Brand logo record for email
DNS & Records
DNS Lookup Every DNS record for any domain A Record Lookup IPv4 addresses for a domain AAAA Record Lookup IPv6 addresses for a domain MX Lookup Mail servers for a domain NS Lookup Authoritative name servers TXT Lookup TXT records, SPF, verification CNAME Lookup Canonical name (alias) records SOA Lookup Start of Authority record SRV Lookup Service location records CAA Lookup Which CAs may issue certificates Reverse DNS (PTR) IP address to hostname DNSSEC Check Is the domain signed and validated? DNS Health Check A full delegation & DNS report cardEmail Deliverability
SPF Check Validate your Sender Policy Framework record DMARC Check Inspect and grade your DMARC policy DKIM Check Find and validate your DKIM public key Blacklist Check Check an IP against email blocklists (DNSBLs) SMTP Test Connect to a mail server and check STARTTLS MTA-STS Check Enforced TLS policy for inbound mail BIMI Check Brand logo record for email TLS-RPT Check SMTP TLS reporting policyNetwork & Web
SSL Certificate Check Inspect a site's TLS certificate and expiry HTTP Header Check Inspect response headers, redirects and security Ping (TCP) Reachability and latency over TCP Port Check Which common ports are openDomain
WHOIS Lookup Registration data for domains, IPs and ASNsBIMI (Brand Indicators for Message Identification) lets a domain publish a logo that supporting inboxes display next to authenticated email. It requires enforced DMARC and, for many providers, a Verified Mark Certificate (VMC). The logo must be an SVG Tiny PS file referenced from a DNS TXT record.
BIMI is published as a DNS TXT record at default._bimi.your-domain. The record carries two tags: l= points to the URL of your logo, an SVG file in the restricted SVG Tiny Portable/Secure profile, and a= points to the URL of a Verified Mark Certificate. Inboxes that support BIMI first check that the message passed DMARC authentication, then retrieve the logo and, where required, validate the VMC before rendering the brand mark beside the sender. No valid DMARC policy means the logo is never shown, regardless of the record.
IPeek shows whether the default._bimi TXT record exists and what its l= and a= tags reference. Confirm the logo URL serves a valid SVG Tiny PS file over HTTPS, since ordinary SVGs with scripts or external references are rejected. Check whether an a= VMC URL is present: Gmail and several others require a VMC, while some providers display a logo without one. Most importantly, verify your DMARC policy is at quarantine or reject with sufficient coverage, because BIMI will not render under a p=none policy no matter how the record is configured.
The top blocker is DMARC: a policy of p=none disqualifies the domain, so move to quarantine or reject first. A logo that is a standard SVG rather than SVG Tiny PS will fail validation, so export it to the correct profile and strip scripts, animations, and external links. A missing or expired VMC stops display in Gmail and Apple Mail even when everything else is correct. Serve both the SVG and the VMC over valid HTTPS, and remember that inboxes cache aggressively, so changes can take time to appear.
Yes. BIMI only works on domains with an enforced DMARC policy of quarantine or reject, and the specific message must pass DMARC authentication. A policy of p=none is not sufficient and the logo will never display. DMARC is the foundation that proves the mail genuinely comes from your domain before any inbox will show your brand mark.
It depends on the provider. Gmail, Apple Mail, and several others require a Verified Mark Certificate, which proves you own a registered trademark for the logo. Some inboxes display a BIMI logo without a VMC, but to reach the largest mailbox providers you generally need one. The VMC URL goes in the a= tag of your BIMI record.
BIMI requires SVG Tiny Portable/Secure, abbreviated SVG Tiny PS, a tightly restricted SVG profile. It must use a square aspect ratio, a solid background, and no scripts, animations, or external references. Standard SVGs exported from design tools usually fail validation, so convert your logo to the SVG Tiny PS profile and serve it over HTTPS.
Publish a DNS TXT record at default._bimi.your-domain. The record contains a v=BIMI1 version tag, an l= tag with the HTTPS URL of your SVG Tiny PS logo, and optionally an a= tag with the URL of your Verified Mark Certificate. You can use other selectors besides default, but default._bimi is the one most inboxes check.
The usual cause is a DMARC policy still set to p=none rather than quarantine or reject, which disqualifies the domain. Other common reasons are a logo that is not valid SVG Tiny PS, a missing or expired VMC where the provider requires one, or HTTPS errors on the logo or certificate URL. Inbox caching can also delay a correct logo from appearing.