Before we dive into the specifics of the cert= parameter, it's important to understand what BIMI (Brand Indicators for Message Identification) is. BIMI is an email specification that allows you to display your brand's logo next to your messages in the recipient's inbox. It's a powerful way to increase brand recognition and trust, but it relies on a series of verification steps to work correctly. One of the key components of this verification process is the BIMI record itself, a TXT record that lives in your DNS.
The cert= parameter within a BIMI record is the field that contains the URL of your Verified Mark Certificate (VMC). This certificate is a crucial piece of the puzzle for getting your logo to display in major mailbox providers like Gmail. Essentially, the cert= parameter is the authority claim; it points to a digitally signed certificate that proves you have the legal right to use the logo you're associating with your domain.
A VMC is a digital certificate that verifies the authenticity of a brand's logo. To get one, you must first have a registered trademark for your logo. A Certificate Authority (CA) then validates your trademark and your organization's identity before issuing the VMC. This process ensures that only legitimate brand owners can use the BIMI standard to its full potential.
So, the purpose of the cert= parameter is to provide mailbox providers with a path to this certificate, allowing them to programmatically verify your logo's authenticity. Without a valid VMC referenced in this parameter, providers that require it will simply ignore your BIMI record, and your logo won't be displayed.
It is technically possible to have a BIMI record without a cert= parameter. This is often referred to as a "self-asserted" BIMI record. In this case, you are simply pointing to your logo file without the backing of a VMC.
Here's how the two types of BIMI records differ in structure and support:
In short, the purpose of the cert= parameter in your BIMI record is to provide the required proof of logo ownership through a Verified Mark Certificate. While not strictly mandatory for a BIMI record to exist, it is essential for achieving the primary goal of BIMI: displaying your logo in the inboxes of major email providers like Gmail, which rely on this verification to prevent impersonation and build a more trustworthy email ecosystem.