BIMI Checker

Why inspect your BIMI record?

A misconfigured BIMI record in DNS can:

• Prevent display of your logo in Gmail, Yahoo and Apple Mail
• Be silently ignored without any alert from webmails
• Expose issues with your SVG logo or VMC certificate

The BIMI inspector (BIMI record checker, BIMI lookup) queries DNS in real time to show exactly what receiving servers see. You detect publication errors before they impact your brand image.

Common use cases:

• After publication → Verify the record is correctly propagated
• Logo not displaying → Diagnose why your brand doesn't appear
• Brand audit → Validate a domain's BIMI configuration

How to use the BIMI inspector in 3 steps

Step 1: Enter the domain to analyze

Enter the domain exactly as it appears in your email addresses:

• captaindns.com (main domain)
• marketing.captaindns.com (subdomain if sending from a subdomain)

The tool automatically queries default._bimi.domain and retrieves the published TXT record.

Step 2: Analyze results

The inspector displays:

Step 3: Fix alerts

Results are classified by severity level:

• ❌ Error → Blocking issue, logo will not display
• ⚠️ Warning → Functional but improvement recommended
• ✅ Valid → Correct configuration

Fix errors in your DNS, wait for propagation, then rerun the inspection.

What is BIMI?

BIMI (Brand Indicators for Message Identification) is a protocol that:

1. Displays your logo in recipients' inboxes
2. Strengthens trust in your brand among users
3. Requires DMARC with an enforced policy (quarantine or reject)

The BIMI record is published as a TXT record at default._bimi.yourdomain.com.

Example BIMI record:

v=BIMI1; l=https://cdn.captaindns.com/bimi/logo.svg; a=https://cdn.captaindns.com/bimi/vmc.pem

This record indicates:

• BIMI1 version (only valid value)
• SVG logo accessible via HTTPS
• VMC certificate for webmails that require it

What the BIMI inspector checks

DNS Resolution

Logo validation

VMC validation

DMARC verification

Common diagnostics and solutions

BIMI_NOT_FOUND - Record missing

Cause: No TXT record exists at default._bimi.yourdomain.com

Solution:

1. Create a TXT record at default._bimi.yourdomain.com
2. Minimum content: v=BIMI1; l=https://your-logo-url.svg
3. Publish and wait for DNS propagation

BIMI_LOGO_NOT_FOUND - Logo inaccessible

Cause: The logo URL doesn't respond or isn't accessible

Solution:

1. Verify the URL is correct and publicly accessible
2. Confirm the server responds via HTTPS without authentication
3. Test the URL directly in a browser

BIMI_LOGO_NOT_TINYPS - Non-compliant logo

Cause: The SVG logo contains elements prohibited by the Tiny-PS profile

Solution:

1. Use the BIMI Syntax Validator to identify issues
2. Remove scripts, external references, foreignObject
3. Ensure you have a square viewBox

BIMI_VMC_EXPIRED - Expired certificate

Cause: The VMC certificate has passed its validity date

Solution:

1. Renew the certificate with your certificate authority
2. Update the VMC file on your server
3. Verify the URL in the a= tag points to the new certificate

DMARC_POLICY_NONE - Insufficient DMARC policy

Cause: DMARC policy is set to p=none

Solution:

1. Move to p=quarantine to start
2. Once stable, move to p=reject for maximum protection
3. BIMI will only work with an enforced policy

Prerequisites for working BIMI

1. DMARC with enforced policy

_dmarc.yourdomain.com TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com"

• p=none → BIMI ignored
• p=quarantine → BIMI functional
• p=reject → BIMI functional + maximum protection

2. Aligned SPF and DKIM

• From address must match SPF domain
• From address must match DKIM domain
• Alignment can be relaxed or strict

3. Compliant SVG logo

• SVG Tiny-PS format
• Square viewBox present
• No scripts, no external references
• Hosted via HTTPS without authentication

4. Valid VMC (optional but recommended)

• Issued by DigiCert or Entrust
• Not expired
• Covers the BIMI domain
• Logo in VMC matches BIMI logo

FAQ - Frequently asked questions

Q: What's the difference between the BIMI inspector and syntax validator?

A: The BIMI inspector queries DNS to verify the published record on your domain. The syntax validator analyzes a record you paste before publishing it. Recommended workflow: validator → publication → inspector.

Q: What does "BIMI record not found" mean?

A: No TXT record exists at default._bimi.yourdomain.com. Create a TXT record with at minimum:

v=BIMI1; l=https://your-logo-url.svg

Q: Why doesn't my logo display despite a valid record?

A: Check your DMARC policy. BIMI requires p=quarantine or p=reject. With p=none, webmails ignore BIMI even if the record is perfect. Also verify SPF and DKIM are properly aligned.

Q: What does "logo not Tiny-PS compliant" mean?

A: The SVG logo contains elements prohibited by the BIMI profile:

• JavaScript scripts
• References to external resources
• <foreignObject> elements
• External embedded fonts

Use the BIMI syntax validator to identify specific issues.

Q: Is VMC mandatory for BIMI?

A: Technically no, but in practice yes for most webmails. Gmail, Yahoo and Apple Mail require a valid VMC to display the logo. Without VMC, only some providers will show your brand.

Q: How long to see BIMI changes?

A: DNS propagation depends on the record's TTL (Time To Live):

• TTL 3600 (1h) → 1-4 hours
• TTL 86400 (24h) → 24-48 hours

Webmails also cache logos for several hours to several days.

Q: Does the inspector also check DMARC, SPF and DKIM?

A: The inspector checks DMARC presence and policy since it's a BIMI prerequisite. For complete email authentication verification:

• DMARC Inspector → DMARC policy
• SPF Inspector → SPF record
• DKIM Inspector → DKIM public key

Complementary tools

Useful resources

• BIMI Group - Official specifications (BIMI consortium)
• Google - BIMI requirements (Gmail guide)
• DigiCert VMC (get a certificate)
• Entrust VMC (get a certificate)
• SVG Tiny PS Profile (W3C)