Summary
To determine if a domain uses Entrust or DigiCert for BIMI, you can manually inspect the certificate details from the BIMI record using tools like OpenSSL or utilize online BIMI checkers such as aboutmy.email. It's important to verify the issuer against approved VMC issuer lists and to monitor news regarding the trustworthiness and compliance of these CAs, especially Entrust, as major email providers' decisions can impact certificate validity. Google's Chrome team views Entrust as violating CA requirements, although there are no root issues directly affecting BIMI. For those prioritizing security, avoiding Entrust in the near future might be prudent. Implementing BIMI with VMCs from trusted CAs enhances email security and brand visibility, provided that correct DNS records are set up. DigiCert is considered a safe choice, and understanding vendor switching costs is advisable.
Key findings
- Multiple Verification Methods: You can manually inspect certificates via OpenSSL or use online BIMI checkers to determine the issuer.
- Issuer Approval Lists: The BIMI Group and other sources provide lists of approved VMC issuers.
- Google's Distrust of Entrust: Google's Chrome team has concerns about Entrust's compliance with CA requirements.
- VMC Benefits: Implementing BIMI with a valid VMC enhances brand security, trust, and logo visibility in email.
Key considerations
- Entrust Risk: Carefully consider the potential risks associated with Entrust based on Google's concerns, although no immediate root issues affect BIMI directly.
- Vendor Switching Preparedness: Understand the costs and processes involved in switching VMC vendors.
- DNS Configuration: Ensure correct DNS record configuration for proper BIMI implementation.
- Staying Informed: Monitor news and compliance reports related to VMC issuers like Entrust.
- DigiCert as Alternative: DigiCert is viewed as a solid alternative to Entrust for VMC issuance.
What email marketers say
10 marketer opinions
To check if a domain uses Entrust or Digicert for BIMI, you can manually inspect the certificate by fetching it from the BIMI record using tools like OpenSSL or online BIMI checkers. Verify the issuer details against a list of approved VMC issuers, such as those provided by the BIMI Group. It's important to monitor news regarding the trustworthiness and compliance of VMC issuers like Entrust, as decisions by email providers can impact certificate validity. Implementing BIMI with VMCs from trusted CAs enhances email security and brand visibility.
Key opinions
- Manual Certificate Inspection: Certificates can be manually inspected using OpenSSL or online BIMI checkers to verify the issuer.
- VMC Issuer Verification: Verify the VMC issuer against approved lists to ensure compliance.
- Email Provider Compliance: VMC compatibility should be verified with specific email provider requirements.
- BIMI Implementation Benefits: BIMI with VMCs enhances email security, brand visibility, and trust.
Key considerations
- Entrust Monitoring: Monitor news and announcements regarding the trustworthiness and compliance of Entrust and other VMC issuers.
- Certificate Authority Trust: Ensure the VMC is issued by a trusted certificate authority to maintain validity and brand security.
- DNS Record Setup: Ensure correct DNS records are set up to authenticate the brand's logo properly.
- Compatibility Check: Verify the VMC issuer and its compatibility with email providers to ensure it is working as expected.
Marketer view
Email marketer from EmailToolTester clarifies that BIMI relies on having a valid VMC issued by a trusted certificate authority and setting up the correct DNS records to authenticate the brand's logo and ensure it is displayed in email inboxes.
16 Sep 2024 - EmailToolTester
Marketer view
Email marketer from OnlyMyEmail recommends that to check a BIMI record for the VMC, it is recommended to inspect the DNS records of the domain and check the URL to see if it is valid.
23 Jun 2021 - OnlyMyEmail
What the experts say
6 expert opinions
To check if a domain uses Entrust or Digicert for BIMI, tools like aboutmy.email can pull the BIMI data, including the certificate issuer. Alternatively, dig and curl commands can be used to manually extract the issuer information. While there may be other reasons to distrust Entrust, no root issues directly affect BIMI, but Google's Chrome team views Entrust as violating CA requirements. As such, it is suggested that anyone concerned about security should avoid them in the near future. Understanding the costs and processes involved in switching vendors is important, and choosing DigiCert is unlikely to face criticism.
Key opinions
- Tool Availability: Tools like aboutmy.email can extract BIMI data, including the certificate issuer.
- Manual Extraction: dig and curl commands can be used to manually extract issuer information from BIMI records.
- Google's Distrust: Google's Chrome team views Entrust as violating CA requirements.
- No Root Issues for BIMI: There are no root issues directly affecting Entrust's use for BIMI, although other reasons for distrust exist.
Key considerations
- Security Concerns: Those concerned about security should consider avoiding Entrust in the near future due to Google's distrust and past behavior.
- Vendor Switching: Understand the costs and processes involved in switching VMC vendors.
- DigiCert as Safe Choice: Choosing DigiCert for VMCs is unlikely to face criticism.
Expert view
Expert from Email Geeks shares that aboutmy.email will pull the BIMI data, including the cert issuer and that most BIMI-specific tools would too.
22 Oct 2023 - Email Geeks
Expert view
Expert from Email Geeks explains that Google's Chrome team views Encert as intentionally violating CA requirements and breaking rules, leading to the potential "certificate authority death penalty".
10 Feb 2024 - Email Geeks
What the documentation says
3 technical articles
DigiCert, Entrust, and Sectigo all provide Verified Mark Certificates (VMCs) that are essential for BIMI implementation. These certificates, issued by recognized Certificate Authorities, enable organizations to display their logos in email inboxes. Each provider adheres to BIMI standards, with each documentation explaining the process of acquiring and implementing a VMC.
Key findings
- VMC Essential for BIMI: A Verified Mark Certificate (VMC) is necessary for BIMI implementation.
- Recognized Certificate Authorities: VMCs must be issued by a recognized Certificate Authority.
- Logo Display: VMCs allow organizations to display their logos in email inboxes.
Key considerations
- Standard Adherence: Ensure that the chosen VMC provider adheres to BIMI standards.
- Acquisition Process: Understand the specific steps to acquire and implement a VMC from each provider.
- Provider Options: Consider options from multiple providers like DigiCert, Entrust, and Sectigo.
Technical article
Documentation from Sectigo explains that a VMC (Verified Mark Certificate) is essential for BIMI implementation and outlines the steps to acquire and implement a VMC to display brand logos in supporting email clients.
2 Aug 2023 - Sectigo
Technical article
Documentation from Entrust describes their VMC (Verified Mark Certificate) offering for BIMI, emphasizing that their certificates help organizations display their logos in email inboxes. The Entrust Documentation explains their approach to providing VMCs and how they align with BIMI standards.
14 Apr 2022 - Entrust
Do I need a VMC for BIMI to work with Google and Gmail?
Does domain/IP reputation affect BIMI logo display with VMC?
How can I prepare a logo for BIMI/VMC without using Adobe Illustrator?
How do I implement a blue check mark on Gmail with BIMI and VMC?
How do I implement BIMI and get my logo to show in Gmail and Yahoo Mail?
How do I implement BIMI for email verification in Gmail and Yahoo?
How do I set up BIMI? Is a VMC certificate always required?
Is DigiCert the only working VMC issuer for Google BIMI?
What are the BIMI requirements for SVG files and Yahoo brand recognition?
