Google Announces BIMI and VMC Support for Increased Email Authentication and Brand Trust
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Google Announces BIMI and VMC Support for Increased Email Authentication and Brand Trust

Companies Can Now Display Their Verified Logo in Gmail Messages to Grow Their Brand and Boost Engagement

Ready for your Gmail inbox to become more eye-catching and secure? It’s about to start happening thanks to Google’s rollout of VMC support. Formally announced earlier this week, the change will see verified company logos start making their way to your emails via the BIMI standard.

After an initial pilot run last year, in which a limited number of companies and certificate authorities (CAs) participated, the world’s most-used email service will start recognizing VMCs. If you missed the test run or are unfamiliar with VMCs and the BIMI standard, they’re basically a way for companies to include their trademarked logos in the messages they send out. The purpose is to boost brand recognition, increase engagement rates, and provide a higher level of trust with their communications.

So, what are BIMI and VMCs, exactly? What are the requirements for using them? And who will they benefit?

Let’s hash it out.

What Are BIMI and VMCs?

BIMI stands for Brand Indicators for Message Identification and works with existing email authentication protocols such as DMARC (Domain-Based Message Authentication, Reporting, and Conformance), DKIM (DomainKeys Identified Mail), and SPF (Sender Policy Framework). Without getting too far into the nitty-gritty details, it’s a type of DNS resource record that is used to display an image (a logo, to be more specific) in the “from” field, representing the sender’s organization.

VMCs work in conjunction with BIMI to provide verification that the logo in question does, in fact, belong to the sender. They’re a kind of digital certificate that authenticates your company and corresponding logo in order to stop phishers and spammers from misusing logos in order to trick their targets. Think of it like the checkmark on social media platforms, but with more stringent and secure validation requirements.

VMC support in gmail
An authenticated logo displayed in Gmail next to the sender’s details. BIMI is the mechanism that displays the logo, while the VMC is what verifies the logo and its ownership.

What are the Prerequisites for BIMI and VMC Certificates?

Before you can take advantage of the new VMC support and display your logo with BIMI, you must have DMARC deployed on your email server. DMARC helps to minimize phishing and spoofing attempts by providing a higher level of control over the emails that your organization processes. It performs a series of authentication checks then handles the message accordingly based on your policy configuration.

After that, you’ll go about setting up your BIMI record on the DNS server. A very important thing to note is that whichever image file you include in the BIMI record (a sample configuration can be seen below) must be trademarked.

bimi record
An example of a BIMI record.

Then, you can proceed with purchasing your VMC and going through the verification process with the CA.

To recap, the steps for getting your VMC in place and your logo displayed are as follows:

  1. Become DMARC compliant. To qualify for a VMC, your DMARC record must be set to either “quarantine” or “reject” emails that fail the authentication checks. If you aren’t sure if your email system is properly configured, you can check it via free tools such as this one from MXToolbox. If it isn’t setup correctly, check out this guide from DigiCert for help.
  2. Verify your logo is trademarked. You can’t get a VMC unless your logo is registered with the trademark office in your region. It’s usually not a quick process, so if you’re wanting a VMC then you should start the process immediately. Here’s some more info regarding VMCs and trademarks.
  3. Make sure your logo is properly formatted. In order to dispay properly in your recipient’s inboxes, logos must be in the .svg format. Full details can be found here.
  4. Buy your VMC. After you’ve completed the previous steps, you can go about purchasing your actual Verified Mark Certificate. Have multiple logos or domains? This article will help you determine exactly how many VMCs you’ll need.
  5. Test it out! Here’s the exciting part, where you get to see your VMC in action. You’ll want to make sure there aren’t any issues before showing your verified logo to the world. Just be sure to carefully manage your certificates.

The Benefits of BIMI and VMC Support

As we touched on earlier, BIMI and VMCs aim to achieve a few different goals that result in better security and greater brand recognition. Thanks to the fact that DMARC is required for a VMC, we will see an increased adoption of stronger message authentication measures for the global email ecosystem. Spoofing and phishing attacks will be decreased, and companies will be better able to protect both their brand and customers from threats. As Dean Coclin, DigiCert’s Senior Director of Business Development, says

With BIMI and VMC from DigiCert for DMARC-verified domains, organizations can now demonstrate to their customers a higher level of email security. DigiCert VMCs not only help reduce instances of spam and spoofing customers receive, because of the DMARC requirement, but they also enable organizations to go beyond displaying default email addresses to increase engagement rates and display their brands more prominently.

In conjunction with verified logos that provide an immediate visual indicator of trust and security, BIMI and VMC support gives both senders and recipients increased confidence in what’s passing through their inboxes and outboxes. It also helps marketers by creating a more immersive experience and fosters greater engagement with their audience. Seth Blank, Chair of the AuthIndicators (BIMI) Working Group, explains how

BIMI and VMC are a significant win for customers and brands of all sizes. DMARC ensures customers don’t get spoofed email from the brands they trust, and BIMI ensures brands get increased impressions, open rates and brand trust

DMARC Benefits for Organizations

  • Increases email security throughout the organization
    • Makes it more difficult for attackers to succeed with identity-focused spoofing and phishing attempts
    • Provides greater visibility and control of the emails passing through your servers
    • Gives more accurate insights into the threats facing your domain
    • Makes sure legitimate messages are consistently delivered

VMC Benefits for Marketing

  • Instant brand recognition before your email is even opened by the recipient
    • Makes the email experience more comfortable, safe, and authentic
    • Associates your logo and messages with trust and authenticity
    • Helps you stand out from the competition
    • Tells your audience that you’re dedicated to the highest level of security
    • Boosts engagement on average of 10%

A New Way of Looking at Your Inbox

The announcement of VMC support from one of the industry’s giants is an exciting moment and a genuine innovation in the world of email. It’s just the start for BIMI, as well, with support expected to keep expanding in the coming months and years. More email providers will be getting on board, more validators will start issuing VMCs, and more logo types will be compatible. Get your VMC from DigiCert today and start enjoying all the shiny, new benefits it provides.


Mark Vojtko

After starting his career as an engineer, Mark pivoted to tech marketing, which combines his love of technology and analytical thinking with a generous dose of creativity. In addition to contributing to Hashed Out, Mark is The SSL Store's Product Marketing Manager.