top of page
Search

SVG Tiny for BIMI: Logo Format Pitfalls and Best Practices


When BIMI fails, it often doesn’t fail because of DNS, DMARC, or certificates.


It fails because of the logo.



More precisely: because the logo does not comply with the SVG Tiny Portable / Secure (SVG Tiny P/S) specification required by BIMI.


This article explains what SVG Tiny really is, why mailbox providers enforce it so strictly, and how to prepare a BIMI-compliant logo without costly trial and error.



1. Why BIMI requires SVG Tiny (and not “just SVG”)



SVG is a powerful and flexible format.

Too powerful, in fact.


Standard SVG allows:


  • embedded scripts,

  • external references,

  • fonts and stylesheets,

  • animations and filters.



From a mailbox provider’s perspective, this is a security risk.


BIMI therefore mandates SVG Tiny P/S, a restricted profile designed to ensure that:


  • logos are safe to render,

  • content is fully self-contained,

  • and no executable or external behaviour is possible.



In short:


SVG Tiny is not about design freedom — it is about deterministic rendering and security.



2. What exactly is SVG Tiny P/S?



SVG Tiny P/S (Portable / Secure) is a constrained subset of SVG with strict rules:


  • No scripting

  • No external references

  • No fonts

  • No raster images

  • No animations

  • No filters or effects



Everything must be:


  • vector-based,

  • inline,

  • static,

  • and predictable.



Mailbox providers fetch and parse the SVG automatically.

Any unsupported element results in silent rejection.




3. Core technical requirements for a BIMI SVG


A BIMI-compliant SVG must meet all of the following:


1. Square aspect ratio


Your logo must be square (1:1 ratio).


Even if your brand logo is rectangular, it must be placed within a square canvas.


Example:


  • Valid: 512×512 viewBox

  • Invalid: 600×300 viewBox



2. Flat colours only



Gradients, shadows, transparency, and blur effects are not allowed.


Avoid:


  • <linearGradient>

  • <radialGradient>

  • opacity effects

  • drop shadows

  • filters of any kind



Use solid fills only.




3. No text elements



Text must be converted to vector paths.


Disallowed:

<text font-family="Arial">Brand</text>


Required:


  • Convert all text to outlines (paths)

  • Remove font references entirely





4. No external references



The SVG must be completely self-contained.


Disallowed:


  • <image href="logo.png">

  • external CSS

  • external fonts



Everything must live inside the SVG file itself.




5. No embedded metadata or scripts



Remove:


  • <script>

  • <metadata>

  • <foreignObject>



Even harmless metadata can cause rejection.




6. Correct MIME type and hosting



The SVG must be:


  • served over HTTPS,

  • publicly accessible,

  • delivered with the correct MIME type:

    image/svg+xml



Incorrect headers can break BIMI even if the SVG itself is valid.




4. Common SVG pitfalls that break BIMI



From real-world BIMI deployments, these are the most frequent issues:



❌ “It’s an SVG, so it should work”



Most design tools export full SVG, not SVG Tiny.


That default export almost always contains:

  • unsupported elements,

  • metadata,

  • or effects.



❌ Gradients hidden inside paths



Even when gradients are visually subtle, their presence in the SVG code is enough to invalidate the file.


Always inspect the raw XML.




❌ Fonts not converted to outlines



Leaving text as text is one of the fastest ways to fail BIMI validation.




❌ Invisible elements

Unused layers, hidden shapes, or empty groups can still break validation.

Clean the file aggressively.




❌ Oversized or complex paths

While not explicitly forbidden, extremely complex paths can cause rendering issues.

Keep shapes simple and optimised.




5. Best practices for creating a BIMI-ready SVG


Start from the simplest version of your logo


  • Prefer monochrome or two-colour versions.

  • Remove decorative effects.

  • Focus on recognisability, not detail.



Use vector-native tools carefully


Tools commonly used:


  • Adobe Illustrator

  • Figma

  • Sketch

  • Inkscape



But export settings matter more than the tool itself.


Always:


  • convert text to outlines,

  • flatten layers,

  • remove effects,

  • and manually inspect the SVG code.



Clean the SVG manually


After export:


  • open the SVG in a text editor,

  • remove unnecessary tags,

  • ensure only allowed elements remain (<svg>, <path>, <rect>, <circle>, etc.).


A smaller, cleaner file is safer.


Validate early and often


Never wait until the end of the BIMI process to validate the SVG.


Validate:


  • before certificate issuance,

  • before DNS publication,

  • before going live.



SVG errors are the most common cause of BIMI delays.


6. Hosting considerations for BIMI SVGs


Where and how you host the SVG matters.


Best practices:




Temporary hosting or CDN misconfigurations can break logo rendering.


7. SVG, VMCs, and certificate validation



When applying for a Verified Mark Certificate (VMC):


  • The SVG hash is embedded in the certificate.

  • Any change to the SVG after issuance invalidates the certificate.

  • Even a whitespace change can break the match.


This means:


The SVG must be final before VMC issuance.

Never “fix” the SVG after the certificate is issued.


8. Testing BIMI SVGs in practice


Before production rollout:


  1. Validate SVG syntax and allowed elements

  2. Confirm correct MIME type

  3. Test HTTPS access from multiple locations

  4. Confirm no redirects

  5. Ensure SVG hash stability



BIMI failures are silent — testing is your only safety net.


9. Why BIMI is strict by design


SVG restrictions are not arbitrary.


They exist to:


  • prevent logo spoofing,

  • ensure predictable rendering across clients,

  • and protect mailbox providers and users.



By enforcing SVG Tiny, BIMI guarantees that logos are:


  • safe,

  • authentic,

  • and trustworthy.



10. How Bimimi.io helps teams get SVG right


At Bimimi.io, SVG validation is part of our standard BIMI workflow.


We help:


  • designers understand BIMI constraints,

  • IT teams validate SVG compliance,

  • brands avoid costly rework during VMC issuance,

  • and enterprises standardise logo assets across domains.



Our goal is simple:

your logo should appear because it is correct — not because of luck.



Conclusion: the logo is small, the impact is not


SVG Tiny may feel restrictive, especially for designers.

But within those constraints lies something powerful: guaranteed trust at inbox scale.


A correct SVG is not just a technical requirement — it is the visual anchor of your verified brand identity.


Get it right once, and BIMI works exactly as designed.



Learn more about BIMI logo requirements and implementation at:

 
 
 

Comments

bottom of page