--- title: "Avoiding common BIMI pitfalls: What goes wrong and how to fix it | DuoCircle" description: "BIMI deployments fail for a few recurring reasons: VMC certificate gaps, SVG profile errors, weak DMARC enforcement, and bad DNS records. How to fix each." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/" --- Quick Answer Common BIMI failures: DMARC policy still at p=none (BIMI requires quarantine or reject with enforcement), logo not in SVG Tiny 1.2 PS format, BIMI TXT record missing or wrong selector, no VMC for inbox providers that require one, and email clients that do not support BIMI. Failures are silent: mail still delivers, the logo just does not render. Avoiding common BIMI pitfalls: What goes wrong and how to fix it Your browser does not support the audio element. [ Download episode](https://media.mailhop.org/duocircle/images/2025/06/Avoiding-common-BIMI-pitfalls-What-goes-wrong-and-how-to-fix-it.mp3) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdmarc%2Favoiding-bimi-pitfalls-common-errors-and-how-to-fix-them%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Avoiding%20common%20BIMI%20pitfalls%3A%20What%20goes%20wrong%20and%20how%20to%20fix%20it&url=undefined%2Fblog%2Fdmarc%2Favoiding-bimi-pitfalls-common-errors-and-how-to-fix-them%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdmarc%2Favoiding-bimi-pitfalls-common-errors-and-how-to-fix-them%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdmarc%2Favoiding-bimi-pitfalls-common-errors-and-how-to-fix-them%2F&title=Avoiding%20common%20BIMI%20pitfalls%3A%20What%20goes%20wrong%20and%20how%20to%20fix%20it "Share on Reddit") [ ](mailto:?subject=Avoiding%20common%20BIMI%20pitfalls%3A%20What%20goes%20wrong%20and%20how%20to%20fix%20it&body=Check out this article: undefined%2Fblog%2Fdmarc%2Favoiding-bimi-pitfalls-common-errors-and-how-to-fix-them%2F "Share via Email") ![BIMI](https://media.mailhop.org/duocircle/images/2025/06/spf-permerror-0123.jpg) [BIMI](/resources/what-is-bimi) (Brand Indicators for Message Identification) does one simple task, showing your brand logo next to your emails in the recipients’ inboxes. But getting there? Not so much. You might think it’s easy to get your logo to be displayed next to your emails, but unfortunately, it’s nothing like **setting a profile picture**. BIMI is an [email security](/content/email-security-services) protocol that works to **reinforce your brand identity**, but it only does its job if it is configured correctly. That means your domain needs to have other authentication protocols, such as [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), DKIM, and DMARC, in place with a strict DMARC policy. Then there’s the logo itself: it has to be very specific. There are a lot of other things that you must cater to if you want your logo to appear next to your emails. But what if you don’t meet one or more requirements? Well, your logo simply won’t show up. _If something is off, even a minor misconfiguration, BIMI doesn’t provide a clear error_. There’s no alert, no bounce, nothing obvious. Your emails will still go out, but the [brand presence](https://fitsmallbusiness.com/brand-presence/) you were aiming for won’t be there. [![error](https://media.mailhop.org/duocircle/images/2025/06/spf-record-checker-7554.jpg)](https://media.mailhop.org/duocircle/images/2025/06/spf-record-checker-7554.jpg) ## Why is your BIMI logo not showing up? If you think you have **followed the rule book**, yet your logo isn’t showing up, you likely missed a step or followed it incorrectly. Before we go on to fixing the problem, let’s identify the reasons that might be causing this problem in the first place. ### Your DMARC policy is too relaxed Even though you have configured SPF and DKIM for your domain, if your [DMARC policy](/resources/dmarc-policy) is set to “none”, BIMI just won’t work, and your logo won’t be published. Since the “none” policy offers no real protection, your domain isn’t seen as **enforcing authentication** by the receiving servers. ### The SVG logo format isn’t correct Your logo may look fine, but even minor issues in the file can still cause problems. It may not be in the exact **SVG Tiny 1.2 format**, or it may include elements that aren’t allowed, such as extra code or styles. These mistakes don’t always show up, but they can stop your logo from appearing. If you are unsure of your logo’s formatting, you can always double-check it using a BIMI validator. [![verified email](https://media.mailhop.org/duocircle/images/2025/06/spf-record-check-7554.jpg)](https://media.mailhop.org/duocircle/images/2025/06/spf-record-check-7554.jpg) ### The logo isn’t hosted on HTTPS Your logo file must be **hosted on a secure link** that starts with https://. If it’s hosted on an insecure link (http), or if the link is broken or private, email providers won’t be able to access it. And your logo won’t show up even if the file itself is correct. ### You don’t have a Verified Mark Certificate (VMC) Some email providers, particularly **Gmail and Apple Mail**, require a VMC to display your logo. This certificate confirms that you legally own the logo. If you haven’t set up a VMC, your logo won’t show in these inboxes, even if everything else is set up correctly. [![email providers](https://media.mailhop.org/duocircle/images/2025/06/spf-record-7554.jpg)](https://media.mailhop.org/duocircle/images/2025/06/spf-record-7554.jpg) ## What do you need for BIMI to work? _One thing’s clear: for BIMI to work, it takes more than uploading your logo, and it does much more than just making your emails look pretty_. BIMI is built on top of strong [email authentication](/resources/email-authentication). It only works when your domain proves that it’s secure, trustworthy, and properly configured. The BIMI implementation process involves domain selection and logo approval, which must be sequentially organised and thoroughly reviewed. [PMP Certification Online](https://staragile.com/project-management/pmp-certification-training) professionals can efficiently manage such complex implementations because they use orderly work processes, comply with corporate regulations, mitigate risks, and communicate effectively with stakeholders. Here’s what you need to have in place: ### Valid SPF and DKIM records To use BIMI, your domain needs to prove that it sends safe, verified emails. You can do this by configuring SPF and [DKIM](/resources/what-is-dkim) for your sending domain. With SPF, you list the [mail servers](https://www.techtarget.com/whatis/definition/mail-server-mail-transfer-transport-agent-MTA-mail-router-Internet-mailer) that are allowed to send emails on your behalf. And with DKIM, each email is given a [digital signature](https://www.techtarget.com/searchsecurity/definition/digital-signature) that helps verify it hasn’t been changed. Once you have them both in place, the receiving server can confirm that the email is really from you, which is the **first step for BIMI to work**. ### A strict DMARC policy (quarantine or reject) Think of BIMI as the top layer of your authentication setup; it only works if the layers below are solid. One of these layers is [DMARC](/resources/what-is-dmarc), which connects SPF and DKIM and instructs receiving servers on how to handle emails that fail these checks. So, for BIMI to work, your DMARC policy must be set to either “**quarantine” or “reject**”. This shows that your domain actively enforces email authentication. A relaxed policy like “none” does not work because it doesn’t take any action against failed emails, which means your domain isn’t seen as fully protected. ### An SVG logo in Tiny 1.2 format BIMI has very specific requirements for logos. To make your logo appear next to your emails, it must be in SVG Tiny 1.2 format. Moreover, the logo has to be clean, square, and **meet strict formatting rules**. _That means no embedded text, no scripts, no external styles, and no unnecessary code_. The file should not be too heavy and should follow BIMI guidelines exactly. Even small formatting mistakes can prevent the logo from being accepted. ### A Verified Mark Certificate (VMC) A [Verified Mark Certificate](https://www.digicert.com/faq/email-trust/what-is-a-verified-mark-certificate) is a digital certificate that proves you actually own the logo you’re trying to display. You can obtain it from any trusted authority, like DigiCert or Entrust, just as the government issues your passport. Without it, inboxes like **Gmail and Apple Mail** won’t show your logo, even if you’ve done everything else right. So, even if everything else is perfectly set up, your logo won’t appear in those inboxes without this certificate. [![VMC Certificate](https://media.mailhop.org/duocircle/images/2025/06/what-is-dkim-0012.jpg)](https://media.mailhop.org/duocircle/images/2025/06/what-is-dkim-0012.jpg) We must say that getting a VMC takes a bit of work; you’ll need to have a trademarked logo and go through a verification process. But it’s one of the final steps in making your **BIMI setup complete**. ## So, what’s next? Publishing your logo next to your emails is not just another **marketing tactic**; it’s about telling your recipients that the email is really from you. Now, this builds trust and reinforces your brand image. _So, if you’re ready to up your authentication game while also making your emails stand out, BIMI is certainly worth the effort, even if the setup takes a bit of work_. If you want to streamline your **BIMI configuration**, our team at [DuoCircle](/) is here to help! ## Topics DKIMDMARCemail securitySecurityspf ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ DMARC 3m Can threat actors bypass DMARC? Feb 21, 2025 ](/blog/dmarc/can-threat-actors-bypass-dmarc/)[ DMARC 7m Cloudflare’s new SPF, DKIM, and DMARC requirements Jul 18, 2025 ](/blog/dmarc/cloudflares-new-spf-dkim-and-dmarc-requirements/)[ DMARC 6m Deploying DMARC the right way: Here’s what MSPs and enterprises should know Feb 26, 2026 ](/blog/dmarc/deploying-dmarc-correctly-what-msps-and-enterprises-must-know/)[ DMARC 3m DMARC alignment basics: Ensuring SPF and DKIM work together Aug 28, 2025 ](/blog/dmarc/dmarc-alignment-basics-ensuring-spf-and-dkim-work-together/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Avoiding common BIMI pitfalls: What goes wrong and how to fix it","description":"BIMI deployments fail for a few recurring reasons: VMC certificate gaps, SVG profile errors, weak DMARC enforcement, and bad DNS records. How to fix each.","url":"https://www.duocircle.com/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/","datePublished":"2025-06-24T14:36:12.000Z","dateModified":"2025-07-23T13:07:17.000Z","dateCreated":"2025-06-24T14:36:12.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/"},"articleSection":"dmarc","keywords":"DKIM, DMARC, email security, Security, spf","wordCount":1091,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/06/spf-permerror-0123.jpg","caption":"BIMI","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"DMARC"},{"@type":"ListItem","position":3,"name":"Avoiding common BIMI pitfalls: What goes wrong and how to fix it","item":"https://www.duocircle.com/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"DMARC","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Avoiding common BIMI pitfalls: What goes wrong and how to fix it","item":"https://www.duocircle.com/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Avoiding common BIMI pitfalls: What goes wrong and how to fix it","description":"BIMI deployments fail for a few recurring reasons: VMC certificate gaps, SVG profile errors, weak DMARC enforcement, and bad DNS records. How to fix each.","url":"https://www.duocircle.com/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/","datePublished":"2025-06-24T14:36:12.000Z","dateModified":"2025-07-23T13:07:17.000Z","dateCreated":"2025-06-24T14:36:12.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/"},"articleSection":"dmarc","keywords":"DKIM, DMARC, email security, Security, spf","wordCount":1091,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/06/spf-permerror-0123.jpg","caption":"BIMI","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```