Technical Reference · 2026 Edition

Why Your BIMI Logo is Not Showing in Gmail

Last updated July 4, 2026 3 min read

Why Your BIMI Logo is Not Showing in Gmail

You configured your DNS records, published your default._bimi TXT string, and confirmed your logo displays in Yahoo Mail. When you send a test message to a Gmail address, the recipient sees a generic gray silhouette instead of your brand logo.

This behavior is not a DNS propagation issue. Gmail enforces stricter BIMI validation than other mailbox providers. To display your logo in Gmail, you must meet requirements that self-asserted records do not satisfy.

The Reality of Self-Asserted BIMI

The BIMI standard defines two deployment types: Self-Asserted and Certified.

A self-asserted record references an SVG file hosted on your domain, with no cryptographic proof of ownership: v=BIMI1; l=https://yourdomain.com/logo.svg;

Support for self-asserted records varies by mailbox provider. Yahoo Mail and AOL accept self-asserted records. If your DMARC policy is set to p=quarantine or p=reject and your SVG file conforms to the SVG Tiny P/S profile, Yahoo displays your logo without requiring a certificate [1].

The Gmail Requirement: The Verified Mark Certificate

Gmail does not accept self-asserted BIMI records. To prevent logo spoofing, Google requires cryptographic proof of trademark ownership.

To display your logo in Gmail and Apple Mail, you must obtain a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC) from a WebTrust-accredited Certificate Authority (CA), such as Entrust or DigiCert [2].

During certificate issuance, the CA verifies your organization's legal identity and confirms trademark ownership of the logo. The CA then issues a .pem certificate file that binds the logo to your domain.

The a= Tag Requirement

After you receive the certificate, add the a= tag to your BIMI DNS record. The tag must point to the publicly hosted .pem file:

v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/cert.pem;

When Gmail receives a message from your domain, it performs the following checks:

  1. Verifies the message passes DMARC authentication.
  2. Retrieves the BIMI TXT record.
  3. Downloads the certificate from the a= tag.
  4. Cryptographically validates the certificate against the Root CA.
  5. Renders the logo and the verified checkmark in the inbox.

If the a= tag is missing or the certificate fails validation, Gmail suppresses the logo and displays the default avatar. No error is returned to the sender.

How to Fix the Issue

A self-asserted record is not sufficient for Gmail. To display your logo across all major mailbox providers, deploy a certified BIMI record.

Step 1: Technical Prerequisites

Before you apply for a VMC, verify your infrastructure meets the requirements. You need a DMARC policy of p=quarantine or p=reject and an SVG Tiny P/S logo file that conforms to the W3C profile. You can generate a compliant SVG and audit your DMARC configuration at makeBIMI.

Step 2: The Certificate Audit

VMC issuance requires trademark verification, identity notarization, and cryptographic key generation. Organizations often use a managed service such as veriBIMI to handle the CA application, compliance documentation, and certificate delivery.

Step 3: Deployment

After the CA issues the certificate, publish it at the URL referenced in the a= tag and update your DNS record. Gmail typically begins displaying your logo and verified checkmark within 48 hours of DNS propagation.

References

[1] AuthIndicators Working Group. "BIMI Implementation Guide." BIMI Group, https://bimigroup.org/implementation-guide/ [2] Google Workspace Admin Help. "Set up BIMI." Google Support, https://support.google.com/a/answer/10911320