How to Get a Verified Checkmark in Gmail with BIMI

When you open an email from Apple or Google, you might notice a small blue checkmark or the brand’s official logo next to the sender’s name. That tiny icon is not decorative. It is a sign of verified authenticity, powered by BIMI (Brand Indicators for Message Identification).

Implementing BIMI is one of the most effective ways to increase trust, visibility, and open rates for your transactional and marketing emails. This guide explains everything you need to know from DNS setup to logo requirements and verification so you can earn that verified checkmark for your brand.

What Is BIMI?

BIMI is an email authentication standard that allows brands to display their official logo next to their emails in recipients’ inboxes.
It builds on top of DMARC, SPF, and DKIM, ensuring that only legitimate senders can use a company’s logo.

In short:

• SPF verifies the sending IP address.

• DKIM verifies that the message content has not been tampered with.

• DMARC enforces alignment and policy.

• BIMI adds a visual trust layer using your brand logo.

Why BIMI Matters

• Boosts Trust: The verified logo signals authenticity and reduces phishing risk.

• Increases Open Rates: Emails with visible brand logos stand out in crowded inboxes.

• Enhances Brand Recognition: Your logo appears alongside your sender name across supported email clients.

• Supports Deliverability: BIMI indirectly improves domain reputation through strong authentication.

Email Clients That Support BIMI

BIMI is still growing in adoption but is already supported by major inbox providers.

Currently supported by:

• Gmail (requires a Verified Mark Certificate)

• Yahoo Mail

• Apple Mail (macOS and iOS 16 and above)

• Fastmail

• AOL Mail

Step-by-Step Guide to Getting the Verified Checkmark with BIMI

There are four main steps to implement BIMI correctly:

1. Set up email authentication

2. Create and host your logo in the right format

3. Obtain a Verified Mark Certificate (VMC)

4. Publish your BIMI DNS record

Let’s go through each step in detail.

Step 1: Set Up Email Authentication (SPF, DKIM, and DMARC)

BIMI works only if your email domain passes all authentication checks.

1. Configure SPF

SPF (Sender Policy Framework) ensures that only your authorized servers can send emails on behalf of your domain.

Example DNS TXT record:

v=spf1 include:autosend.com -all

Replace autosend.com with your actual email service provider’s sending domain.

2. Configure DKIM

DKIM (DomainKeys Identified Mail) adds a digital signature to your emails.

Example DKIM DNS record:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhk...

Your ESP (like AutoSend) provides this key.
Add it to your DNS as a TXT record (usually under a selector like default._domainkey.yourdomain.com).

3. Configure DMARC

DMARC enforces alignment between SPF and DKIM. It also tells receiving servers what to do when emails fail authentication.

Example DMARC DNS record:

v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=none; adkim=s; aspf=s

Make sure your policy (p=) is set to quarantine or reject. BIMI will not work if your DMARC policy is set to none.

Step 2: Create and Host a BIMI-Compatible Logo

Your logo must meet BIMI’s strict visual and technical requirements.

Logo Requirements:

• Format: SVG Tiny Portable/Secure (SVG-P/S)

• Shape: Square (1:1 aspect ratio)

• No text or taglines

• Transparent background

• File size: Under 32 KB

If your logo is not in SVG Tiny PS format, you can convert it using Adobe Illustrator or online tools like the BIMI Logo Generator.

Example file name:

https://yourdomain.com/logo.svg

Host this logo on an HTTPS-secured URL without redirects.

Step 3: Obtain a Verified Mark Certificate (VMC)

To show a verified checkmark (especially in Gmail), you will need a VMC, a digital certificate proving that your organization owns the logo and trademark.

How to get a VMC:

1. Register your logo as a trademark with an official authority such as USPTO or EUIPO. This is required before applying for a VMC.

2. Buy a VMC from a trusted certificate authority:

   • Entrust

   • DigiCert

3. Provide your trademark details, logo file, and proof of domain control during verification.

The verification process usually takes 5 to 15 business days. Once approved, you will receive a .pem file that links your domain to your verified brand logo.

Step 4: Publish the BIMI DNS Record

After you have your logo and VMC, publish your BIMI record in DNS.

Example TXT record:

default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/vmc.pem"

Explanation:

• v=BIMI1 → version

• l= → location of your logo

• a= → location of your VMC file

Note: The a= tag is optional for non-VMC implementations, but Gmail requires it for the verified checkmark.

Step 5: Test Your BIMI Setup

You can verify your BIMI configuration with these tools:

• BIMI Inspector

• Valimail BIMI Checker

• MXToolbox BIMI Lookup

These tools check:

• DNS record syntax

• SVG format

• VMC validity

• DMARC enforcement

Once everything passes, your verified logo should appear in Gmail and other supported inboxes within a few days.

Troubleshooting Common BIMI Issues

Problem Cause Solution

Logo not showing:

• Cause: DMARC policy set to none

• Solution: Change it to quarantine or reject

“No VMC found” error

• Cause: Missing or invalid a= tag

• Solution: Add the correct VMC file URL

Incorrect logo size

• Cause: SVG not compliant

• Solution: Use SVG Tiny PS format

No HTTPS

• Cause: Insecure logo hosting

• Solution: Host logo and VMC over HTTPS

How Long Does It Take to Show?

Once your BIMI record is published, it can take up to 7 days for mailbox providers to pick up and display the logo. Gmail may take a few extra days to cache the verification.

The Business Value of BIMI

Implementing BIMI is not just a technical task. It is a brand-building investment.

• Higher engagement: Users are more likely to open verified emails.

• Reduced phishing risk: Impersonators cannot spoof your brand easily.

• Consistent branding: Your logo is visible across inboxes, reinforcing recognition.

• Improved deliverability: Providers trust domains that use BIMI.

TL;DR

To get a verified checkmark in Gmail and other inboxes:

1. Set up SPF, DKIM, and DMARC with strict enforcement.

2. Create a square SVG Tiny PS logo and host it securely on HTTPS.

3. Register your logo as a trademark and obtain a Verified Mark Certificate (VMC).

4. Publish a BIMI DNS TXT record linking your logo and VMC.

5. Test and wait a few days for propagation.

BIMI is becoming the modern trust signal for email, similar to the verified badge on social networks.
By implementing it, you not only protect your brand but also show customers that you care about authenticity and security.

If you are using AutoSend, BIMI setup is straightforward. AutoSend fully supports SPF, DKIM, and DMARC alignment, making it simple to authenticate and verify your domain.

Frequently Asked Questions (FAQ)

1. Does BIMI improve deliverability?

Indirectly, yes. BIMI itself does not guarantee better inbox placement, but it relies on strong authentication. That improved trust and alignment positively impact your domain reputation and overall deliverability.

2. How much does a Verified Mark Certificate (VMC) cost?

A VMC usually costs between $900 and $1,500 per year, depending on the certificate authority. Some providers offer discounts for multi-year subscriptions.

3. Can startups use BIMI without a trademark?

Not if you want the verified checkmark in Gmail. Gmail requires a VMC, and a VMC requires a registered trademark. However, you can still implement BIMI without a VMC to display your logo in clients that support it without verification (such as Yahoo Mail).

4. How long does it take to get verified after publishing BIMI?

After publishing your BIMI DNS record and passing authentication checks, it usually takes 3 to 7 days for the logo and verified checkmark to appear in supported inboxes.

5. What happens if my DMARC policy is set to “none”?

BIMI will not activate. You must change your DMARC policy to quarantine or reject for BIMI to work.

6. Do I need a separate BIMI record for subdomains?

Yes, if you send emails from multiple subdomains, each subdomain should have its own BIMI record and logo configuration.

7. Is BIMI supported in Outlook or Microsoft 365?

Not yet. Microsoft has not implemented BIMI as of now, but it may support it in the future as adoption grows.