New lps= tag in BIMI Explained
by
Reading Time: 5 min
Key Takeaways
- The lps= tag allows different BIMI logos for distinct local-parts (e.g., support@, marketing@).
- It enables selective exclusion, suppressing logos for specific sender addresses like noreply@.
- Mail servers use local-part matching to determine which BIMI record and logo to display.
- Requires an enforced DMARC policy (p=quarantine or reject) before implementation.
- Implement by adding the lps= tag in the default BIMI record and publishing new BIMI records for each local-part.
- Benefits include enhanced brand visibility, improved trust, and phishing reduction.
- Increases DNS management complexity, requiring careful configuration and validation.
The new lps= tag in BIMI (Brand Indicators for Message Identification) represents a major step forward in brand control and email authentication. Traditionally, BIMI allowed only one logo per domain, limiting flexibility for organizations with multiple sending addresses. With the lps= tag, domain owners can now assign unique logos, or even suppress them entirely, based on the local-part of each sender address (e.g., support@, marketing@, sales@). This advancement enhances both branding consistency and recipient trust while maintaining BIMI’s core security benefits.
What is the BIMI lps= Tag?
The lps= tag is an instruction you place in your main BIMI DNS record. It tells receiving mail servers that you want to use different logos based on the local-part of the sender’s From: address (the part before the @).
This new tag unlocks two primary capabilities:
Configuring Multiple Logos
You can now assign specific logos to different sending streams. For example, your [email protected] emails could show your main brand logo, while [email protected] could show a different, specific icon.
Enabling Selective Exclusion
Just as importantly, you can use this to prevent a logo from showing on certain messages. If you have automated system messages from [email protected] that shouldn’t display a brand indicator, lps= provides a mechanism to suppress it.
How the BIMI lps= Tag Works
The lps= tag changes the logic a mail server follows when looking for your BIMI logo. Here is the step-by-step process:
Step #1. Initial Check
An email is received and first passes standard authentication checks (SPF, DKIM, and an enforced DMARC policy).
Step #2. Default BIMI Record Lookup
The mail server looks up the default BIMI assertion record for the domain (e.g., default._bimi.company.com).
Step #3. lps= Tag Detected
The server inspects that default record. If it finds an lps= tag (e.g., lps=support, marketing, sales), it reads the list of defined local-parts.
Step #4. Local-Part Match
The server compares the email’s local-part (e.g., support from [email protected]) against the prefixes listed in the lps= tag.
Step #5. The Logic Fork:
- If there is a MATCH: The server performs a new DNS lookup using the matching local-part as the selector (e.g., support._bimi.company.com). If that record is found and is valid, it is used to display the logo.
- If there is NO MATCH (or the new lookup fails): The server “falls back” and uses the logo and evidence specified in the original default record it first retrieved.
This flow allows you to create specific logo rules for the local-parts you care about, while all other senders on your domain use the main default logo.
How to Implement BIMI lps= Tag Correctly
If you want to take advantage of this granular control, you’ll need to update your BIMI configuration.
- Prerequisite: You must have an enforced DMARC policy (set to p=quarantine or p=reject). This is a baseline requirement for all BIMI.
1. Map Your Senders
Identify all the local-parts you use for sending email and decide which ones should have unique logos or no logo at all.
2. Update Your Default Record
Add the lps= tag to your existing default BIMI record, listing the local-part prefixes you want to define.
- Example: v=BIMI1; l=…; a=…; lps=newsletter,support-team
If you do not have a BIMI record yet, you can use PowerDMARC’s BIMI record generator to generate one for free. You can then publish it on your DNS.
3. Publish Specific Records
For each prefix listed in your lps= tag, you must create and publish a new, complete BIMI DNS record.
- newsletter._bimi.company.com
- support-team._bimi.company.com
4. Validate Everything
Ensure each new record (newsletter._bimi…, support-team._bimi…) is correctly formatted with its own v=BIMI1, l= (logo location), and optional a= (evidence) tags.
The Takeaway: Control vs. Complexity
| Advantages | Challenges |
|---|---|
| Greater brand control | More DNS complexity |
| Improved logo visibility | Risk of misconfiguration |
| Better recipient trust | Requires strong DMARC enforcement |
The lps= tag marks a significant advancement for BIMI. It offers brands fine-grained control over their email branding. For organizations with multiple sending streams, this is a welcome ability to customize the user experience and brand presence.
However, this new power introduces a new layer of DNS management complexity. You must now create, validate, and maintain multiple BIMI records, increasing the potential for misconfiguration. Senders considering this should carefully map their email flows and ensure their DNS records are perfectly aligned to get the full benefit of this new feature.
Summing Up
BIMI is great, and the lps= tag makes it even better. While BIMI gives the opportunity to display your logo next to your emails, the lps= tag allows you to have different logos based on the purpose of the email address, such as alerts, marketing, HR, and so forth. As a result, you improve brand visibility, boost recipient trust, and decrease the likelihood of successful phishing and spoofing while also making your emails more targeted and customized.
Whether you need help with the lps= tag or anything else related to BIMI, PowerDMARC’s hosted BIMI services can help! We take care of everything, so you just shine. Contact our team of experts to get your email security and deliverability needs covered today!
Frequently Asked Questions
- What exactly does BIMI help with?
As BIMI displays a brand’s logo in email inboxes, it results in higher visibility, more open rates, more engagement from recipients, and overall higher brand recognition and recall.
- Can BIMI help combat phishing?
BIMI does not prevent phishing. However, it does enforce DMARC, which in turn enables domain owners to stay protected from phishing emails.
- Can I still display logos in email inboxes without full BIMI compliance?
Yes. Google Annotations, which only work for Gmail users, only in the Promotions tab, and mandate registration via Google Postmaster Tools, and Google Profile Images, albeit with limited and inconsistent visibility, can help.
But keep in mind that, while these can replicate the look of a BIMI-authenticated logo, they do not offer the necessary security layer that BIMI provides.
- Are security professionals the only ones who should care about BIMI?
No. BIMI can also be quite helpful for email marketers, growth marketing teams, PR specialists, and numerous others who need brand recognition alongside stronger security.
Domain & Email Security Expert at PowerDMARC
Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.
Latest posts by Yunes Tarada (see all)
- Stop Spam Emails: Protect Your Sender Reputation - November 29, 2025
- ActiveCampaign DKIM, DMARC, and SPF Setup Guide - November 25, 2025
- Constant Contact DKIM and DMARC Setup Guide - November 25, 2025
