Summary
All sources agree that a trademark owner *can* authorize a third party to use their logo for BIMI. This authorization is primarily managed through DMARC compliance and, increasingly, Verified Mark Certificates (VMCs). DMARC ensures the 'From:' domain is authenticated, demonstrating control and authorization. VMCs, issued by Certificate Authorities, provide a stronger validation, requiring proof of trademark ownership and the right to use the logo. As BIMI implementation matures, VMCs will become crucial in confirming authorized logo usage and building trust by assuring recipients that the email is not a phishing attempt.
Key findings
- DMARC is Key: BIMI requires a DMARC pass, implying control and authorization of the sending domain by the trademark owner.
- VMC Validates Rights: VMCs certify the logo's usage rights, providing a validated assurance of authorization from the trademark owner.
- Trust and Security: BIMI is designed to improve trust in email and prevent phishing; it relies on verifying the sender's right to use the brand's logo.
Key considerations
- Third-Party Access: Brands can authorize third parties to send BIMI-compliant email if they meet DMARC requirements and potentially have their sending domains included in the brand's VMC.
- CA Authority: Certificate Authorities (CAs) like DigiCert and Entrust play a crucial role in validating rights and issuing VMCs, verifying the legitimacy of the logo's usage.
- Evolving Standards: The BIMI landscape is evolving, with increasing emphasis on VMCs as a core component for ensuring brand security and trust in email communications.
What email marketers say
8 marketer opinions
The consensus is that a trademark owner can authorize a third party to use their logo for BIMI. This authorization is facilitated through mechanisms like DMARC compliance and Verified Mark Certificates (VMCs), which validate the right to use the logo. These measures ensure that only authorized senders can display the brand's logo, preventing fraud and building trust.
Key opinions
- DMARC Compliance: BIMI requires DMARC compliance, which implies the trademark owner has authorized the sender.
- VMC Requirement: Many mailboxes require a VMC to display the BIMI logo, which validates the organization's right to use the logo.
- Authorization Implied: BIMI implementations inherently rely on the trademark owner's authorization for logo usage.
- Certificate Authority Role: Certificate Authorities (CAs) verify the entity applying for the VMC and the mark to be used, further ensuring authorization.
Key considerations
- Third-Party VMC: If a third party owns the sending domain (e.g., a marketing agency), the trademark owner may need to add that domain to their VMC.
- Domain Ownership: The entity using the logo must demonstrate the right to use it, often through domain ownership or explicit permission from the trademark owner.
- Trust and Fraud Prevention: BIMI and VMCs are designed to build trust and prevent fraud by ensuring only authorized senders can display brand logos.
Marketer view
Email marketer from Mailjet explains that BIMI relies on strong authentication to ensure that only authorized senders are displaying the brand's logo. Third-party use depends on compliant DMARC records.
28 Sep 2023 - Mailjet.com
Marketer view
Email marketer from Reddit shares that if a company authorizes a third-party vendor to send emails on their behalf using their domain (and passes DMARC), then the vendor can typically use the company's logo for BIMI, assuming they also have a VMC.
23 Apr 2022 - Reddit
What the experts say
3 expert opinions
The provided answers converge on the idea that trademark owners can authorize third parties to use their logos for BIMI. This authorization is achieved through adherence to technical standards like DMARC and the acquisition of a Verified Mark Certificate (VMC). These mechanisms ensure that only entities with validated rights can display the logo, enhancing trust and preventing phishing.
Key opinions
- DMARC Alignment: BIMI implementation relies on DMARC compliance, which necessitates alignment with the 'From:' domain and proper authentication.
- VMC Validation: VMCs serve as a validation mechanism, confirming that the entity using the logo has the right to do so, thereby verifying authorization.
- Trust Indicator: BIMI, particularly with a VMC, signals to recipients that the email is legitimate and not a phishing attempt.
Key considerations
- Third-Party Usage: Brands can employ third parties to send BIMI-compliant email, assuming they meet DMARC requirements and potentially have the domain added to the brand's VMC.
- Rights Verification: The process of obtaining a VMC requires verification of the sender's right to use the logo, underscoring the importance of authorization.
- Mature Implementation: As BIMI implementation matures, the reliance on VMCs will become more prevalent, further solidifying the assurance of authorization.
Expert view
Email marketer from Email Geeks answers that BIMI is keyed to the visible From: domain in the message and requires an aligned DMARC pass. A brand can employ a third party to send DMARC-aligned and passing mail on their behalf, and a brand can also use a third party to send BIMI-compliant mail.
1 Jun 2022 - Email Geeks
Expert view
Expert from Word to the Wise responds that as BIMI implementations mature, the use of VMCs will confirm that the sender is authorized to use the logo, as they have verified their ownership and rights to the logo. Using BIMI shows the recipient you're not a phisher.
21 Jan 2024 - Word to the Wise
What the documentation says
3 technical articles
The provided documentation highlights that using a Verified Mark Certificate (VMC) is crucial for BIMI implementation, particularly for displaying logos in supporting mailboxes. Obtaining a VMC necessitates proving exclusive rights to use the logo, implying and verifying authorization from the trademark owner. This process ensures that only those with legitimate rights can display the logo in email marketing.
Key findings
- VMC Requirement: BIMI often requires a VMC for logo display.
- Rights Verification: VMC issuance involves verifying the organization's right to use the logo.
- Implicit Authorization: The VMC process confirms the trademark owner's authorization, either implicitly or explicitly.
Key considerations
- Exclusive Rights: Applicants must demonstrate exclusive rights to use the logo to obtain a VMC.
- Trademark Validation: VMC issuers perform trademark validation to confirm usage rights.
- Issuer Specifics: DigiCert and Entrust are examples of CAs that issue VMCs and have specific requirements for verifying trademark rights.
Technical article
Documentation from Entrust explains that they issue VMCs which require trademark validation. This validation step confirms the right to use the logo, thus indicating authorization for BIMI use.
14 Apr 2022 - Entrust.com
Technical article
Documentation from DigiCert explains that to get a VMC from them, you must demonstrate exclusive rights to use the logo in your email marketing. The process to verify that right implies authorization.
9 Jun 2022 - DigiCert.com
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Do I need a trademark in every country for BIMI?
Does BIMI impact email deliverability?
Does BIMI improve email deliverability and engagement?
Does BIMI require strict alignment between From and return-path domains?
How can I check if a domain uses Entrust or Digicert for BIMI, and should I avoid Entrust?
How do I implement BIMI and get my logo to show in Gmail and Yahoo Mail?
How do I implement BIMI for multiple brands with subdomains?
How do I set up BIMI? Is a VMC certificate always required?
How do I set up BIMI with a CMC, and what are common issues?
