authex

The verified checkmark is earned.

BIMI puts your brand's logo, and Gmail's blue verified checkmark, next to every email you send. But only once your domain is enforcing DMARC. Here is how it works, and what it costs.

Trust, before the open.

BIMI displays your logo next to your messages in supporting inboxes: Gmail, Apple Mail, Yahoo, Fastmail. In Gmail, a verified brand also earns a blue checkmark that tells the recipient the sender is who it claims to be.

It is the first brand-level signal a recipient sees, and it lands before they have read a single word. In a crowded inbox, that is the difference between recognised and ignored.

Y
yourcompany.com

Your receipt is attached

Logo + verified checkmark, in the inbox

You earn it by enforcing.

BIMI has one hard prerequisite: your domain must be enforcing DMARC, a policy of p=quarantine or p=reject. There is no logo for a domain that only monitors. That is by design. The inbox will only vouch for a brand that has already proven it controls its own mail.

Which makes BIMI the clearest reward for enforcement there is. Most of what enforcement buys you is invisible: the spoofed mail that never lands. The checkmark is the part your customers actually see. If your domain is not enforcing yet, the rollout playbook is the path there.

The toll: the certificate.

Displaying the logo in Gmail and Apple Mail takes more than the record. You need a Verified Mark Certificate, a certificate that proves you own the logo, issued by a CA like DigiCert or Entrust. It requires a registered trademark, and it runs around $1,500 a year.

For brands without a registered trademark, a newer Common Mark Certificate covers logos already in use, at lower cost, and Gmail now supports it. Either way, the certificate is the real gate. Not the technology.

$1,500

Typical VMC, per year

Plus the trademark behind it. This, not the DNS, is why most brands never get the logo.

What it takes.

Four pieces, ordered hardest first. Most domains stop at the first one.

01DMARC enforcement

A policy at quarantine or reject

The hard prerequisite. BIMI shows no logo for a domain at p=none. Your DMARC has to be enforcing before anything else matters.

02SVG logo

Your mark, in SVG P/S

A square brand mark in the SVG Tiny Portable/Secure profile, hosted over HTTPS. Not a PNG, not a full lockup. Just the square logo.

03VMC or CMC

A certificate that proves it's yours

A Verified Mark Certificate for a registered trademark, or the newer Common Mark Certificate for a mark in prior use. This is what Gmail and Apple Mail check before they render the logo.

04default._bimi

The DNS record

A TXT record pointing to the logo and the certificate. Publishing it is the easy part; everything above it is the work.

v=BIMI1; l=https://yourcompany.com/bimi/logo.svg; a=https://yourcompany.com/bimi/vmc.pem

Authex hosts it, and keeps it valid.

Authex hosts your BIMI SVG and certificate, publishes and validates the record, and tracks the certificate's renewal so your logo never silently drops from the inbox. And because the Agent already takes your domain to enforcement, the hard prerequisite is handled. BIMI is just the visible payoff of the work it already does.

Questions, answered.

How do I get the BIMI logo to show in Gmail?

Four things have to line up: your domain has to be enforcing DMARC at p=quarantine or p=reject, you need a square SVG logo in the Tiny P/S profile, you need a Verified Mark Certificate or Common Mark Certificate that proves the logo is yours, and you publish a default._bimi DNS record pointing to both. Gmail checks the certificate, then renders your logo and, for verified brands, a blue checkmark.

Does BIMI require DMARC enforcement?

Yes. This is the one non-negotiable prerequisite. Your domain must publish a DMARC policy of p=quarantine or p=reject. A domain at p=none, monitoring only, cannot display a BIMI logo no matter what else is in place. The inbox only vouches for brands that already enforce.

What is a VMC?

A Verified Mark Certificate is issued by a certificate authority such as DigiCert or Entrust, and proves your organisation owns the logo you want to display. Gmail and Apple Mail require one before they will render a BIMI logo. Issuing it requires a registered trademark for the mark, and it costs roughly $1,500 a year.

Do I need a registered trademark for BIMI?

For a Verified Mark Certificate, yes, and that requirement is what stops most small businesses at the door. The newer Common Mark Certificate was introduced for logos in genuine prior use that are not registered as trademarks, and Gmail supports it. A CMC lets you display a logo without holding a registered mark.

What's the difference between a VMC and a CMC?

A VMC (Verified Mark Certificate) is tied to a registered trademark. A CMC (Common Mark Certificate) covers a logo in prior use that is not registered. Both let supporting inboxes display your logo; the VMC is the one associated with Gmail's blue verified checkmark, while CMC support and checkmark treatment vary by provider.

How much does BIMI cost?

The technology is free. The certificate is not. A Verified Mark Certificate runs around $1,500 a year from the issuing CA, and a Common Mark Certificate is lower but still recurring. That certificate, plus the trademark work behind a VMC, is the real price of BIMI. The DNS and hosting are trivial by comparison.

Enforce first. Then claim the checkmark.

Scan your domain free to see whether you're enforcing yet, the prerequisite for the logo. Then let the Agent take it the rest of the way.

Free · No signup