How to Get a Verified Blue Checkmark in Gmail
1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)
Loading...

How to Get a Verified Blue Checkmark in Gmail

Verified checkmarks are no longer just for social media. On May 3, Google began displaying blue verification checkmarks for email senders that have BIMI and verified mark certificates (VMCs). Here’s what they are and how your organization can get one…

Want to be sure your emails stand out inboxes full of spam, phishing, and noise? Google’s new verified checkmarks can help your emails stand out and get read by the recipients. Here’s what you need to know about the new verified checkmark in Gmail, and how to get a checkmark to display next to your emails.

Let’s hash it out.

What’s the Deal? A 30-Second Overview of Google Mail’s New Blue Checkmark Icon

The Google Workspace team announced on May 3 that they were rolling out a new feature that will show verified checkmarks in Gmail for any email sender that uses BIMI and verified mark certificates (VMCs) — more on that in a moment.

Google says the new verified checkmark “will help users identify messages from legitimate senders versus impersonators”:

Google checkmark graphic: A screenshot of how the blue checkmark looks in Gmail.
Image caption: A screenshot of the new verified Gmail logo that showcases that the email sender is, in fact, Google and isn’t an imposter trying to phish the recipient. Image source: Google Workspace blog.

The concept is similar to the checkmark icons you see for verified accounts on social media platforms such as Instagram:

A graphic that shows how the similar verified blue checkmark looks on Instagram
Image caption: A screenshot captured while using the Instagram mobile app.

How to Get the Blue Checkmark to Display in Emails You Send to Gmail Users

To make the blue checkmark appear in the emails you send to Gmail users, you’ll need to set up the BIMI protocol with a verified mark certificate for your domain.

Here’s what you need to do:

1. Carry Out the Necessary Preparations on the Back End

You’ll need to complete several steps in order to become VMC and BIMI compliant. These steps include setting up domain name system (DNS) TXT records, a DMARC policy, and trademarking your logo. Our step-by-step guide will walk you through the specifics of how to get verified for a VMC.

2. Purchase a Verified Mark Certificate (VMC)

The next step is to purchase a verified mark certificate for your domain. This is a digital certificate that enables you to display your organization’s trademarked logo in recipients’ inboxes. This way, they see your verified digital identity and will trust that your messages are authentic before they even click on them.

3. Implement BIMI

Once you have all of your other ducks in a row, you’ll move on to setting up your brand indicators for message identification DNS record. You can do this manually or use a tool to help you do it. You can check your existing BIMI information using BIMIGroup.org’s BIMI Inspector and Generator tool. For example, here’s what the records show for TheSSLStore.com:

A screenshot of BIMI Group's BIMI Inspector tool.
Image caption: A screenshot captured using BIMI Group’s BIMI Inspector tool.

If you don’t have a BIMI record yet, then hit the Generate BIMI button located beneath the BIMI lookup field to get started. NOTE: You’ll need to have your SVG image available.

Why Does Having the Checkmark Matter?

In a nutshell, the checkmark is another way to help prove your verified digital identity and assure readers that your emails are trustworthy. Organizations need all the tools in their toolbox to help customers, employees, shareholders, and other stakeholders know that your messages are legitimate and truly came from you.

We’re living in a time when phishing attacks are the most common digital threat to Americans. Data from the latest Internet Crime Complaint Center’s (IC3) Internet Crime Report shows that 300,497 victims reported falling for phishing attacks, with losses surpassing $52 million in 2022. This doesn’t count business email compromise (BEC) attacks, which had 21,832 reports with losses of more than $2.74 million in that same period. What makes these numbers even more astonishing is when you consider that they only include the reported numbers.

… Which brings us back to why the blue checkmark is so important for email digital identity and security.

The Gmail Blue Checkmark Is the Next Phase of the BIMI Email Security Evolution

According to the Google Workspace team:

“Strong email authentication helps users and email security systems identify and stop spam, and also enables senders to leverage their brand trust. This increases confidence in email sources and gives readers an immersive experience, creating a better email ecosystem for everyone.”

A few years ago, we introduced you to the concept of brand indicators for message identity (BIMI) and verified mark certificates (VMCs). Together, these two email security measures help you assert your digital identity to prove to recipients that your outbound messages are authentic (i.e., they came from you).

An example of how an email looks in a Gmail user's inbox when sent by a BIMI and VMC compliant sender
Image caption: A screenshot of how Chase’s BIMI verified logo displays in the Gmail inbox of an employee at The SSL Store.

Add these digital identity indicators to your emails, along with public key infrastructure (PKI)-based email digital signature in the form of an email signing certificate for individual users, and you’ll be doing virtually everything within your power to make your verified digital identity clear.

Wrapping This Up With Additional Resources

Google’s implementation of the blue checkmarks is another example of how they’re embracing digital identity for greater email security. It’s piggybacking on their existing support and use of BIMI and VMCs, providing another checkmark (excuse the pun) on the list of visual security indicators of identity verification.

Interested in learning more about BIMI, VMCs, and related email security measures? Then check out the following resources:

Author

Casey Crane

Casey Crane is a regular contributor to and managing editor of Hashed Out. She has more than 15 years of experience in journalism and writing, including crime analysis and IT security. Casey also serves as the Content Manager at The SSL Store.