HomeToolsNetwork & DNS › BIMI Record Checker

BIMI Record Checker — Verify Your Brand Logo in Email

Email auth

Check whether your domain's BIMI record is published at default._bimi.{domain}. Instantly see the logo URI, authority evidence URL, and whether the record is correctly formed.

Enter a domain to look up the BIMI record.

Complete your email security audit: SPF Checker DMARC Checker DKIM Lookup SSL Checker

About BIMI Record Checker

BIMI (Brand Indicators for Message Identification) is a DNS standard that lets email senders publish a verified brand logo for display next to authenticated emails in supporting clients — including Gmail, Apple Mail, and Yahoo Mail. To implement BIMI, your domain must have a valid DMARC policy at enforcement level (p=quarantine or p=reject), a published BIMI TXT record at default._bimi.{domain}, and optionally a Verified Mark Certificate (VMC) for authority evidence. This checker queries the default._bimi subdomain for your domain's TXT record, parses the key-value pairs (v=BIMI1, l= for logo URI, a= for authority evidence), and reports whether a valid record exists. Use it to confirm your BIMI record propagated correctly, diagnose missing or malformed values, and verify that your logo URI is a valid HTTPS URL pointing to an SVG file.

How BIMI works

When a mail client like Gmail receives a message, it checks three things before showing your logo: (1) the message passes DMARC with p=quarantine or p=reject, (2) a BIMI TXT record exists at default._bimi.yourdomain.com, and (3) — for Gmail specifically — the a= tag points to a valid Verified Mark Certificate (VMC) from an approved authority (DigiCert or Entrust). If all three are satisfied, your brand logo appears in the inbox next to the sender name.

BIMI logo requirements

The logo pointed to by the l= tag must be a Tiny PS (Tiny Portable/Secure) SVG file served over HTTPS. Standard SVGs or rasterised images (PNG, JPG) are not supported. The Tiny PS SVG profile is a subset of SVG 1.2 that removes JavaScript, external references, and other security-sensitive features. Most major email clients validate the SVG format before rendering the logo, so a malformed file results in no logo being shown even if the BIMI record is otherwise correct.

Completing the email security quintet

BIMI sits at the top of the email authentication stack. The full chain is: SPF (which IPs can send) → DKIM (cryptographic signature per message) → DMARC (enforcement policy tying SPF and DKIM to the From domain) → BIMI (brand logo once DMARC enforcement is confirmed). Use our SPF Checker, DKIM Lookup, DMARC Checker, and SSL Checker alongside this tool for a complete email security audit.

Common use cases

  • Verifying BIMI after initial DNS setup — An email marketer has published a BIMI TXT record and wants to confirm it propagated to the public resolver. They enter their domain in the BIMI Checker and immediately see the logo URI and authority evidence URL extracted from the live DNS record — confirming propagation without waiting for Gmail to display the logo in a real inbox.
  • Diagnosing missing logo display in Gmail — A brand manager notices their company logo isn't appearing in Gmail despite having a BIMI record. The BIMI Checker shows the record exists and v=BIMI1 is present, but the a= tag is absent — meaning no VMC is linked. This confirms Gmail will not display the logo (Gmail requires VMC) even though Yahoo Mail and Apple Mail might.
  • Checking BIMI propagation after a record update — After updating the logo URI in the BIMI record to point to a new SVG file, an IT admin uses the checker to confirm the new l= value is live in DNS — bypassing local DNS cache to see what the public resolver currently returns.
  • Auditing email security stack completeness — A security engineer is auditing a client's email authentication setup. After confirming SPF, DKIM, and DMARC pass, they check BIMI last. The checker shows no record at default._bimi.example.com, confirming the client has not yet published a BIMI record — the engineer adds it to the remediation list.

How to use this tool

  1. Enter your domain name (e.g., example.com) in the input field.
  2. Click "Check BIMI Record" to query default._bimi.{domain} from our server.
  3. Review the parsed record values: logo URI (l=) and authority evidence URL (a=).
  4. A green badge confirms your BIMI record is published; red means no record was found.

Frequently asked questions

What is a BIMI record?

A BIMI (Brand Indicators for Message Identification) record is a DNS TXT record published at default._bimi.{yourdomain} that tells email clients where to find your brand's verified SVG logo. When all requirements are met, Gmail, Apple Mail, and Yahoo Mail display your logo next to authenticated emails.

What does the l= tag mean in a BIMI record?

The l= tag is the logo URI — a URL pointing to your brand's SVG logo file (must be HTTPS, must be an SVG in the Tiny PS profile). This is the image email clients display next to your messages.

What does the a= tag mean?

The a= tag is the authority evidence URL — a link to your Verified Mark Certificate (VMC) or Mark Verifying Authority (MVA) evidence document. This is optional in the draft standard but required by Gmail for logo display.

Do I need DMARC to use BIMI?

Yes. BIMI requires a DMARC policy at enforcement level (p=quarantine or p=reject). Domains with p=none will not qualify for BIMI logo display in strict clients like Gmail.

My BIMI record exists but Gmail still doesn't show my logo. Why?

Gmail additionally requires a Verified Mark Certificate (VMC) issued by an approved authority (DigiCert or Entrust). If the a= tag is missing or points to an invalid VMC, Gmail will not display the logo even if the TXT record is present.

Related Network Tools

Open another DNS or network check in one click.

Live

SPF Record Checker

Validate SPF records — the first layer of your email authentication stack.

Open tool
Live

DMARC Record Checker

Inspect DMARC enforcement policy — required for BIMI logo display.

Open tool
Live

DKIM Lookup

Verify your DKIM public key — the cryptographic layer DMARC builds on.

Open tool
Live

SSL Certificate Checker

Check SSL validity — rounds out a full domain trust and deliverability audit.

Open tool