Multi-domain Strategy: Managing BIMI Across Various Corporate Domains

Many organizations operate multiple domains and subdomains for different brands, regions, or business units. Implementing BIMI across these domains enhances email trust, boosts brand recognition, and protects against spoofing, but it also introduces complexity in DNS, logo assignment, and certificate management.

• Centralize DMARC Policy Enforcement: Ensure all domains and subdomains have DMARC policies set to "quarantine" or "reject." Subdomains inherit the organizational DMARC policy unless explicitly overridden, but you can customize policies for each subdomain as needed.
• Publish BIMI Records at the Right Level: By default, a BIMI record at the organizational domain is inherited by subdomains. However, you can publish unique BIMI records for individual subdomains if you want different logos or policies for each.
• Manage Logos and VMCs: Each BIMI record can reference a different logo. If your organization uses multiple logos, you'll need a separate Verified Mark Certificate (VMC) for each logo. BIMI selectors can help assign different logos for specific use cases or subdomains.
• DNS Record Maintenance: Add or update BIMI TXT records in the DNS for each domain or subdomain as needed. Remember, any changes to logos or certificates require updating the relevant DNS records.
• Monitor and Audit Regularly: Use DMARC and BIMI monitoring tools to ensure ongoing compliance and promptly address authentication or display issues across all domains.

• Inconsistent DMARC Policies: Failing to enforce DMARC on all sending domains can prevent BIMI from working. Always set DMARC to "quarantine" or "reject" at 100% for each domain using BIMI.
• Logo Mismatches: Submitting different logos for similar domains without proper VMCs or trademark registrations can lead to rejections or display inconsistencies.
• DNS Record Overwrites: Accidentally overwriting BIMI records when updating DNS for multiple domains can disrupt logo display. Carefully track and document all DNS changes.

BIMI selectors allow brands to use multiple logos for a single domain or subdomain, enabling A/B testing or regional logo variations. Each selector requires its own BIMI record and, if using VMC, a corresponding certificate.

• DMARC at “quarantine” or “reject” for all domains/subdomains: Ensure enforcement policies are applied consistently across all domains and subdomains.
• Unique or inherited BIMI records published as needed: Publish BIMI records at the organizational or subdomain level based on your branding requirements.
• Separate VMCs for each unique logo: Obtain individual Verified Mark Certificates for each distinct logo used.
• DNS records up-to-date and accurate: Maintain current and correct DNS entries for BIMI and related authentication records.
• Ongoing monitoring and reporting in place: Continuously monitor DMARC and BIMI reports to ensure compliance and address issues promptly.

Find more answers in our VMC and BIMI FAQ section. 

Ensure all domains and subdomains have compliant DMARC, accurate BIMI records, and valid VMCs for each logo to maximize brand trust and deliverability.