Skip to main content
Log in
CaptainDNS

Email Diagnostics

Tools to verify and validate your email authentication setup.

SPF
DKIM
DMARC
DMARCbis
BIMI
MTA-STS
TLS-RPT
DANE / TLSA

Deliverability

Email deliverability auditMail header analyzerEmail testerIP Blacklist CheckerDomain Blacklist CheckerSPF FlattenerDKIM Selector FinderSMTP/MX Tester

Secure & Monitor

Record generators, policy hosting and continuous monitoring.

Network & Web

Network tools, web page analysis and certificates.

IP Tools

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

IPv6 subnet calculator

Calculate IPv6 subnets, address ranges and reverse DNS entries.

Certificates & BIMI

BIMI logo lookup

Inspect a BIMI logo URL - format, metadata and live rendering - before rollout.

BIMI SVG converter

Convert any SVG to BIMI-compliant Tiny-PS format in seconds.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate - issuer, validity and SAN coverage - before you publish BIMI.

Web

Page size checker

Check if your page exceeds Google's 2 MB crawl limit.

Phishing URL Checker

Check if a URL is flagged as phishing or malware by 4 threat intelligence sources.

Redirect Checker

Analyze HTTP redirect chains

Domain Redirect

Redirect your domains with automatic HTTPS and 301/302 redirects.

Developer Tools

Text utilities and tools for everyday dev work.

Text

Transform and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Password generator

Generate strong random passwords and memorable passphrases instantly.

Developer

Encoding, hashing, regex and formatting for everyday dev work.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Hash Generator

Compute MD5, SHA-1, SHA-256 and SHA-512 hashes of any text.

URL encoder / decoder

Encode or decode text using percent-encoding (RFC 3986) right in your browser.

Regex Tester

Test a regular expression against text and visualize matches.

JSON / YAML Formatter

Format, validate and convert JSON and YAML in one click.

Free BIMI Hosting

Host your BIMI logo and certificate in a few clicks

Deploy BIMI without managing an HTTPS server. CaptainDNS hosts your SVG logo and VMC/CMC certificate for free - with automatic domain verification and BIMI DNS record generation. Upload your files and we handle the rest.

Logo and certificate separately

Host only your SVG logo, only your VMC/CMC certificate, or both. Each asset is independent.

Automatic HTTPS

Your assets are served over HTTPS with a valid certificate and strict security headers (CSP). No management on your end.

Domain verification

Simple TXT record verification proves domain ownership. Add one record and we validate it automatically.

BIMI DNS record

The BIMI record is generated automatically with your asset URLs. Copy it to your DNS to enable logo display.

Up to 5 domains

Host BIMI assets for up to 5 domains from a single account. Each domain gets its own verified profile.

Why display your logo in email inboxes?

Every day, your recipients receive dozens of emails. Most look identical: a sender name, a subject line, a generic avatar. BIMI (Brand Indicators for Message Identification) changes that. It places your brand logo next to your emails in Gmail, Yahoo Mail, Apple Mail and other supporting clients. BIMI is defined in RFC 9495 and supported by the BIMI Working Group.

Your messages stand out. Your recipients recognize you instantly. Red Sift research shows BIMI increases email open rates by up to 10%. For Gmail alone, that means visibility across 1.8 billion active accounts.

Gmail adopted BIMI in July 2021. Apple Mail followed in September 2022 with iOS 16 and macOS Ventura. Yahoo Mail and Fastmail supported it even earlier.

But BIMI is more than a marketing tool. It builds on your existing email authentication stack (SPF, DKIM, DMARC) to signal that you take email security seriously. A visible logo tells recipients that your domain is verified and your messages are legitimate.

The infrastructure problem

BIMI requires your SVG logo (and optional VMC/CMC certificate) to be permanently available at public HTTPS URLs. The BIMI DNS record points directly to these URLs, and mail providers fetch the assets on every delivery.

To self-host BIMI assets, you need:

  • A dedicated HTTPS server with a valid TLS certificate and automatic renewal
  • Permanent availability: if your server goes down, new emails lose the logo
  • Strict security headers: mail providers require Content-Security-Policy headers
  • SVG format compliance: the logo must be SVG Tiny 1.2 PS, not standard SVG
  • DNS record management: the BIMI TXT record must contain exact HTTPS URLs

For most teams, that is overhead for a single DNS record. It means provisioning a server, configuring TLS, writing security headers, monitoring uptime, and keeping certificates renewed indefinitely.

CaptainDNS hosted BIMI removes all of that. You upload your files. We handle the HTTPS hosting, the TLS certificates, the security headers, and the DNS record generation.

How it works

1. Create your BIMI profile

Sign in and create a profile by entering your domain name. A default selector (default) is assigned automatically, but you can customize it if you use multiple BIMI configurations. The profile is created in seconds.

2. Verify domain ownership

We generate a unique TXT verification record for your domain. Add it to your DNS zone (for example, _bimi-default.captaindns.com). CaptainDNS checks for the record automatically. Once detected, your domain ownership is confirmed and you can proceed to upload your assets.

3. Upload your assets

Upload your SVG Tiny-PS logo and/or your VMC/CMC certificate in PEM format. Each file is validated on upload: the logo is checked for SVG Tiny-PS compliance, and the certificate is parsed to extract issuer, subject, and validity dates. Invalid files are rejected with a clear error message.

4. Activate and publish

Once your assets are uploaded, CaptainDNS generates the complete BIMI DNS record with the correct HTTPS URLs. Copy this record to your DNS, activate the profile, and your logo starts appearing in email inboxes. The entire process takes under five minutes.

Gmail, Yahoo, Apple Mail: which providers support BIMI?

Not all mail providers implement BIMI the same way. Understanding the differences helps you choose the right configuration.

ProviderLogo displayCertificate requiredNotes
GmailYesVMC or CMC requiredLargest provider (1.8B users). Logo displayed as a verified checkmark avatar.
Yahoo MailYesNot requiredSupports self-asserted mode. Logo displayed without certificate.
Apple MailYesVMC or CMC requiredSupported since iOS 16 and macOS Ventura.
FastmailYesNot requiredEarly BIMI adopter. Logo displayed in self-asserted mode.
La PosteYesNot requiredFrench provider supporting BIMI in self-asserted mode.

If your primary audience uses Gmail or Apple Mail, you need a VMC or CMC certificate in addition to your logo. If your audience is primarily on Yahoo or Fastmail, a logo alone is sufficient to start.

Logo only, certificate only, or both

CaptainDNS supports three configurations. You choose the one that matches your current BIMI deployment level and can upgrade at any time.

ConfigurationBIMI recordUse case
Logo onlyv=BIMI1; l=https://...; a=Self-asserted mode (Yahoo, Fastmail, La Poste)
Certificate onlyv=BIMI1; l=; a=https://...Logo hosted elsewhere, certificate hosted here
Logo + certificatev=BIMI1; l=https://...; a=https://...Full setup for Gmail and Apple Mail

Each asset is independent. You can start with a logo for Yahoo and Fastmail visibility, then add a VMC certificate later when you are ready for Gmail.

VMC vs CMC: which certificate do you need?

The certificate question is the first decision most teams face when planning a BIMI deployment.

BIMI supports two types of certificates. Both prove that the logo belongs to your organization.

VMC (Verified Mark Certificate) requires that your logo is a registered trademark. Certificate authorities (DigiCert, Entrust) verify the trademark registration before issuing the certificate. This is the original standard and is widely supported. Google announced VMC support in Gmail via the Google Workspace Blog in July 2021.

CMC (Common Mark Certificate) does not require a trademark. It verifies that the organization controls the domain and the logo, but skips trademark registration. CMCs have been supported by major providers since 2023. They are less expensive and increasingly adopted.

Both certificate types work with CaptainDNS hosted BIMI. Upload the PEM file; we validate it, extract the metadata, and generate the correct BIMI record with the a= URL pointing to your certificate.

Prerequisites before deploying BIMI

Skipping any of these steps is the most common reason BIMI deployments fail silently.

BIMI does not work in isolation. It is the final layer in an email authentication stack. Before deploying BIMI, make sure you have:

  1. SPF configured on your domain (check with our SPF checker)
  2. DKIM signing enabled for all outgoing mail (verify with DKIM checker)
  3. DMARC policy set to quarantine or reject with at least p=quarantine (validate with DMARC checker)
  4. An SVG Tiny-PS logo in the correct format (convert with our SVG converter)
  5. A VMC or CMC certificate (required for Gmail and Apple Mail, optional for Yahoo and Fastmail)

If any of these layers is missing, mail providers will ignore your BIMI record. CaptainDNS provides tools to check each one.

Hosted BIMI vs self-hosting

CaptainDNS Hosted BIMISelf-hosted
Server setupNoneYou provision and maintain a web server
TLS certificatesAutomatic (Let's Encrypt, auto-renewal)Manual provisioning and renewal
Security headersPreconfigured (CSP, strict transport)You configure and maintain them
DNS recordGenerated automatically with correct URLsYou write it manually
AvailabilityManaged infrastructure with redundancyDepends on your server uptime
Asset updatesUpload from the dashboard, instantEdit files on your server, restart if needed
CostFreeServer hosting costs (monthly)
Time to deployUnder 5 minutesHours to days, depending on your infrastructure

Complementary tools

Each tool solves a specific step in the BIMI deployment process.

CaptainDNS offers a complete BIMI toolkit. Use these tools alongside hosted BIMI to validate, convert, and monitor your configuration.

ToolDescription
SVG Tiny-PS ConverterConvert a standard SVG to BIMI-compliant SVG Tiny 1.2 PS format
BIMI Logo LookupLook up and preview any domain's published BIMI logo
BIMI GeneratorGenerate a complete BIMI DNS record with custom parameters
BIMI Record CheckerValidate an existing BIMI record and diagnose configuration errors
VMC Certificate ParserParse and validate a VMC or CMC certificate (issuer, validity, subject)
DMARC Record CheckerVerify your DMARC policy meets the minimum BIMI requirement
Mail Domain CheckRun a full email authentication audit (SPF + DKIM + DMARC + BIMI)

Ready to deploy BIMI? Sign in and create your first profile in under five minutes.