element |
| Missing version="1.2" attribute | Required by the spec |
| Embedded raster images () | Not permitted in Tiny P/S |
| JavaScript or event handlers | Strictly prohibited |
| External references or with external href | Not permitted |
| CSS @import or external stylesheets | Not permitted |
| Filters, masks, or gradients (in some implementations) | Limited support |
| File not wrapped in as the root element | Structural requirement |
How to Diagnose
- Open your SVG in a text editor and inspect the opening
tag. It must include:
```xml