Subdomain Considerations: When and How to Implement BIMI Across Email Subdomains

Many organizations use subdomains for different brands, departments, or regions. Implementing BIMI at the subdomain level allows you to display unique logos for each email stream, offering tailored branding and improved email trust for recipients.

• Distinct Branding Needs: Apply BIMI to subdomains if different business units or brands require unique logos.
• Separate Email Streams: Use subdomain-specific BIMI when different teams or functions send emails from their own subdomains.
• Granular Control: Implement BIMI on subdomains to test new branding or for regional campaigns without affecting the main domain.

• Create a Unique DNS TXT Record: For each subdomain, create a DNS TXT record in the format default._bimi.subdomain.example.com that points to the SVG logo file for that subdomain.
• DMARC Policy Enforcement: Each subdomain must have its own DMARC policy set to "quarantine" or "reject" (p=quarantine or p=reject) to qualify for BIMI, regardless of the parent domain’s policy.
• SPF and DKIM Configuration: Ensure SPF and DKIM are properly configured for each subdomain to pass email authentication checks.
• VMC Considerations: If using a Verified Mark Certificate (VMC), ensure the certificate covers the subdomain or acquire a separate VMC if needed.
• Logo Hosting: Host the SVG logo file on a secure (HTTPS) server and reference its URL in the BIMI DNS record for each subdomain.
• Testing: Thoroughly test BIMI implementation for each subdomain to confirm correct logo display in supported email clients.

• Missing or Incorrect DMARC Policy: A subdomain without a DMARC policy set to "quarantine" or "reject" will not display a BIMI logo, even if the parent domain is compliant.
• Improper DNS Record Placement: Ensure the BIMI record is created within the subdomain’s DNS settings, not just at the parent domain level.
• Multiple BIMI Records: Avoid having more than one BIMI record for a subdomain to prevent conflicts and display issues.
• Logo Mismatches: Use the correct SVG logo file for each subdomain and ensure it meets BIMI technical specifications.

• DMARC policy set to "quarantine" or "reject" for each subdomain: Ensure every subdomain has an enforced DMARC policy to qualify for BIMI.
• Unique DNS TXT record for each subdomain: Create a BIMI DNS TXT record for each subdomain in the format default._bimi.subdomain.example.com.
• SPF and DKIM records configured for each subdomain: Properly set up SPF and DKIM authentication for every subdomain.
• SVG logo file hosted on a secure server: Host each SVG logo on an HTTPS-enabled server for secure access.
• VMC coverage for each subdomain, if required: Obtain a Verified Mark Certificate for each subdomain that uses a unique logo.
• Thorough testing of BIMI display in target email clients: Test each subdomain’s BIMI setup to ensure proper logo display in supported email clients.

Find more answers in our VMC and BIMI FAQ section. 

Each subdomain must have its own DMARC policy and BIMI DNS record to display a unique logo—ensure all authentication and branding details are correct before rollout.