BIMI Record Checker & Logo Validator
Verify BIMI (Brand Indicators for Message Identification) DNS records for any domain and validate the SVG logo file against the strict SVG Tiny Portable/Secure (SVG Tiny PS) profile required for email client display. Checks DNS record syntax at default._bimi.{domain}, fetches the logo URL, validates SVG profile compliance (no scripts, no animations, square aspect ratio, file size), and confirms Verified Mark Certificate (VMC) presence required for Gmail.
BIMI Record Check
What is BIMI?
BIMI displays your verified brand logo next to messages in supporting clients (Gmail, Yahoo, Apple Mail, AOL, Fastmail).
Requires DMARC at p=quarantine or p=reject with pct=100 and an SVG Tiny PS-compliant logo. Gmail additionally requires a Verified Mark Certificate (VMC).
First time setting up email auth? Read the Email Deliverability Guide 2026 — BIMI is the last step.
Domains with BIMI
Click to check a popular BIMI-enabled domain:
Mail Client BIMI Support (2026)
| Client | BIMI | VMC required | Since |
|---|---|---|---|
| Gmail | ✓ | Required | 2021 |
| Yahoo Mail | ✓ | No | 2020 |
| Apple Mail (macOS Ventura+, iOS 16+) | ✓ | No | 2023 |
| AOL Mail | ✓ | No | 2021 |
| Fastmail | ✓ | No | 2022 |
| La Poste (France) | ✓ | No | 2022 |
| Outlook / Outlook.com / Hotmail | ✗ | — | No public plans |
| Most B2B mail clients | ✗ | — | — |
About BIMI Record Checker & Logo Validator
BIMI (Brand Indicators for Message Identification) is the visual identity layer of email authentication. When properly configured, BIMI lets supporting mail clients (Gmail, Yahoo Mail, Apple Mail since macOS Ventura, AOL, Fastmail) display your verified brand logo next to messages from your domain — a strong visual trust signal that helps recipients distinguish legitimate mail from phishing attempts that use lookalike domains. BIMI builds on DMARC. To publish a BIMI record, your domain must already enforce DMARC at p=quarantine or p=reject with pct=100. The BIMI logo URL is published in a DNS TXT record at default._bimi.{domain}, pointing to an SVG file that must conform to the strict SVG Tiny Portable/Secure (SVG Tiny PS) profile. The BIMI Checker validates all three layers: DNS record syntax, SVG Tiny PS profile compliance, and VMC presence — in one pass.
Why use a BIMI Record Checker & Logo Validator?
BIMI setup is unusually fragile because there are three independent failure points: the DNS record, the SVG logo file, and the optional VMC certificate. Standard online SVG validators won't flag SVG Tiny PS profile violations (script elements, animation elements, external image references, non-square aspect ratios) — they only check generic SVG syntax. As a result, many domains publish BIMI records pointing to SVG files that pass generic validation but silently fail in Gmail's BIMI rendering pipeline, and the domain owner never finds out because there's no error message — the logo just doesn't appear. The BIMI Checker performs all three validations in one pass: DNS record lookup at default._bimi.{domain}, full SVG Tiny PS profile compliance check (parsing every element and attribute against the BIMI 1.0 specification), and VMC certificate detection (fetching the certificate URL from the a= tag if present and validating the issuing authority). For each failed check, the tool provides a specific remediation step.
Who is it for?
Brand and marketing teams setting up BIMI for the first time. Email administrators verifying BIMI works after migrating ESPs or DNS providers. Designers producing BIMI-compliant SVG logos and validating them before publication. Domain administrators evaluating whether BIMI investment is worthwhile (the VMC cost is significant). Phishing investigators checking competitor or impersonation-victim domains for BIMI status. ESPs offering BIMI as a customer feature, verifying customer setup. Consumer brands with large outbound email volume seeking to differentiate legitimate mail from phishing in the recipient's inbox. Anyone in regulated industries (banking, healthcare, government) where visual brand verification is a compliance or risk-reduction priority.
How to use the tool
Enter the domain you want to check (e.g., example.com — no protocol or path needed)
Click 'Check BIMI' — the tool queries default._bimi.{domain} for the TXT record
Review the DMARC prerequisite check first: BIMI requires p=quarantine or p=reject with pct=100
Inspect the logo (l=) URL: HTTPS scheme, content type, file size, SVG Tiny PS compliance
Inspect the VMC (a=) URL if present: PEM certificate chain, issuing CA (DigiCert / Entrust)
Read the client compatibility matrix — which mail clients will actually display the logo
Address all flagged issues (error / warning / info) before re-publishing
Key Features
DNS BIMI record lookup
Fetches and parses the TXT record at default._bimi.{domain}, validates v=BIMI1, extracts l= (logo URL) and a= (VMC URL).
SVG Tiny PS validation
Full profile compliance check against the BIMI 1.0 specification: baseProfile="tiny-ps", square aspect ratio, forbidden elements (script, animate, foreignObject), forbidden attributes (event handlers), external resource references.
VMC certificate detection
Fetches the VMC URL, confirms it's a PEM certificate chain, and identifies the issuing CA (DigiCert or Entrust) — required for Gmail BIMI display.
Logo preview
Displays the actual SVG inline so you can confirm it looks correct before publishing — and see what mail clients will render.
Client compatibility matrix
Per-client breakdown: Gmail (needs VMC), Yahoo, Apple Mail, AOL, Fastmail. Shows which clients will actually display the logo based on the current setup.
DMARC prerequisite check
Verifies DMARC is at p=quarantine or p=reject with pct=100. BIMI cannot work without enforcing DMARC, and this is the #1 reason 'BIMI is set up but the logo doesn't show'.
Common Use Cases
First-time BIMI setup verification
Scenario: You just published your BIMI DNS record and want to confirm all three layers (DNS, SVG, VMC) work before announcing it.
✓ One check verifies every layer. Catches the SVG Tiny PS violations that generic SVG validators miss, the wrong-Content-Type Mistake, and the missing-DMARC-prerequisite gotcha all in one pass.
SVG troubleshooting
Scenario: BIMI DNS is published, VMC is valid, DMARC enforces — but the logo isn't displaying in Gmail or Yahoo.
✓ SVG Tiny PS validator pinpoints the specific element or attribute that's blocking display. Usually a forbidden <script>, <animate>, or external image reference that Illustrator/Figma added without warning.
Pre-VMC validation
Scenario: You're considering buying a $1,500+/year VMC and want to confirm BIMI works on Yahoo / Apple Mail (which don't require VMC) before spending.
✓ Validate the DNS + SVG layers without VMC. If everything checks out, you'll get BIMI rendering on Yahoo, Apple, AOL, and Fastmail today — and can decide whether Gmail's VMC requirement is worth the cost.
Migration verification
Scenario: You changed DNS providers or ESPs and want to confirm BIMI still works after the migration.
✓ Catches the common 'BIMI record didn't propagate' / 'SVG URL changed and is now a 404' / 'VMC URL moved' failure modes in one check.
Competitor BIMI audit
Scenario: You want to know whether competitors in your industry have BIMI configured.
✓ Public DNS data — you can check any domain. Useful for sales pitches ('our competitors are getting BIMI logos in inboxes; you should too') and for understanding industry adoption.
Validation follows the BIMI 1.0 specification and SVG Tiny PS profile exactly. Matches what supporting mail clients (Gmail, Yahoo, Apple Mail) will compute when they evaluate your record.
DNS lookup and logo/VMC fetches run server-side through our edge proxy. The domain is queried but not stored. Logo and VMC files are fetched once for validation and not retained.
Globally distributed edge infrastructure for low-latency queries.
Frequently Asked Questions
Do I need a VMC certificate for BIMI?
Only for Gmail. Gmail strictly requires a Verified Mark Certificate (VMC) issued by DigiCert or Entrust ($1,500-2,500/year) before it will display your BIMI logo. Yahoo Mail, Apple Mail (macOS Ventura+), AOL, and Fastmail all display BIMI logos without VMC if the DNS record is valid, the SVG passes SVG Tiny PS validation, and DMARC enforces at p=quarantine or p=reject. For B2C brands targeting Gmail-heavy audiences, the VMC investment is justified; for B2B or audiences on non-Gmail clients, BIMI without VMC delivers meaningful value at zero recurring cost.
Which email clients support BIMI?
As of 2026: Gmail (with VMC required, since 2021), Yahoo Mail (since 2020), Apple Mail (macOS Ventura+ and iOS 16+, since 2023, no VMC required), AOL Mail, Fastmail, La Poste (France), and several smaller providers. Notably missing: Microsoft Outlook (no public BIMI roadmap as of 2026), Outlook.com / Hotmail, and most B2B-focused mail clients. Roughly 60-70% of consumer email is now BIMI-aware; B2B email is largely not yet. Check the tool's client compatibility matrix for current status.
What are the SVG requirements for BIMI?
The logo must conform to SVG Tiny Portable/Secure (SVG Tiny PS), a restricted SVG 1.2 Tiny subset. Specifically: must declare baseProfile="tiny-ps" in the root <svg> element; must have square aspect ratio (viewBox width equals height); must NOT contain <script>, <animate>, <animateMotion>, <foreignObject>, or <use> elements referencing external resources; must NOT include image references via xlink:href; must keep file size under 32KB recommended; must NOT use externally-referenced fonts. Generic SVG exports from Figma or Illustrator almost never comply without post-processing. Several tools (BIMI-specific SVG converters from DigiCert and others) help convert standard SVGs to compliant ones.
Can I set up BIMI without DMARC at p=reject?
Yes, BIMI works at DMARC p=quarantine or p=reject as long as pct=100. The minimum DMARC policy for BIMI is p=quarantine with pct=100 — BIMI does not require p=reject specifically. However, p=none does NOT meet BIMI requirements — receivers will fetch your BIMI record but refuse to display the logo because the underlying authentication policy isn't strict enough. If you're still in DMARC ramp-up (p=none monitoring phase), complete the ramp to p=quarantine pct=100 before publishing BIMI.
How much does a VMC cost?
DigiCert: $1,499/year as of 2026 (one-year terms). Entrust: $1,599-2,499/year depending on bundle. Both require ownership verification of a registered trademark on the logo — unregistered or pending trademarks are not accepted. The validation process takes 2-6 weeks and requires legal documentation. There are no free or open-source VMC alternatives currently — the issuing authority infrastructure is restricted to a small number of CAs. For most non-Gmail use cases (Yahoo, Apple Mail, AOL), VMC is not required, so the cost decision is essentially 'is Gmail BIMI worth $1,500/year for our outbound volume?'
How long does BIMI verification take?
DNS propagation: 1-48 hours typical for the BIMI TXT record. VMC certificate issuance: 2-6 weeks for trademark verification. SVG Tiny PS conversion: 1-4 hours of designer work for a typical logo. Gmail's BIMI cache: once your record and VMC are valid, Gmail may take an additional 24-72 hours to refresh its cache and start displaying the logo. Total realistic timeline from project start to logos appearing in Gmail inboxes: 4-8 weeks. Other clients (Yahoo, Apple Mail) refresh faster, typically within 24-72 hours of DNS propagation.
What is SVG Tiny PS?
SVG Tiny PS (Portable/Secure) is a restricted profile of SVG 1.2 Tiny, defined by the BIMI specification to prevent any logo content that could pose security risks or render unpredictably across email clients. The 'Portable' aspect ensures the logo renders identically on any compliant client; the 'Secure' aspect prevents JavaScript execution, external resource fetching, and other attack vectors. Practical impact: most SVG editors export non-compliant files by default, so logos almost always need post-processing through BIMI-specific conversion tools.
Does Outlook support BIMI?
Not as of 2026. Microsoft has not published a BIMI roadmap for Outlook.com, Hotmail, or Outlook desktop/mobile clients. This is the largest gap in BIMI's consumer coverage — Outlook still represents ~15-20% of consumer email globally. For audiences heavily on Outlook, BIMI provides no visible benefit. For audiences on Gmail+Yahoo+Apple Mail (typically 70-80% of consumer email), BIMI delivers visible brand trust signals to most recipients.
Is BIMI worth it for my business?
Depends on three factors: (1) Outbound volume to BIMI-supporting clients — high-volume B2C brands sending to Gmail/Yahoo/Apple Mail get high visibility return; B2B brands sending to corporate Outlook get little. (2) Brand recognition value — if your logo is widely recognized, visible BIMI rendering builds trust on every message; if recognition is low, the visual benefit is modest. (3) Cost tolerance — for Yahoo/Apple/AOL BIMI without VMC, ongoing cost is essentially zero (just designer time for SVG); for Gmail BIMI with VMC, you commit to $1,500-2,500/year recurring. For brands sending 100k+ messages/month to Gmail recipients with a recognized logo, ROI is typically clear; for everyone else, the calculation requires care.
Can I have BIMI without DMARC?
No. BIMI is built on top of DMARC and explicitly requires DMARC enforcement at p=quarantine or p=reject with pct=100. Without DMARC enforcement, mail clients refuse to render the BIMI logo because the underlying anti-spoofing posture isn't strong enough to justify the visual brand verification. If you don't have DMARC set up, complete the DMARC migration first (p=none monitoring → p=quarantine ramp → p=reject), then publish BIMI. This is the correct security ordering: visual trust requires verified authentication.
Technical Specifications
Supported Formats
- ✓BIMI 1.0 DNS record parsing
- ✓SVG Tiny PS profile validation
- ✓VMC certificate URL fetch + CA identification (DigiCert / Entrust)
- ✓DMARC prerequisite check (p=quarantine or p=reject with pct=100)
- ✓Logo size, aspect ratio, baseProfile validation
- ✓Forbidden element / attribute detection
- ✓HTTPS scheme enforcement
- ✓Client compatibility matrix (Gmail, Yahoo, Apple Mail, AOL, Fastmail)
Limits & Performance
- •File Size: Single domain per check (logo + VMC fetched up to 256KB each)
- •Validations: Live DNS + HTTPS fetch + SVG profile validation
- •Response Time: Typically 1-5 seconds depending on logo size and VMC fetch
- •Browsers: All modern browsers
Pro Tips
- Configure DMARC at p=quarantine (or p=reject) with pct=100 first. BIMI cannot work without it.
- Use a BIMI-specialized SVG converter rather than generic SVG export — almost no Illustrator/Figma export is SVG Tiny PS compliant out of the box.
- Square logo only. Crop and design at 1:1 aspect ratio. Receivers will refuse to display non-square logos.
- Use HTTPS for both the l= (logo) and a= (VMC) URLs. HTTP fails security checks in modern clients.
- Keep the SVG file under 32KB. While larger files may technically work, several clients enforce a stricter limit than the spec.
- If you're targeting Gmail, budget 4-6 weeks for VMC issuance plus another 24-72 hours for Gmail's BIMI cache to refresh after publication.
- Skip ruf= when first publishing — focus on DMARC monitoring and BIMI logo display. Forensic reporting adds complexity without much value at the BIMI stage.
Share This Tool
Found this tool helpful? Share it with others who might benefit from it!
💡 Help others discover useful tools! Sharing helps us keep these tools free and accessible to everyone.