Gmail is now using VMCs to display trademarked logos in the inbox, and more email clients are expected to follow suit. You can now sign up for a VMC here.

As we wrap up the Gmail BIMI pilot and make Verified Mark Certificates (VMCs) for sale, we’d like to thank the pilot participants that made it possible and share a few lessons learned.

VMCs allow a company to display their logo in email. It’s a similar concept to a blue checkmark on Twitter or verified badge on Instagram. VMCs help end-users recognize your brand, and act as a layer of protection against spoofing through DMARC compliance.

DigiCert first issued a VMC back in October 2019 to CNN as part of the pilots for these new certificates. We also participated in the Gmail BIMI pilot that launched in July 2020. Over the last several months as we have issued some of the first VMCs to pioneering organizations, we have learned valuable lessons/seen several frequently asked questions about this new type of certificate. If your organization is interested in displaying brand logos in email clients, here are a few things to know.

Lessons learned

Before you request a VMC, here are a few tips and common pitfalls that we learned while conducting the pilot.

1. Make sure your logo is in the right format

The unique new SVG format required for BIMI posed some challenges initially, so we created a blog to outline how to do it. SVG logos are required for a VMC, must be in SVG Tiny 1.2 format, and adhere to the SVG Portable/Secure profile. The BIMI working group has several graphic conversion tools to help make the change. Additionally, you (or a talented designer) can do it yourself using Adobe Illustrator. We outline the steps for exporting a logo to SVG in this blog. 

2. Verify that your logo is trademarked in one of the eligible jurisdictions

Logos that are trademarked provide legal protection to the trademark holder, and so BIMI requires organizations to use a logo that is a registered trademark before receiving a VMC.

Currently only eight intellectual property offices are recognized by the VMC Guidelines. They are:

• United States Patent and Trademark Office (USPTO),
• Canadian Intellectual Property Office,
• European Union Intellectual Property Office,
• UK Intellectual Property Office,
• Deutsches Patent- und Markenamt,
• Japan Trademark Office,
• Spanish Patent and Trademark Office O.A.
• IP Australia.
• Intellectual Property India
• Korean Intellectual Property Office
• Instituto Nacional da Propriedade Industrial

3. Ensure that DMARC is enforced on the sending domain

The sending domain must be DMARC enforced, and you’ll need a DMARC record with either “p=quarantine” or “p=reject.” You can check if your domain is DMARC compliant using this domain checking tool from our partner Valimail or this one from the BIMI Group.

If your domain is not already DMARC compliant, learn how to set up DMARC to qualify for a VMC.

4. Be ready and willing to meet with a notary public that we will arrange

DigiCert will arrange for a notary nearby to meet a representative of your organization at a convenient location. Your representative will need to provide an ID that the notary will check and sign a declaration. We cannot move forward without the information from a notary.

5. Know what to do to get it right the first time, otherwise; it may cost you more and delay the process!

Before you order a VMC, make sure you’ve followed the steps here. If you submit a request for a VMC before you have followed these steps, it will delay your approval for a VMC.

It can take some time to register your logo as a trademark and ensure DMARC compliance, so get started now to make sure your organization is prepared to request a VMC.

Pilot Participants

We also want to give a huge shout out to our pilot participants who made this trial possible. Read what the pilot participants are saying about the impact of VMCs in our press release.

Participants include the following:

Special thanks to Valimail

Last year, we partnered with Valimail to help companies prepare for BIMI and ensure a more consistent and secure email ecosystem. Valimail is a leader in the DMARC space. This pioneering zero-trust identity-based anti-phishing company offers the only complete, cloud-native platform for validating and authenticating sender identity. It provides the most complete, effective visibility tool for interpreting DMARC reports, with the highest success rate among customers for achieving DMARC enforcement. It is also the largest provider of DMARC services to Microsoft 365 customers, and the world’s fastest-growing DMARC vendor. If you need any assistance enforcing DMARC, visit Valimail’s site to learn more.

Get your VMC today

Sign up to be one of the first to get a VMC. Don’t wait to get started! The process of registering a logo and/or becoming DMARC compliant can take several weeks, and the larger your organization is, the longer it may take. You can prepare to get a VMC by making sure your organization is DMARC compliant and that your logo is trademarked and in the proper format. Learn more about preparing for a VMC here.

Additionally, for more details and the opportunity to ask questions to our subject matter experts, register for our upcoming educational VMC webinar.