BIMI Check: a beginner's guide
Validate brand logo configuration for email
BIMI: how to put your logo next to your emails in Gmail
BIMI (Brand Indicators for Message Identification) is a relatively new email standard — published in 2020, gradually rolling out across mailbox providers since — that lets you display your verified brand logo next to your email messages in supporting inboxes. When BIMI is set up correctly, recipients in Gmail, Yahoo Mail, Apple Mail, Fastmail, and a growing list of others see your logo (rather than a generic placeholder) as an avatar in their inbox list and inside opened messages. It is the closest thing to "verified brand" status in the email world, and it is genuinely a marketing upside rather than a defensive control.
You should care because BIMI is the first email standard in years that actually delivers visible, branded value in the inbox. Spam filtering, SPF, DKIM, and DMARC are all defensive — they prevent bad things from happening. BIMI is offensive: it makes your good messages look more legitimate, more recognizable, and more clickable. Internal studies from major mailbox providers and brand-protection vendors have found that BIMI-enabled emails see open-rate lifts in the high single digits, which is enormous in an industry where percentage-point improvements are celebrated.
The four prerequisites every BIMI check looks at:
DMARC at `p=quarantine` or `p=reject`. This is non-negotiable — BIMI requires that DMARC be at enforcement, not in monitor mode. If your DMARC is `p=none`, BIMI will not display.
A BIMI record in DNS. Lives at `default._bimi.example.com` and points at the URL of your logo file.
An SVG Tiny PS logo file. BIMI uses a specific subset of SVG ("SVG Tiny Portable/Secure") that strips out anything that could be used for tracking or scripts.
A Verified Mark Certificate (VMC) — sometimes optional, sometimes required. Gmail and some other providers require a paid VMC from a trusted CA (Entrust or DigiCert) that verifies your trademark ownership. The VMC costs around $1,500 per year per brand.
Three questions a BIMI check answers:
Am I eligible for BIMI right now, given my DMARC status?
Is my logo file in the right format and reachable at the right URL?
If I add a Verified Mark Certificate, would my logo actually appear in Gmail?
The cost of skipping BIMI is leaving a meaningful inbox-visibility win on the table. The cost of adding it is the prerequisites (which you should have anyway) plus the optional VMC if you want full Gmail support. For brands that depend on email — newsletters, B2C marketing, transactional alerts — BIMI is one of the few "paid mailbox-provider unlocks" worth the investment. The official BIMI specification is at bimigroup.org.
The BIMI Check endpoint, in plain language
In one sentence: Validate brand logo configuration for email
Checks BIMI (Brand Indicators for Message Identification) configuration that enables verified brand logos to appear next to emails in supporting clients including Gmail, Apple Mail (iOS 16+/macOS Ventura+), Yahoo Mail, and Fastmail. Validates the BIMI DNS (Domain Name System) record, SVG Tiny PS logo URL (web address) accessibility and format requirements, Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) reference, and DMARC (Domain-based Message Authentication, Reporting and Conformance) enforcement prerequisite (p=quarantine or p=reject required).
Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.
What is actually happening when you call it
Here's what's actually happening behind the scenes when you call this endpoint:
Queries the default._bimi.<domain> TXT record (text record) for the BIMI (Brand Indicators for Message Identification) record, validates the v=BIMI1 syntax, checks the SVG Tiny PS logo URL (web address) (l= tag) for accessibility, correct content type (image/svg+xml), HTTPS (secure HyperText Transfer Protocol) requirement, and file size limit (32KB max). Verifies the VMC/CMC certificate URL (a= tag) if present. Checks the domain's DMARC (Domain-based Message Authentication, Reporting and Conformance) policy as a prerequisite — BIMI requires p=quarantine or p=reject to function. Reports which email clients will display the logo based on VMC/CMC status.
If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.
Why this specific tool matters
Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the BIMI Check tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.
BIMI (Brand Indicators for Message Identification) increases email engagement by displaying your verified brand logo directly in the inbox — studies show 10-20% higher open rates with brand indicators. It also provides anti-phishing benefits since only properly authenticated domains with enforced DMARC (Domain-based Message Authentication, Reporting and Conformance) can use BIMI. Gmail requires a VMC (Verified Mark Certificate) or CMC (Common Mark Certificate) from DigiCert or Entrust for logo display. CMC is a lower-cost alternative that does not require a registered trademark. Apple Mail supports BIMI via Apple Business Connect, while Yahoo Mail and Fastmail display logos without requiring VMC.
Picture this in real life. Imagine a marketing manager. Here's the situation they're walking into: Verify BIMI (Brand Indicators for Message Identification) is properly configured to display company logo in Gmail, Apple Mail, Yahoo Mail, and other supporting email clients. Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the BIMI Check tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.
Three questions this tool answers in plain English. If any of these have ever crossed your mind, the BIMI Check tool is built for you:
Will the emails I send actually reach the inbox, or are they going to spam?
Can someone else send phishing emails pretending to be my domain?
Have I set up the three rulebooks (SPF, DKIM, DMARC) that mailbox providers now require?
You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.
Who gets the most out of this. Small-business owners worried about deliverability, marketing managers onboarding a new email service, IT admins prepping for a security audit, and brand teams protecting against phishing. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.
What happens if you skip this entirely. Skip it and your real emails risk landing in the spam folder while scammers find it easier to impersonate your brand. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.
Available on the free plan. The technical details: `GET /v1/security/bimi`.
When would I actually use this?
If you're still on the fence about whether the BIMI Check tool belongs in your toolbox, this section is for you. Below you'll meet three real people — a marketing manager, a email administrator, a brand manager, and a security engineer — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.
Story 1: Brand Email Enhancement
Imagine you're a marketing manager. Verify BIMI (Brand Indicators for Message Identification) is properly configured to display company logo in Gmail, Apple Mail, Yahoo Mail, and other supporting email clients.
Why it matters: Increase email open rates and brand recognition with verified logo visibility in inbox.
Story 2: BIMI Implementation Validation
Imagine you're an email administrator. After uploading SVG Tiny PS logo and publishing BIMI (Brand Indicators for Message Identification) DNS (Domain Name System) record, verify configuration meets all requirements including DMARC (Domain-based Message Authentication, Reporting and Conformance) enforcement.
Why it matters: Confirm BIMI (Brand Indicators for Message Identification) setup is complete and correct before announcing to stakeholders.
Story 3: Competitive Brand Analysis
Imagine you're a brand manager. Check if competitors have implemented BIMI (Brand Indicators for Message Identification) and whether they have VMC/CMC certificates for Gmail display.
Why it matters: Benchmark brand email experience and identify competitive advantages.
Story 4: DMARC Readiness Check
Imagine you're a security engineer. Before investing in BIMI (Brand Indicators for Message Identification) setup (SVG logo, VMC/CMC certificate), verify that DMARC (Domain-based Message Authentication, Reporting and Conformance) enforcement is at p=quarantine or p=reject — the mandatory prerequisite.
Why it matters: Avoid wasted investment on BIMI (Brand Indicators for Message Identification) configuration that won't display due to insufficient DMARC (Domain-based Message Authentication, Reporting and Conformance) enforcement.
Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the BIMI Check tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:
When setting up email on a brand-new domain.
After signing up for a new email-sending service (Mailchimp, SendGrid, HubSpot, etc.).
When a customer reports that your emails are landing in their spam folder.
Before a security audit, a SOC 2 review, or a major marketing campaign.
If you can see yourself in even one of those bullets, the BIMI Check tool will pay for itself the first time you use it.
Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the BIMI Check tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.
The easiest way: just ask your AI assistant
If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:
"Use the BIMI Check tool to check cnn.com and explain anything that looks wrong in plain language."
The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.
MCP (Model Context Protocol) access is free on every plan, including the free tier. One API key works for both REST and AI — you do not have to choose.
The technical way: call it from code
If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.
# Replace edns_live_YOUR_KEY with your real API key from the dashboard
curl -H "Authorization: Bearer edns_live_YOUR_KEY" \
"https://api.edgedns.dev/v1/security/bimi?domain=cnn.com"What you need to provide
There's just one piece of information you need to provide. The table below explains exactly what it is and what a real value looks like.
| Field | Type | Required? | What it means | Example |
|---|---|---|---|---|
domain | string | Yes | The domain to check BIMI (Brand Indicators for Message Identification) configuration for | cnn.com |
What you get back
When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.
| Field | Type | What you'll see in it |
|---|---|---|
domain | string | The queried domain |
has_bimi | boolean | Whether a BIMI (Brand Indicators for Message Identification) record exists |
record | string | Raw BIMI (Brand Indicators for Message Identification) record value |
version | string | BIMI (Brand Indicators for Message Identification) version (v=BIMI1) |
logo_url | string | SVG Tiny PS logo URL (web address) from l= tag |
vmc_url | string | VMC/CMC certificate URL (web address) from a= tag (required for Gmail) |
logo_valid | boolean | Whether the logo URL (web address) is accessible, returns valid SVG content type, and meets size requirements |
has_vmc | boolean | Whether a VMC (Verified Mark Certificate) or CMC (Common Mark Certificate) certificate is referenced |
dmarc_enforced | boolean | Whether DMARC (Domain-based Message Authentication, Reporting and Conformance) is set to quarantine or reject (required for BIMI (Brand Indicators for Message Identification)) |
issues | array | Configuration issues and warnings |
recommendations | array | Setup and improvement recommendations |
Words you might be wondering about
If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.
DNS (Domain Name System) — The internet's address book. When you type a website name, DNS turns it into the actual numeric address computers use to find each other.
URL (web address) — The full address of a page, like https://example.com/about.
HTTPS (secure HyperText Transfer Protocol) — HTTP with encryption — the little padlock in your browser. It means nobody between you and the website can read what you're sending.
TXT record (text record) — A DNS entry that holds plain text. Used for things like proving you own a domain or listing who can send email as you.
DMARC (Domain-based Message Authentication, Reporting and Conformance) — An email rulebook you publish in your DNS. It tells receiving servers what to do with email that fails SPF or DKIM checks — ignore it, send it to spam, or block it entirely.
BIMI (Brand Indicators for Message Identification) — A standard that lets your company logo appear next to your emails in supported inboxes — but only after you've already set up DMARC properly.
VMC (Verified Mark Certificate) — A special certificate that proves you actually own a trademarked logo, required by Gmail before it'll display your logo using BIMI.
CMC (Common Mark Certificate) — A cheaper alternative to a Verified Mark Certificate that doesn't require a registered trademark — useful for organizations that just want to use BIMI without going through trademark filing.
Need Programmatic Access?
Automate domain intelligence with 100+ API endpoints and a free MCP server for AI integration.