What are Verified Mark Certificates and Why You Need Them

Online, and especially in the world of email, spam, suspicious offers, and malware run rampant. Over the years, the technology for these spam artists has grown exponentially both in complexity and in difficulty to prevent. As such, an initiative had to be taken in an attempt to stave off the danger to users’ data and devices.

While email providers have done their best to counteract malicious uses for their services, there are plenty that end up slipping through the cracks. As such, a new method for distinguishing phishing emails from authentic ones has been developed – Brand Indicators for Message Identification or BIMI. 

This article explains the importance of BIMI email and talks about why Verified Mark Certificates (VMC) are a necessary component of the protocol.

What is BIMI?

BIMI stands for Brand Indicators for Message Identification. It’s the leading attempt to prevent logo fraud in emails for phishing and scam use. The primary feature of BIMI is the ability to display your logo on your email in recipient inboxes. More and more email clients are adopting BIMI to encourage brands to verify their logo for official use.

The best part is that there’s no fee to verify your logo for BIMI. It’s a free process available to all parties. Currently, email clients such as Yahoo!, AOL, and Gmail all support this new feature, with many other email providers planning to do the same soon. 

As such, email marketers, managed service providers (MSPs), and managed security service providers (MSSPs) must adapt to the growing advancement of BIMI. Before long, it’s likely that most email clients will join the BIMI initiative in an attempt to reduce the relentless cases of spam and spoofing emails out there.

What is VMC?

Similar to Twitter’s “verified user” blue checkmarks, a VMC is an official mark that the domain has the official claim to its brand logo. While Google is currently the only one to enforce Verified Mark Certificates, other email providers are following suit to prevent misuse of a brand logo. 

This way, an email recipient can see whether or not you are the authentic owner of the displayed brand before they even open the email. This helps reduce the amount of spam and phishing emails that utilize brand names to appear genuine.

A VMC logo has an added layer of security. Since it’s verified by the official trademark organization, it’s much more difficult to spoof or use for unintended purposes.

What BIMI and VMC Certification Means for Businesses

BIMI email sounds like an obvious idea in theory, but what about in practice? More importantly, what does it mean for your business in particular?

Well, BIMI and VMC create some complications, as well as some opportunities. As verification becomes mainstream, more and more businesses will be expected to adopt such measures. If BIMI and VMC become widely used, people could start ignoring any and all emails from businesses that don’t present their logo on the side. However, if that’s the case, then the solution is an easy one.

Going through logo verification is simple if you have proper email security protocols (SPF, DKIM, and DMARC) set up. So, while the BIMI initiative can be intimidating to businesses that don’t have those, it really is a simple fix once your email infrastructure has the DMARC reject policy implemented.

BIMI’s benefits here are vast. For starters, any recipients of your emails will know that it’s a trusted and official email from your company. Your logo won’t just be tied to random spam and malware-infested emails that are crawling around the internet. Having a clean, untarnished name for your business is an absolute must.

Secondly, this BIMI initiative is excellent for brand recognition. Many email clients are finally allowing logos to be displayed next to the sender. Overall, this will allow for eye-catching logos to be associated with your company in someone’s mind every time they see your emails in their inbox.

How to Obtain a VMC Certificate

The process for acquiring a VMC certificate isn’t quite as complicated as you might expect. However, it’s no “two clicks and you’re done” either. But don’t worry, we’re here to help.

Below, you’ll find the verified mark certificates acquisition process:

Step 1

Reach DMARC Compliance.

Step 2

You need to make sure that your logo is registered and recognized as an official trademark. VMC certificates will not be granted to any brand logos that aren’t registered by an official intellectual property office.

This step may not always be a requirement in the future, as the BIMI standard is set to change in the future and extend to non-trademarked logos. However, for now, this is the first requirement.

Step 3

Now you’ll need to convert your logo to a Scalable Vector Graphics (or .SVG) format. Note that if your logo has complex art in it, it may have to be altered to display properly. Here is a more in-depth article on our blog.

Step 4

Next, register for your certificate. You can contact either DigiCert or Entrust certificate authority in order to request your VMC. EasyDMARC has partnered with DigiCert to give our customers a seamless journey through DMARC compliance and BIMI/VMC implementation. Once you’ve been approved, you should receive the Privacy Enhanced Mail (PEM) file.

Step 5

Upload the PEM file to your public webserver. Don’t lose the URL of the PEM file.

Step 6

Finally, log in to your domain provider and add a BIMI TXT record using that URL from your PEM file. Once that’s done, it can take up to 48 hours for your logo to begin showing.

And with that, your logo should be completely BIMI-compliant, and recipients will begin to see your brand logo display beside any emails you send.