How will VMCs be adopted following Gmail's BIMI pilot launch and DMARC discussions?
Matthew Whittaker
Co-founder & CTO, Suped
Published 29 Jun 2025
Updated 18 Aug 2025
7 min read
The email landscape is constantly evolving, with new standards emerging to combat fraud and enhance brand trust. Brand Indicators for Message Identification (BIMI) and Verified Mark Certificates (VMCs) represent a significant step in this direction. These technologies allow legitimate brands to display their official, trademarked logos directly in the inbox, provided they meet strict authentication requirements.
The launch of Gmail's BIMI pilot marked a pivotal moment, signaling a major email provider's commitment to visual brand verification. This move sparked considerable discussion within the email community, particularly concerning the mandatory nature of VMCs for BIMI implementation in Gmail and its potential impact on DMARC adoption rates.
The big question now is, how will VMCs be adopted on a broader scale, especially in the wake of Gmail's continued support and ongoing DMARC discussions? Many anticipate that Gmail’s influence will drive significant changes in email authentication practices, pushing more organizations towards stronger security measures.
VMCs are essentially digital certificates that verify the ownership of a brand's logo. When coupled with BIMI, they provide a visual assurance to recipients that an email truly originates from the claimed sender. This level of verification goes beyond traditional email authentication by linking a trademarked logo directly to the authenticated sending domain.
Before the Gmail BIMI pilot, VMCs were optional for some mailbox providers that supported BIMI, like Verizon Media Group domains (Yahoo.com, Aol.com, Verizon.net). However, Gmail made VMCs a requirement for its pilot participants, signaling a stronger stance on identity verification. This requirement ensures that only legally registered and verified logos are displayed, significantly reducing opportunities for brand impersonation.
This strategic move by Google is expected to accelerate VMC adoption. As more organizations seek to leverage the visual branding benefits of BIMI in Gmail, they will inherently need to obtain VMCs. This creates a powerful incentive for brands to invest in this higher level of email authentication, improving the overall security of the email ecosystem.
Why VMCs are essential
Brand trust: Displays a verified logo, building instant recognition and trust with recipients.
Anti-spoofing: Authenticates the sender's visual identity, making it harder for phishers to impersonate brands.
Engagement boost: Helps emails stand out in a crowded inbox, potentially increasing open rates.
DMARC: the foundational requirement
At the core of BIMI, and by extension VMCs, is DMARC, or Domain-based Message Authentication, Reporting & Conformance. DMARC builds upon SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to provide a robust framework for email authentication. For BIMI to work, a sender's DMARC policy must be set to p=quarantine or p=reject, meaning that unauthenticated emails from your domain are either quarantined or rejected, rather than delivered to the recipient's inbox.
The discussions around DMARC, particularly its effectiveness and adoption challenges, are ongoing. While DMARC is critical for preventing email spoofing and phishing, many organizations still operate with a p=none policy, which provides monitoring but no enforcement. Gmail's strict VMC requirement for BIMI is a powerful incentive for senders to move to an enforcement policy, as it's the only way to unlock the visual benefits of their brand logo in the inbox.
Implementing a DMARC policy with enforcement, alongside the correct BIMI DNS record, can be complex. It requires careful monitoring of DMARC reports to identify and fix any legitimate email streams that might fail authentication. However, the benefits of enhanced deliverability, brand protection, and trust make the effort worthwhile.
Emails failing DMARC authentication are still delivered to the inbox.
Primary use is to gather data and identify legitimate email sources.
Does not actively prevent spoofing, only provides visibility.
p=quarantine or p=reject (enforcement)
Emails failing DMARC are moved to spam (quarantine) or blocked entirely (reject).
Essential for leveraging BIMI and displaying your brand logo.
Actively protects your brand from phishing and impersonation attempts.
Factors influencing VMC adoption
Several factors will influence the speed and breadth of VMC adoption. The primary drivers include the perceived value by senders, the cost and complexity of obtaining VMCs, and the support from various mailbox providers and email clients. As more organizations understand the impact on brand visibility and email security, the demand for VMCs will likely increase.
The cost associated with acquiring and maintaining a VMC is a consideration for some businesses. VMCs require validation from accredited Certification Authorities, which involves a vetting process. While this ensures a high level of trust, it adds a financial and administrative layer that companies must account for.
Furthermore, the adoption by other major mailbox providers beyond Gmail will play a crucial role. If companies like Yahoo or Microsoft decide to make VMCs mandatory for BIMI logo display, we will see a rapid acceleration in adoption across the board. This collective push from major inbox providers is what truly drives industry-wide changes in email standards.
Factor
Impact on VMC Adoption
Brand value
Higher brand visibility and trust encourage investment in VMCs.
Cost and complexity
Perceived high cost or technical hurdles can slow adoption.
Required for BIMI and VMC, increasing overall email security.
Challenges and the path forward
Despite the clear advantages, several challenges could impede the rapid and widespread adoption of VMCs. One significant hurdle is the investment required, not just in terms of certificate costs but also the technical effort to ensure DMARC is properly configured and at an enforcement policy. For organizations with complex email infrastructures, this can be a daunting task.
Another challenge is awareness. While email security professionals are keenly aware of BIMI and VMCs, many marketers and business leaders may not fully grasp their importance or the return on investment. Education and clear communication of the benefits will be vital in driving adoption, particularly for smaller businesses that may lack dedicated resources for email deliverability.
Looking ahead, the path forward involves continued collaboration among email providers, technology vendors, and certification authorities to streamline the VMC acquisition process and reduce barriers to entry. The goal is to make visual brand verification a ubiquitous standard, significantly enhancing the security and trustworthiness of email for everyone.
Overcoming VMC hurdles
Simplify process: Streamline VMC application and renewal to reduce administrative burden.
Educate stakeholders: Clearly communicate the benefits to decision-makers and marketing teams.
Tooling and support: Develop tools to assist with DMARC implementation and BIMI validation.
Views from the trenches
Best practices
Ensure your DMARC policy is at quarantine or reject for BIMI enablement.
Verify your trademarked logo meets BIMI SVG requirements before applying for a VMC.
Monitor DMARC reports closely to troubleshoot authentication failures proactively.
Common pitfalls
Failing to address DMARC authentication issues before moving to enforcement.
Using a logo that is not federally registered, which disqualifies it for a VMC.
Ignoring mailbox provider specific requirements for BIMI and VMC display.
Expert tips
Consider a phased rollout of DMARC enforcement for larger domains.
Partner with a DMARC or BIMI specialist for complex implementations.
Stay updated on changes in BIMI and VMC requirements from major mailbox providers.
Expert view
Expert from Email Geeks says they waded into the DMARC discussion over on the IETF list because they wanted to see if the Gmail pilot would actually improve uptake and move to p=reject, or if the whole protocol is based on an inaccurate and overly simplistic model of email.
2020-07-21 - Email Geeks
Marketer view
Marketer from Email Geeks says that all those threads started in the last few weeks have so much BS and posturing and talk about "user" behavior that it is getting painful to watch.
2020-07-21 - Email Geeks
The evolving email landscape
The Gmail BIMI pilot's embrace of VMCs has undeniably set a precedent for the future of email authentication. By requiring Verified Mark Certificates for logo display, Gmail has underscored the importance of strong, verifiable brand identity in combating email fraud and enhancing user trust.
While challenges related to cost, complexity, and widespread awareness persist, the clear benefits of VMCs in terms of brand recognition and security are powerful motivators. The ongoing DMARC discussions also highlight a critical underlying factor, a robust DMARC enforcement policy is non-negotiable for achieving full BIMI compliance.
As the email ecosystem continues to prioritize security and trust, we expect to see increasing adoption of VMCs, driven by leading mailbox providers and the growing recognition among brands that a visually authenticated presence in the inbox is no longer a luxury, but a necessity.
Google is expected to accelerate VMC adoption. As more organizations seek to leverage the visual branding benefits of BIMI in Gmail, they will inherently need to obtain VMCs. This creates a powerful incentive for brands to invest in this higher level of email authentication, improving the overall security of the email ecosystem.
Yahoo or 
Microsoft decide to make VMCs mandatory for BIMI logo display, we will see a rapid acceleration in adoption across the board. This collective push from major inbox providers is what truly drives industry-wide changes in email standards.
