BIMI Record Generator
Generate a BIMI DNS TXT record with logo and evidence URLs, DMARC readiness checks, provider paste steps, charts, and exports.| Field | Value | Use | Copy |
|---|---|---|---|
| {{ row.label }} | {{ row.value }} | {{ row.note }} |
| Provider field | Value to paste | Note | Copy |
|---|---|---|---|
| {{ row.label }} | {{ row.value }} | {{ row.note }} |
| Gate | Status | Next action | Copy |
|---|---|---|---|
| {{ row.label }} | {{ row.status }} {{ row.detail }} | {{ row.action }} |
{{ formattedJson }}
Introduction:
Brand Indicators for Message Identification, or BIMI, gives a sending domain a DNS-based way to point participating mailbox providers toward its preferred brand indicator. The logo is considered only after the message passes aligned email authentication, so BIMI sits on top of SPF, DKIM, and DMARC rather than replacing them. A visible inbox mark depends on the sender's authentication posture, the BIMI owner name, the logo asset, optional evidence such as a Verified Mark Certificate or Common Mark Certificate, and the receiver's own display policy.
A BIMI assertion is published as a DNS TXT record under a selector owner such as default._bimi.example.com. The record starts with v=BIMI1, uses l= for the logo location, and may use a= for a certificate or evidence document. Optional tags such as avp= and lps= can express avatar preference or local-part selector behavior where receivers support them.
BIMI is closely tied to DMARC because receivers need a way to trust that the visible From domain is authenticated and aligned before showing a brand mark. Common rollout guidance expects a strong DMARC policy such as quarantine or reject, applied to the whole mail stream, plus working SPF or DKIM alignment. Even when the DNS syntax is correct, a receiver may suppress the logo if the message stream, certificate, SVG profile, or authentication history does not meet its local policy.
The DNS owner name also matters. The default selector is common, but non-default selectors can be used when mail includes a matching BIMI-Selector header. That can help separate brands, campaigns, or local-part prefix behavior, but it also adds more moving parts to test. A clean rollout usually starts with one default owner, a public HTTPS logo asset, a certificate or no-evidence decision, and a validation pass after DNS propagation.
| Piece | Role | Common failure |
|---|---|---|
| Domain | The organizational or visible From domain where the BIMI owner is published. | Publishing under the wrong zone or including _bimi twice. |
| Selector | The leftmost label before ._bimi, commonly default. |
Using a non-default selector without a matching BIMI-Selector header. |
| Logo URL | The HTTPS SVG or SVGZ brand indicator location. | Using a raster image, blocked URL, or SVG that is not suitable for BIMI receivers. |
| Evidence URL | Optional certificate or authority document location. | Expecting display where a receiver requires verified evidence. |
How to Use This Tool:
Use the generator to build the BIMI TXT value, provider-specific publication rows, and readiness checks before editing DNS.
- Enter the Domain without protocol or paths. The owner name is built from the selector and domain.
- Set Selector. Use
defaultunless your outbound mail will send a matching BIMI-Selector header. - Enter the Logo SVG URL. It must be HTTPS and should end in
.svgor.svgzfor current receiver expectations. - Choose Evidence profile: certificate evidence URL, no evidence URL yet, or an explicit declination record.
- Set DMARC posture. Strict DMARC receives the full readiness score; pilot or unknown posture creates review or blocker rows.
- Choose DNS provider format to get rows for generic DNS, Cloudflare, Route 53, Google Cloud DNS, GoDaddy, cPanel, or BIND.
- Open BIMI TXT Record, then check DNS Provider Steps, BIMI Readiness Checks, BIMI Tag Ledger, and JSON.
The primary copy action stays unavailable for sample values and blocking input problems. Replace example.com assets, fix blockers, and then copy the generated TXT value into the provider field shown in the publication rows.
Interpreting Results:
The summary can show a publication owner, a declination record, a review state, or input blockers. The readiness score is a checklist score for publication preparation, not a promise that every mailbox provider will display a logo. Receiver policy, message authentication, sending reputation, certificate acceptance, and logo conformance can still affect display.
- BIMI TXT Record gives the owner name, record type, TXT value, and BIND-style zone line.
- DNS Provider Steps translates the same record into provider field names without changing the TXT value.
- BIMI Readiness Checks shows gates for owner name, selector, logo, evidence, DMARC, and publication format.
- BIMI Tag Ledger lists each generated tag, its value, and why it appears.
- BIMI Evidence Chart visualizes the readiness score and gate weights.
A Copy-ready state still needs DNS publishing and live validation. A Declination state is intentional only when you want the selected owner to decline BIMI display rather than publish a logo.
Technical Details:
BIMI records are DNS TXT assertions. They do not send the logo inside the email message. They publish a location where participating receivers can fetch a brand indicator after the message passes authentication and receiver-side checks. The owner name follows the selector pattern selector._bimi.domain, and the TXT value is a semicolon-separated tag-value list with v=BIMI1 first.
The May 2026 BIMI Internet-Draft keeps BIMI tied to strong DMARC: quarantine or reject policy on the organizational and visible From domains, with quarantine not applied to only part of the stream. DMARC itself is now described by RFC 9989, which supersedes RFC 7489. The practical result is the same for rollout planning: the BIMI TXT value is only one part of a larger authentication and receiver-policy check.
Non-declination records need an HTTPS logo location, and the logo path should use an SVG or SVGZ extension for current BIMI receiver expectations. Certificate evidence uses an HTTPS a= URL. A declination record is different: it intentionally publishes empty l= and a= values for the selected owner, which tells receivers that the selector is not publishing a logo.
Record Core:
| Tag | When it appears | Meaning |
|---|---|---|
v=BIMI1 |
Always | Version tag and first tag in the record. |
l= |
Logo or declination | HTTPS logo URL, or an empty value when declining BIMI for the selector. |
a= |
Certificate, empty authority, or declination | Evidence URL, explicit empty authority value, or required empty value for declination. |
lps= |
Optional | Local-part selector prefixes for receivers that support selector derivation. |
avp= |
Optional non-declination records | Avatar preference such as brand or personal. |
Readiness Score:
The readiness score sums gate scores out of 100. A blocker can still appear even if some gates pass, and a review state still needs live DNS, logo, certificate, and receiver validation.
| Gate | Maximum | What can block it |
|---|---|---|
| DNS owner | 15 | Invalid domain or owner name. |
| Selector | 10 | Invalid selector labels. |
| Logo location | 20 | Missing HTTPS logo URL or non-SVG extension for a logo record. |
| Evidence document | 20 | Missing HTTPS certificate URL when certificate evidence is selected. |
| DMARC gate | 20 | Pilot, monitor, unknown, or unverified DMARC posture. |
| Publication format | 15 | Blocking input errors before DNS rows can be trusted. |
Limitations and Privacy Notes:
The generator builds and checks record text from the values you enter. It does not fetch the logo, inspect the SVG profile, validate a VMC or CMC, query DNS, test DMARC records, or confirm receiver display.
- Validate DMARC, SPF, DKIM alignment, DNS propagation, logo reachability, and certificate status with live tools after publishing.
- Use a short TTL during rollout so DNS corrections propagate faster.
- Receiver display can vary even when the record syntax and readiness checks look good.
Worked Examples:
Default selector with certificate evidence
Enter example.com, selector default, an HTTPS SVG logo URL, VMC or CMC evidence URL, an HTTPS certificate URL, and Strict DMARC in place. BIMI TXT Record should show default._bimi.example.com, TXT, and a value containing v=, l=, and a=.
Pilot DMARC rollout
If DMARC pilot or monitor mode is selected, BIMI Readiness Checks should mark the DMARC gate as review. Publish only when authentication is aligned and the domain is ready for a strict policy expected by receivers.
Explicit declination
Choose Decline BIMI for this selector when the desired output is an empty-logo declaration. The TXT value should contain empty l= and a= tags, and the summary should show a declination state rather than a logo publication target.
FAQ:
Will this make my logo appear in every inbox?
No. The generator builds the DNS record and readiness checks, but display depends on receiver policy, message authentication, DNS propagation, logo conformance, certificate evidence, and sending reputation.
What should I use for the selector?
Use default unless your mail stream sends a matching BIMI-Selector header. Non-default selectors add DNS and sending-side coordination.
Why is the copy button unavailable?
The copy action is unavailable for sample values and blocking input errors. Replace example domains and asset URLs, then fix any readiness blockers before copying the TXT value.
Should I include an empty a= tag?
Use it when you want the record to explicitly state that no authority evidence URL is disclosed. If a receiver requires certificate evidence for display, add a valid HTTPS evidence URL instead.
Glossary:
- BIMI
- Brand Indicators for Message Identification, a DNS-based way for participating receivers to discover a sender's brand indicator.
- DMARC
- Domain-based Message Authentication, Reporting, and Conformance, the policy and alignment layer that BIMI relies on.
- Selector
- The DNS label before
._bimi, commonlydefault. - VMC
- Verified Mark Certificate, certificate evidence used by some BIMI receivers.
- CMC
- Common Mark Certificate, another certificate evidence option referenced in BIMI deployments.
References:
- Brand Indicators for Message Identification (BIMI), IETF Internet-Draft, published 1 May 2026.
- FAQs for senders and ESPs, BIMI Group.
- Set up BIMI, Google Workspace Admin Help.
- RFC 9989: Domain-Based Message Authentication, Reporting, and Conformance (DMARC), RFC Editor, May 2026.
- How to add a DNS record in cPanel, Simplified Guide.