BIMI: Updated Analysis of the Top 1 Million Domains
In May 2024, I analyzed the top 1 million domains for BIMI (Brand Indicators for Message Identification) compliance, revealing adoption rates, errors, and trends. Now, with updated data, I revisit this analysis to explore changes in BIMI adoption and implementation quality. This follow-up highlights progress, persistent issues, and new challenges in BIMI configurations.
Key Findings
Adoption Trends
- The number of domains with BIMI DNS records increased by 28%, from 7,562 domains in May 2024 to 9,661 domains in January 2025.
- The number of BIMI-enabled domains with one or more errors also grew significantly by 64%, from 3,161 domains (41.8% of BIMI domains in 2024) to 5,174 domains (53.6% of BIMI domains in 2025).
- The number of domains explicitly refusing to participate in BIMI grew from 8 (0.11%) to 12 (0.12%).
- The number of domains that specified an Authority Evidence Location rose significantly by 45%, from 2,075 domains in May 2024 to 2,996 domains in January 2025.
Error Analysis: Then vs. Now
The updated data compares the occurrences of specific errors across domains with BIMI records, including their percentages relative to the number of BIMI-enabled domains:
| Error | 2024 (7,562 domains) | 2025 (9,661 domains) | Change |
|---|---|---|---|
| Non-compliant SVG files | 2,150 (28.4%) | 2,656 (27.5%) | +24% |
DMARC policy p=/sp= set to 'none' | 1,137 (15.0%) | 1,287 (13.3%) | +13% |
| Unretrievable indicator location | 826 (10.9%) | 1,135 (11.7%) | +37% |
| SVG files exceeding 32 KB | 362 (4.8%) | 417 (4.3%) | +15% |
| Unknown keys specified | 37 (0.5%) | 39 (0.4%) | +5% |
Missing mandatory l tag in policies | 34 (0.4%) | 28 (0.3%) | -18% |
| Incorrect BIMI indicator location value | 18 (0.2%) | 17 (0.2%) | -6% |
| BIMI indicator file served via HTTP | 6 (0.1%) | 8 (0.1%) | +33% |
Authority Evidence Location Issues
For domains specifying an Authority Evidence Location, the number of errors also grew significantly:
| 2024 (2,075 domains) | 2025 (2,996 domains) | Change | |
|---|---|---|---|
| Incorrect authority evidence location | 218 (10.5%) | 281 (9.4%) | +29% |
| Invalid Verified Mark Certificates (VMC) | 204 (9.8%) | 291 (9.7%) | +43% |
| Expired certificates | 156 (7.5%) | 245 (8.2%) | +57% |
| Certificates not matching SVG | 54 (2.6%) | 61 (2.0%) | +13% |
| Certificates not matching domain name | 16 (0.8%) | 64 (2.1%) | +300% |
Progress and Challenges
- Adoption vs. Quality: While BIMI adoption has grown by 28%, the accompanying 64% increase in domains with errors highlights a critical gap between adoption and proper implementation.
- SVG Compliance: Non-compliant SVG files continue to dominate as the most common error, with nearly the same percentage across 2024 (28.4%) and 2025 (27.5%), reflecting limited improvement.
- DMARC Issues: Despite some progress in missing mandatory tags, issues with DMARC settings (e.g.,
p=noneand subdomain policies) persist. - Authority Evidence Locations: The sharp rise in domains specifying an Authority Evidence Location (45%) is encouraging; however, the corresponding increase in errors like invalid or expired Verified Mark Certificates emphasizes the need for better configuration practices.
Apple’s Entrust Certificate Policy: Impact on 132 Domains
Apple no longer trusts Entrust-issued Verified Mark Certificates (VMCs) created after November 15, 2024, impacting BIMI implementations for 132 domains in the top one million, including prominent brands like Business Insider and BestBuy. Email recipients using Apple services such as @icloud.com, @mac.com, and @me.com may no longer see verified brand logos, urging affected organizations to switch certificate providers to maintain brand visibility.
Conclusion
This updated analysis reveals that while BIMI adoption is steadily increasing, error rates in implementation remain high. Key areas requiring attention include SVG compliance, certificate validity, and DMARC configurations.
Improving these aspects will allow organizations to fully leverage BIMI's benefits for email authentication and brand visibility. As always, domain owners are encouraged to validate their implementations with tools like URIports for error detection and compliance checks.
To validate a domain's BIMI configuration, you can use the free validator available at URIports.