Technical Reference · 2026 Edition

The Definitive BIMI Implementation Guide

Everything your team needs to go from zero to a verified logo in the inbox — the SVG specification, the DMARC prerequisite, and the certificate landscape explained in full.

Last updated July 3, 2026 7 min read

What BIMI Actually Is

Brand Indicators for Message Identification (BIMI) is an email specification that allows domain owners to display a verified, authenticated logo next to their messages in supporting email clients. It is not a marketing gimmick — it is the visual output of a rigorous, multi-layer authentication chain.

BIMI was formalized as RFC 9091 (Experimental) by the IETF in July 2021. The standard is governed by the AuthIndicators Working Group, a coalition of Gmail, Yahoo, Apple, Fastmail, and Cloudmark. It sits at the intersection of email security, brand identity, and DNS infrastructure.

BIMI is the visual reward for strict domain security. You cannot fake it. You cannot buy it without doing the underlying security work. That is precisely what makes the logo meaningful.

The SVG Tiny P/S Standard — Why It's So Restrictive

BIMI does not accept a standard SVG file. It requires a file conforming to SVG Tiny P/S (Portable/Secure) — a highly restrictive XML profile defined specifically for use in email rendering environments.

Email clients render BIMI logos in a sandboxed context alongside untrusted content from millions of senders. A standard SVG file is a powerful, general-purpose format capable of executing scripts, loading external resources, and embedding arbitrary binary data. In an email context, these capabilities are not features — they are attack vectors.

The W3C SVG Tiny P/S profile eliminates these vectors by explicitly forbidding: