Google Announces BIMI and VMC Support for Increased Email Authentication and Brand Trust
Companies can now display their verified logo in Gmail messages to grow their brand and boost engagement
Ready for your Gmail inbox to become more eye-catching and secure? It’s about to start happening thanks to Google’s rollout of VMC support. Formally announced earlier this week, the change will see verified company logos start making their way to your emails via the BIMI standard.
After an initial pilot run last year, in which a limited number of companies and certificate authorities (CAs) participated, the world’s most-used email service will start recognizing VMCs. If you missed the test run or are unfamiliar with VMCs and the BIMI standard, they’re basically a way for companies to include their trademarked logos in the messages they send out. The purpose is to boost brand recognition, increase engagement rates, and provide a higher level of trust with their communications.
So, what are BIMI and VMCs, exactly? What are the requirements for using them? And who will they benefit?
Let’s hash it out.
What Are BIMI and VMCs?
BIMI stands for Brand Indicators for Message Identification and works with existing email authentication protocols such as DMARC (Domain-Based Message Authentication, Reporting, and Conformance), DKIM (DomainKeys Identified Mail), and SPF (Sender Policy Framework). Without getting too far into the nitty-gritty details, it’s a type of DNS resource record that is used to display an image (a logo, to be more specific) in the “from” field, representing the sender’s organization.
Verified Mark Certificates (VMCs) work in conjunction with BIMI to provide verification that the logo in question does, in fact, belong to the sender. They’re a kind of digital certificate that authenticates your company and corresponding logo in order to stop phishers and spammers from misusing logos in order to trick their targets. Think of it like the checkmark on social media platforms, but with more stringent and secure validation requirements.

What are the Prerequisites for BIMI and VMC Certificates?
Before you can take advantage of the new VMC support and display your logo with BIMI, you must have DMARC deployed on your email server. DMARC helps to minimize phishing and spoofing attempts by providing a higher level of control over the emails that your organization processes. It performs a series of authentication checks and then handles the message accordingly based on your policy configuration.
After that, you’ll go about setting up your BIMI record on the DNS server. A very important thing to note is that whichever image file you include in the BIMI record (a sample configuration can be seen below) must be trademarked.

Then, you can proceed with purchasing your VMC and going through the verification process with the CA.
To recap, the steps for getting your VMC in place and your logo displayed are as follows:
- Become DMARC compliant. To qualify for a VMC, your DMARC record must be set to either “quarantine” or “reject” emails that fail the authentication checks. If you aren’t sure if your email system is properly configured, you can check it via free tools such as this one from MXToolbox. If it isn’t setup correctly, check out this guide from DigiCert for help.
- Verify your logo is trademarked. You can’t get a VMC unless your logo is registered with the trademark office in your region. It’s usually not a quick process, so if you’re wanting a VMC then you should start the process immediately. Here’s some more info regarding VMCs and trademarks.
- Make sure your logo is properly formatted. In order to dispay properly in your recipient’s inboxes, logos must be in the .svg format. Full details can be found here.
- Buy your VMC. After you’ve completed the previous steps, you can go about purchasing your actual Verified Mark Certificate. Have multiple logos or domains? This article will help you determine exactly how many VMCs you’ll need.
- Test it out! Here’s the exciting part, where you get to see your VMC in action. You’ll want to make sure there aren’t any issues before showing your verified logo to the world. Just be sure to carefully manage your certificates.
The Benefits of BIMI and VMC Support
As we touched on earlier, BIMI and VMCs aim to achieve a few different goals that result in better security and greater brand recognition. Thanks to the fact that DMARC is required for a VMC, we will see an increased adoption of stronger message authentication measures for the global email ecosystem. Spoofing and phishing attacks will be decreased, and companies will be better able to protect both their brand and customers from threats. As Dean Coclin, DigiCert’s Senior Director of Business Development, says
With BIMI and VMC from DigiCert for DMARC-verified domains, organizations can now demonstrate to their customers a higher level of email security. DigiCert VMCs not only help reduce instances of spam and spoofing customers receive, because of the DMARC requirement, but they also enable organizations to go beyond displaying default email addresses to increase engagement rates and display their brands more prominently.
In conjunction with verified logos that provide an immediate visual indicator of trust and security, BIMI and VMC support gives both senders and recipients increased confidence in what’s passing through their inboxes and outboxes. It also helps marketers by creating a more immersive experience and fosters greater engagement with their audience. Seth Blank, Chair of the AuthIndicators (BIMI) Working Group, explains how
BIMI and VMC are a significant win for customers and brands of all sizes. DMARC ensures customers don’t get spoofed email from the brands they trust, and BIMI ensures brands get increased impressions, open rates and brand trust
DMARC Benefits for Organizations
- Increases email security throughout the organization
- Makes it more difficult for attackers to succeed with identity-focused spoofing and phishing attempts
- Provides greater visibility and control of the emails passing through your servers
- Gives more accurate insights into the threats facing your domain
- Makes sure legitimate messages are consistently delivered
VMC Benefits for Marketing
- Instant brand recognition of your email by the recipient
- Makes the email experience more comfortable, safe, and authentic
- Associates your logo and messages with trust and authenticity
- Helps you stand out from the competition
- Tells your audience that you’re dedicated to the highest level of security
- Boosts engagement on average of 10%
A New Way of Looking at Your Inbox
The announcement of VMC support from one of the industry’s giants is an exciting moment and a genuine innovation in the world of email. It’s just the start for BIMI, as well, with support expected to keep expanding in the coming months and years. More email providers will be getting on board, more validators will start issuing VMCs, and more logo types will be compatible. Get your VMC from DigiCert today and start enjoying all the shiny, new benefits it provides.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown