IT Security Blog

BIMI: Additional Email-Trust Trust for B2C Companies

Written by Linus Espach | Nov 24, 2025 3:34:53 PM

BIMI is still a little-known standard, although it has existed since 2019 and offers great added value for companies in the B2C sector.

With BIMI, the verified company logo appears directly in the recipient's inbox. This creates trust - because the logo is only displayed if the company's domain has been successfully authenticated and all the necessary verification steps have been completed.

What added value does BIMI offer?

BIMI combines security and branding - and makes your emails more visible, trustworthy and successful.
The following points are particularly interesting for companies, especially in the B2C environment:

  • More visibility & brand in the inbox
    Your verified logo is displayed directly next to the email - the email stands out more, the brand is recognized more quickly and stands out from the competition.
  • More trust & protection against phishing
    BIMI requires SPF, DKIM and DMARC. Only the genuine sender may use the logo. This provides security for recipients and makes spoofing and phishing with your brand more difficult.
  • Better performance in email marketing
    In practice, more trust and attention lead to higher open and click rates and therefore to more sales and better campaign results.

How do I implement BIMI?

1. create the prerequisites (SPF, DKIM, DMARC)

Before BIMI can work at all, your domain must be technically secure:

  • Set up SPF
    • SPF record as TXT in DNS: Which mail servers are allowed to send on behalf of your domain?
  • Activate DKIM
    • Generate DKIM key in the MTA
    • Publish the public key as a TXT record in the DNS
  • Set DMARC with strict policy
    • e.g.: v=DMARC1; p=reject; rua=mailto:xyz@rep.dmarcanalyzer.com; ruf=mailto:xyz@for.dmarcanalyzer.com; adkim=s; aspf=s; fo=1;
    • Long-term it is best to use reject and not quarantine
    • Important: SPF/DKIM should be aligned (sender domain)

2. create logo in the correct format

BIMI needs a special logo:

  • Square SVG (SVG Tiny PS, no embedded raster images)

  • Simple, clear version of your logo

  • Preferably without text or very small text so that it is still recognizable in small size

  • Logo on a stable background (no transparent border chaos)

  • The logo must be publicly accessible via https (e.g. hosted on Cloudflare)

3. verified mark certificate (VMC)

Many large providers (e.g. Gmail) require a VMC so that the logo is securely verified:

  • Buy a VMC from a certified provider (e.g. DigiCert, Entrust)
  • Prerequisite: registered trademark for your logo (usually costs a one-off fee of CHF 300 from your trusted lawyer)
  • You will receive a certificate file (e.g. .pem), which is also accessible via HTTPS

4. create a BIMI DNS record

Now BIMI is "armed" using a TXT record:

  • A host name is created in the DNS for this purpose:
    • Domain: default._bimi.deinedomain.de
    • Example (with VMC): v=BIMI1; l=https://static.deinedomain.de/bimi/logo.svg; a=https://static.deinedomain.de/bimi/dein-vmc.pem

BIMI should now be successfully configured and the company logo should be directly visible in the inbox.

Conclusion

BIMI is more than just a visual detail in the inbox - it combines security, brand strengthening and better performance in email marketing. Companies that properly authenticate their domain and introduce BIMI immediately gain trust, visibility and professionalism. At the same time, phishing is made much more difficult because only legitimately verified senders are allowed to display their logo.

Those who invest in clean email communication today will benefit tomorrow from higher open rates, clear brand perception and a competitive advantage that many industries have not yet exploited. BIMI is therefore a comparatively small technical effort - with a noticeable effect.
View full post