Why validate BIMI syntax before publication?
A malformed BIMI record or non-compliant logo is silently ignored by webmail clients. Gmail, Yahoo, Apple Mail: none will alert you that your brand isn't displaying. Your emails arrive without the trust logo you expected.
The BIMI syntax validator analyzes your record before DNS publication. It downloads the logo, verifies Tiny-PS compliance and inspects the VMC. You detect errors immediately.
Common issues detected:
- Invalid v= tag → Record not recognized as BIMI
- Non-compliant Tiny-PS logo → Rejected by webmail clients
- Expired or invalid VMC → Logo not displayed even if record is correct
- Non-HTTPS URL → Automatic rejection per BIMI specifications
How to validate your BIMI record in 3 steps
Step 1: Prepare the BIMI record
Prepare your complete BIMI record. Standard structure:
v=BIMI1; l=https://brand.captaindns.com/logo.svg; a=https://brand.captaindns.com/vmc.pem
Components:
v=BIMI1→ Protocol version (required)l=→ HTTPS URL of Tiny-PS compliant SVG logo (required)a=→ HTTPS URL of VMC certificate (optional but recommended)
Step 2: Paste and validate
Paste the record into the field above. The tool:
- Parses v, l, a tags
- Downloads the SVG logo from the specified URL
- Analyzes Tiny-PS compliance
- Downloads and inspects VMC if present
- Generates a comprehensive report with status per element
Step 3: Fix and publish
The diagnostic shows for each element:
- ✅ Valid → Ready for publication
- ❌ Error → Correction required before publication
- ⚠️ Warning → Functional but improvement recommended
Fix errors, validate again, then publish to default._bimi.yourdomain.com.
What is BIMI?
BIMI (Brand Indicators for Message Identification) displays your brand logo in recipients' inboxes. When your emails pass DMARC authentication, compatible webmail clients retrieve and display your logo.
BIMI prerequisites:
- DMARC configured with
quarantineorrejectpolicy - SPF and DKIM properly aligned
- SVG logo compliant with Tiny-PS profile
- VMC (optional but required by Gmail/Yahoo/Apple Mail)
Example BIMI record:
v=BIMI1; l=https://cdn.captaindns.com/bimi/logo.svg; a=https://cdn.captaindns.com/bimi/vmc.pem
The record is published as TXT on default._bimi.yourdomain.com.
BIMI tag validation details
Tags and accepted values
| Tag | Required | Description |
|---|---|---|
| v | Yes | Protocol version. Only valid value: BIMI1 |
| l | Yes | HTTPS URL of Tiny-PS compliant SVG logo |
| a | No | HTTPS URL of VMC (Verified Mark Certificate) |
URL constraints
- HTTPS protocol required (HTTP rejected)
- No redirects to different domains
- Correct Content-Type (
image/svg+xmlfor logo,application/pkix-certfor VMC) - Public accessibility without authentication
SVG Tiny-PS logo validation
Tiny-PS profile requirements
The SVG logo must comply with the SVG Tiny Portable/Secure profile defined by BIMI:
| Criterion | Requirement |
|---|---|
| Format | SVG (not PNG, JPEG, WebP) |
| viewBox | Present and square (e.g., viewBox="0 0 100 100") |
| width/height | Absent or equal |
| Scripts | Prohibited (no <script>, onclick, etc.) |
| External references | Prohibited (no <image href="...">, <use>) |
| foreignObject | Prohibited |
| External fonts | Prohibited |
| Raster data URIs | Prohibited |
Common logo errors
| Error code | Cause | Solution |
|---|---|---|
BIMI_LOGO_NOT_SVG | File is not SVG | Convert to vector SVG |
BIMI_LOGO_NOT_TINYPS | Logo not Tiny-PS compliant | Remove scripts, external refs |
BIMI_LOGO_URL_INVALID | Malformed or non-HTTPS URL | Fix URL with https:// |
BIMI_LOGO_REDIRECT | Redirect detected | Use direct final URL |
BIMI_LOGO_DATA_URI | Data URI instead of URL | Host logo on a server |
VMC certificate validation
What the tool checks
| Check | Description |
|---|---|
| Accessibility | Certificate is downloadable |
| PEM format | Valid certificate structure |
| Validity dates | Not expired, not yet revoked |
| Issuing authority | Recognized CA (DigiCert, Entrust) |
| Domain consistency | Certificate covers the BIMI domain |
Common VMC errors
| Error code | Cause | Solution |
|---|---|---|
BIMI_VMC_URL_INVALID | Inaccessible or malformed URL | Check VMC hosting |
BIMI_VMC_EXPIRED | Expired certificate | Renew with CA |
BIMI_VMC_UNTRUSTED_CA | Unrecognized CA | Use DigiCert or Entrust |
BIMI_VMC_LOGO_MISMATCH | VMC logo ≠ BIMI logo | Use same logo everywhere |
DMARC prerequisites for BIMI
BIMI only works if DMARC is properly configured:
| Requirement | Detail |
|---|---|
| DMARC record | Present at _dmarc.yourdomain.com |
| Policy | p=quarantine or p=reject (not none) |
| SPF alignment | From address matches SPF domain |
| DKIM alignment | From address matches DKIM domain |
Important: With p=none, webmail clients ignore BIMI even if the record is perfect.
BIMI deployment best practices
1. Prepare the logo correctly
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100">
<!-- Simple vector logo, no scripts, no external refs -->
<circle cx="50" cy="50" r="45" fill="#4F46E5"/>
<text x="50" y="60" text-anchor="middle" fill="white" font-size="24">B</text>
</svg>
Logo checklist:
- Vector SVG format
- Square viewBox present
- No JavaScript scripts
- No external references
- No external embedded fonts
- Opaque background (no transparency)
2. Host on reliable CDN
- Stable, permanent URL
- HTTPS with valid certificate
- No redirects
- Content-Type:
image/svg+xml - Long cache (logo rarely changes)
3. Configure DMARC before BIMI
Recommended progression:
- SPF + DKIM configured and functional
- DMARC p=none → Monitor reports
- DMARC p=quarantine → Test progressively
- DMARC p=reject → Maximum protection
- BIMI → Logo visible after DMARC enforced
4. VMC for major brands
VMC is essential for Gmail, Yahoo and Apple Mail. Process:
- Trademark registered with recognized office
- VMC request from DigiCert or Entrust
- Identity and trademark ownership verification
- Certificate issuance (2-4 weeks)
- Hosting and reference in
a=tag
FAQ - Frequently asked questions
Q: Which BIMI tags are required?
A: Two tags are required: v=BIMI1 (version) and l= (logo URL). The a= tag (VMC) is optional but required by Gmail, Yahoo and Apple Mail to display the logo.
Q: What is the SVG Tiny-PS profile?
A: Tiny-PS (Tiny Portable/Secure) is a secure SVG subset required by BIMI. It prohibits:
- JavaScript scripts
<foreignObject>elements- External fonts
- References to external resources
- Data URIs containing raster images
Q: Why is my SVG logo rejected?
A: Common causes:
- PNG/JPEG format instead of vector SVG
- JavaScript scripts or events present
- References to external images or fonts
- Missing or non-square viewBox
- Incorrect Content-Type on server (
image/svg+xmlrequired)
Q: Is the VMC certificate mandatory?
A: Technically no, but in practice yes. Gmail, Yahoo and Apple Mail (which represent the majority of email inboxes) require a valid VMC to display the BIMI logo.
Q: How do I get a VMC certificate?
A: VMCs are issued by certified authorities (DigiCert, Entrust). You must:
- Own a trademark registered with a recognized office
- Prove ownership of that trademark
- Pass the CA's identity verification
Cost: approximately $1,000-1,500/year. Timeline: 2-4 weeks.
Q: Why validate before DNS publication?
A: Webmail clients silently ignore invalid BIMI records. You receive no alert, but your logo doesn't display. Pre-validation prevents deployment errors.
Q: Does the validator check DMARC policy?
A: No, this tool only validates BIMI syntax. BIMI requires DMARC with p=quarantine or p=reject. Use the DMARC Inspector to verify your policy.
Complementary tools
| Tool | Purpose |
|---|---|
| BIMI Inspector | Verify BIMI record published in DNS |
| BIMI Generator | Generate a valid BIMI record for your domain |
| DMARC Inspector | Verify DMARC policy (BIMI prerequisite) |
| SPF Inspector | Validate associated SPF record |
| DKIM Inspector | Verify DKIM public key |
| Email Tester | Test complete authentication with a real email |
Useful resources
- BIMI Group - Official specifications (BIMI consortium)
- SVG Tiny PS Profile (W3C)
- DigiCert VMC (get a certificate)
- Entrust VMC (get a certificate)
- Google - BIMI requirements (Gmail guide)