Why DMARC Enforcement Alone Does Not Enable BIMI

Q: I have DMARC at p=reject and a published BIMI record. Why isn't my logo showing in Gmail?

Gmail requires a VMC in the a= tag of the BIMI record. A record without a VMC will not cause logo display in Gmail regardless of DMARC status or how well the SVG is formatted. If a VMC is present, check that the certificate URL returns a direct 200 response, the SVG is SVG Tiny PS compliant, and DNS has fully propagated. For a complete diagnostic flow, see Common BIMI Validation Errors .

Q: Does a higher DMARC percentage (pct=100) improve BIMI coverage?

pct=100 means DMARC policy applies to all messages. Some providers, as of mid-2026, may consider a lower pct value as not fully enforced and withhold BIMI display for the percentage of messages not covered. Full enforcement at pct=100 is the safest configuration for BIMI. The BIMI specification and provider behavior on this point can evolve.

Q: Can a subdomain have its own BIMI setup with a different policy than the root domain?

Yes. Subdomains can have their own DMARC policies via the sp= tag or a separate DMARC record, and their own BIMI records at default._bimi.subdomain.yourdomain.com . You can evaluate BIMI eligibility for each subdomain independently based on its own DMARC policy, authentication alignment, DNS record, SVG, and certificate.

Direct Answer

DMARC is a prerequisite for BIMI, not a sufficient condition. A domain can have DMARC at p=reject and still have no BIMI logo display if the other requirements are not met: an SVG Tiny PS logo hosted at a valid HTTPS URL, a correctly formed BIMI DNS record at default._bimi.yourdomain.com, and — for Gmail and most providers that actively display logos — a VMC or CMC certificate. DMARC enforcement is one of five independent requirements.

The Five BIMI Requirements

Each requirement is a hard gate. Meeting four of five does not produce partial logo display — a missing requirement is a complete block. The requirements are independent: DMARC at enforcement does not influence whether the SVG is valid, and a valid SVG does not influence whether the DNS record is correctly located.

DMARC at enforcement

Gate 1 of 5

The domain’s DMARC policy must be p=quarantine or p=reject. A p=none policy explicitly disqualifies the domain from BIMI regardless of what else is in place. The percentage parameter (pct=) is considered by some providers — a pct=100 enforced policy is the strongest signal. Use the DMARC checker to confirm current policy status.

SPF and DKIM alignment

Gate 2 of 5

DMARC enforcement requires that SPF or DKIM (or both) pass in alignment with the header From: domain. A domain with a p=reject policy but failing SPF/DKIM alignment will fail DMARC on outbound messages — meaning BIMI evaluation never proceeds for those messages, even if all other requirements are met.

BIMI DNS record — correctly located and formed

Gate 3 of 5

The TXT record must be at default._bimi.yourdomain.com, begin with v=BIMI1;, and have a valid l= value pointing to the SVG. An absent or malformed record means no logo regardless of DMARC status. See Where Should the BIMI DNS Record Be Published?

SVG logo in SVG Tiny PS format

Gate 4 of 5

The logo file must conform to SVG Tiny 1.2 Portable/Secure (SVG Tiny PS), hosted at the HTTPS URL in the l= tag, and return a direct 200 response. A standard SVG 1.1 file will fail BIMI format validation. See What Is SVG Tiny PS and Why Does BIMI Require It?

Certificate (VMC or CMC) — for providers that require it

Gate 5 of 5

As of mid-2026, Gmail and most major providers that actively display BIMI logos require a valid VMC or CMC in the a= tag. A BIMI record without a certificate may work in some smaller providers, but will not display in Gmail. This is the gate most commonly missing in setups where all other requirements appear to be met. Provider-specific certificate requirements may change; verify current behavior at bimigroup.org.

Why the “DMARC Is Sufficient” Misconception Exists

Early BIMI documentation and some unofficial guides described DMARC enforcement as the key unlock for BIMI. This was accurate for a subset of providers in 2021–2022 that implemented a pre-certificate version of BIMI and did not require a VMC or CMC. As the specification matured and major providers including Gmail adopted it with certificate requirements, the “DMARC is enough” framing became incorrect for practical purposes. The BIMI Group’s current specification requires a certificate for full compliance. Whether any specific provider enforces that requirement is provider-dependent and subject to change.

Frequently Asked Questions

I have DMARC at p=reject and a published BIMI record. Why isn't my logo showing in Gmail?

Gmail requires a VMC in the a= tag of the BIMI record. A record without a VMC will not cause logo display in Gmail regardless of DMARC status or how well the SVG is formatted. If a VMC is present, check that the certificate URL returns a direct 200 response, the SVG is SVG Tiny PS compliant, and DNS has fully propagated. For a complete diagnostic flow, see Common BIMI Validation Errors.

Does a higher DMARC percentage (pct=100) improve BIMI coverage?

pct=100 means DMARC policy applies to all messages. Some providers, as of mid-2026, may consider a lower pct value as not fully enforced and withhold BIMI display for the percentage of messages not covered. Full enforcement at pct=100 is the safest configuration for BIMI. The BIMI specification and provider behavior on this point can evolve.

Can a subdomain have its own BIMI setup with a different policy than the root domain?

Yes. Subdomains can have their own DMARC policies via the sp= tag or a separate DMARC record, and their own BIMI records at default._bimi.subdomain.yourdomain.com. You can evaluate BIMI eligibility for each subdomain independently based on its own DMARC policy, authentication alignment, DNS record, SVG, and certificate.