Skip to main content

BIMI Checker

BIMI check with DNS lookup, SVG Tiny-PS logo validation and VMC inspection

Enter your domain to run a complete BIMI check. The tool performs a DNS lookup on default._bimi.<domain>, downloads the SVG logo, parses the VMC certificate and verifies the strict DMARC prerequisite. Score 0 to 100, six dimensions evaluated, actionable recommendations.

Free BIMI Hosting

Host your SVG logo and VMC certificate for free. We generate the BIMI DNS record for you.

Try BIMI Hosting

What this tool does

The BIMI Checker runs four chained operations on the domain you submit:

  • DNS lookup on default._bimi.<domain> to retrieve the TXT record and detect duplicates or a forbidden CNAME.
  • SVG logo download and validation pointed by the l= tag: format, SVG Tiny-PS compliance (RFC 9043), square viewBox, reasonable size.
  • VMC download and parsing pointed by the a= tag: issuing authority, validity period, BIMI trustmark presence, expiry date.
  • DMARC lookup on _dmarc.<domain> to verify the strict prerequisite (p=quarantine or p=reject with pct=100).

The result aggregates findings into a 0 to 100 score, six dimensions, priority-sorted recommendations and a compact VMC card.

How BIMI works

BIMI (Brand Indicators for Message Identification, RFC 9043) lets a domain associate its official logo with the messages it sends. Three components must align:

  1. A DNS TXT record published at default._bimi.<domain> in the form v=BIMI1; l=<svg_logo_url>; a=<vmc_url> (the a= tag is optional per the spec but required in practice).
  2. An SVG logo compliant with the Tiny-PS profile: square viewBox, no scripts, no external references, no unauthorized embedded fonts.
  3. A VMC or CMC certificate (Verified Mark Certificate or Common Mark Certificate) issued by DigiCert or Entrust, signed by a recognized mark CA, containing a "BIMI Indicator Trustmark" OID.

The non-negotiable prerequisite: the domain's DMARC policy must be p=quarantine or p=reject with pct=100. With p=none or a partial pct, Gmail, Apple Mail and Yahoo do not display the logo regardless of how clean the BIMI record is.

DKIM or SPF alignment (depending on adkim and aspf modes) is still required on the sending side so messages pass DMARC and trigger logo rendering.

When to use the BIMI Checker

  • After DNS publication to confirm the record has propagated and is readable by receivers.
  • When the logo does not appear in Gmail, Apple Mail or Yahoo despite a supposedly complete deployment.
  • Before the annual VMC renewal to measure remaining lifetime and plan ordering with the CA.
  • Brand audit on a secondary domain (marketing subdomain, subsidiary domain) before publication.
  • End-to-end verification (record, logo, VMC, DMARC) after a logo vendor or CA migration.

The six score dimensions

DimensionWeightWhat is measured
Record20 ptsTXT presence at default._bimi.<domain>, no duplicate, no CNAME
Syntax15 ptsRecognized tags (v=BIMI1, l=, a=), valid HTTPS URLs
Strict DMARC20 ptsp=quarantine or p=reject with pct=100 on the analysed domain
Logo20 ptsSuccessful fetch and SVG Tiny-PS compliance (RFC 9043)
VMC15 ptsSuccessful fetch, not expired, BIMI trustmark present
Hygiene10 ptsReasonable URLs, optional sha256, DKIM/SPF alignment

A syntactically invalid record caps the score at 30. A DMARC policy at p=none also caps at 30 and forces the critical verdict: the BIMI chain is technically published but inoperative.

Common diagnostics and fixes

Record missing

The tool found no TXT at default._bimi.<domain>. Create the record with at minimum v=BIMI1; l=https://captaindns.com/bimi/logo.svg. Publish in DNS and wait for propagation.

DMARC too loose

The tool detects p=none or a pct below 100. BIMI is inoperative on Gmail, Apple Mail and Yahoo. Tighten the DMARC policy, ideally to p=reject; pct=100, after an observation phase using rua reports.

VMC missing

The a= tag is absent from the record while l= is present. Modern renderers require a VMC to display the logo. Order a VMC from DigiCert or Entrust (expect USD 1000 to 1500 per year and 2 to 4 weeks of vetting), host the PEM over HTTPS and add a=<url> to the record.

Logo not compliant

The downloaded SVG contains forbidden elements (scripts, foreignObject, external references, non-square viewBox). Use the BIMI Validator to identify each item to fix, then republish the cleaned-up SVG.

VMC expiring soon

The valid certificate expires within 60 days. Plan the renewal with the CA ahead of time. An expired VMC instantly suppresses logo rendering with no alert on the webmail side.

Limitations and technical notes

  • Webmail logo caching: a logo change may take several days to appear for recipients. This is not a BIMI bug but a caching behavior.
  • Selector: the spec allows selectors other than default via the BIMI-Selector header. This tool queries default._bimi.<domain>, which covers almost all deployments.
  • CMC versus VMC: Common Mark Certificates (non-registered marks) are supported only by some webmails. The VMC remains the reference for Gmail and Yahoo.
  • DKIM signature: the a= tag in the BIMI record points to the VMC, not a DKIM key. Do not confuse the two components.
  • Apple Mail displays the BIMI logo even without a VMC when DMARC is strict, unlike Gmail and Yahoo.
ToolPurpose
BIMI ValidatorValidate a BIMI record syntax before DNS publication
BIMI GeneratorBuild a compliant BIMI record from scratch
BIMI SVG ConverterConvert an SVG into the BIMI Tiny-PS profile
BIMI HostingHost the SVG logo and VMC for free
DMARC Record CheckCheck the DMARC policy, the indispensable BIMI prerequisite

Frequently asked questions

Q: Why is my BIMI logo not showing?

A: Five common causes: DMARC policy is p=none or pct is below 100, the VMC certificate is missing or expired, the SVG logo is not SVG Tiny-PS compliant (scripts, external references, non-square viewBox), the logo URL is not reachable over HTTPS, or the BIMI record itself is not published at default._bimi.<domain>. The BIMI Checker diagnoses each of these.


Q: What is the difference between BIMI Checker and BIMI Validator?

A: The Checker queries DNS to inspect the published record on your domain, downloads the logo and VMC, verifies DMARC. The Validator analyses the syntax of a record you paste before publishing. Recommended workflow: Validator before publication, Checker after.


Q: What does the 0 to 100 score mean?

A: The score measures BIMI-readiness, i.e. the likelihood that the logo will render in Gmail, Apple Mail and Yahoo. 90 to 100 = inbox-ready. 75 to 89 = correct configuration with minor adjustments. 50 to 74 = blockers to address (missing VMC, DMARC not strict). Below 50 or invalid state = critical.


Q: Which six dimensions are evaluated?

A: Record (DNS presence, 20 points), syntax (parseable record, 15 points), strict DMARC (p=quarantine or p=reject with pct=100, 20 points), logo (SVG Tiny-PS compliant, 20 points), VMC (valid certificate, not expired, with trustmark, 15 points), hygiene (reasonable URLs, sha256, alignment, 10 points).


Q: Is a VMC mandatory for BIMI?

A: RFC 9043 does not require it, but Gmail and Yahoo will not display the logo without a valid Verified Mark Certificate. Apple Mail accepts a deployment without VMC. Without a VMC, the logo stays hidden for the majority of recipients.


Q: What does the tool check about DMARC?

A: The tool performs a lookup on _dmarc.<domain>, reads the p policy, pct, the subdomain policy sp and the alignment modes. The BIMI prerequisite is p=quarantine or p=reject with pct=100. Anything below caps the BIMI score at 30 and triggers a critical recommendation.


Q: What does 'logo not Tiny-PS compliant' mean?

A: The SVG logo contains elements prohibited by the SVG Tiny PS profile defined in RFC 9043: JavaScript scripts, foreignObject elements, external references (xlink:href to other URLs), unauthorized embedded fonts, or a non-square viewBox. The BIMI Validator lists each item to fix.


Q: How long until BIMI changes show up?

A: Two delays stack: DNS propagation (1 to 4 hours with TTL 3600, 24 to 48 hours with TTL 86400) and webmail logo cache (several hours to several days). Reduce the TTL before any change to speed up propagation.

Useful resources