What is the Gmail blue check mark?

The Gmail blue check mark is a visual indicator that verifies the sender's identity. It appears next to the sender's name in the inbox and signifies that the email has been authenticated using BIMI (Brand Indicators for Message Identification) and a Verified Mark Certificate (VMC), confirming the sender's legitimacy and trademark ownership.

What are the core requirements to implement the blue check mark?

To get the blue check mark, your domain must have a DMARC policy enforced (p=quarantine or p=reject). Your logo must be a legally registered trademark. You need to convert your logo to an SVG Tiny 1.2 file and host it securely over HTTPS. Finally, you must obtain a Verified Mark Certificate (VMC) from an authorized provider and include its URL in your BIMI DNS record.

Is a VMC mandatory for the Gmail blue check mark?

Yes, for Gmail to display the blue check mark, a VMC is currently a mandatory requirement. The VMC verifies the ownership of your trademarked logo, providing the necessary assurance to Google that your brand is authentic and authorized to display the logo.

Why isn't my blue check mark showing up despite implementing BIMI and VMC?

Common reasons include: DMARC not being enforced, an improperly formatted SVG logo, an expired or invalid VMC, or poor sender reputation that leads to your emails being flagged as spam. Ensuring all prerequisites are met and maintaining good email practices are key.

What is the typical cost associated with obtaining a VMC?

The cost of a VMC can vary depending on the Certificate Authority. Generally, you can expect an annual fee ranging from a few hundred to over a thousand dollars for the certificate. It's an investment in your brand's verified identity.

How do I implement a blue check mark on Gmail with BIMI and VMC? - Technical - Email deliverability - Knowledge base

The blue check mark that appears next to a sender's name in Gmail is a powerful visual cue. It signifies that the sender's identity has been verified by Google, adding an immediate layer of trust and authenticity to your email communications. For brands, this isn't just about aesthetics, it's about boosting recipient confidence and improving overall email engagement.

This check mark is a direct outcome of successfully implementing Brand Indicators for Message Identification (BIMI) in conjunction with a Verified Mark Certificate (VMC). While BIMI itself allows your logo to be displayed in the inbox, the VMC is what provides the necessary verification for Google (and others like Apple Mail) to display that coveted blue tick.

Implementing this setup requires careful adherence to specific technical and legal requirements. I will guide you through the process, covering everything from the essential prerequisites to the exact steps needed to get your brand the blue check mark in Gmail.

Understanding BIMI and VMC

To truly understand how to implement the blue check mark, it's essential to first grasp the roles of BIMI and VMC. These two standards work hand-in-hand to verify your brand's identity and display your logo within the email client, with the VMC being the critical component that unlocks the blue verification badge on platforms like Gmail.

Brand Indicators for Message Identification (BIMI)

BIMI is an email specification that allows organizations to display their brand logo next to their authenticated emails in supporting inboxes. It's a DNS TXT record that points to the location of your brand's official logo (in a specific SVG format) and, if required by the mailbox provider, to a Verified Mark Certificate (VMC).

While BIMI significantly enhances brand visibility and trust, its primary function is to serve as a mechanism for displaying your logo. The verification checkmark itself is a separate, additional layer of trust provided by specific email providers when a VMC is also present.

Verified Mark Certificates (VMC)

A VMC is a digital certificate that verifies the ownership of your brand's logo, linking it directly to your domain and a legally registered trademark. This certificate is issued by a trusted Certificate Authority (CA) or Mark Verifying Authority (MVA) after a rigorous validation process. For Gmail to display the blue check mark, having a VMC is a non-negotiable requirement. This is because Verified Mark Certificates and BIMI ensure that the logo displayed is indeed legitimate and owned by the sending entity, preventing brand impersonation.

It's important to note that some mailbox providers (not Gmail or Apple Mail, however) might support BIMI without requiring a VMC, allowing you to display your logo without the added layer of verification that a VMC provides. However, for the coveted blue check mark in Google Workspace's BIMI setup, a VMC is currently essential.

Prerequisites for implementation

Before you can even think about obtaining a VMC or setting up your BIMI record, several critical prerequisites must be met. These foundational steps ensure that your domain is properly authenticated and that your brand logo meets the necessary legal and technical specifications.

DMARC enforcement with a strict policy

The most fundamental requirement for BIMI, and by extension the Gmail blue check mark, is a properly configured and enforced DMARC policy. Your domain must have a DMARC record with a policy set to either p=quarantine or p=reject. This strict enforcement policy is crucial because it tells mailbox providers that you have full control over your email sending and that any unauthenticated emails should be treated as suspicious. It also prevents domain spoofing and phishing attacks.

Without this enforced DMARC policy, even if all other BIMI and VMC elements are perfectly configured, the blue check mark (and often the logo itself) will not appear. You can learn more about how to set up DMARC for BIMI.

Trademarked brand logo

For a VMC to be issued, your brand's logo must be legally registered as a trademark with an accepted trademark office. This ensures that the logo belongs to your organization and prevents unauthorized use. The VMC issuing authority will verify this trademark as part of their validation process.

SVG logo file format

Your logo must be in Scalable Vector Graphics (SVG) Tiny 1.2 format, hosted over HTTPS. This specific format is required for security and scalability, as it allows the logo to render cleanly across various email clients and screen sizes without pixelation. Ensure your SVG is properly formatted and accessible via a public URL.

BIMI prerequisites checklist

DMARC policy enforced: Your domain has a p=quarantine or p=reject policy in place.
Trademark registration: Your logo is a legally registered trademark.
SVG file format: Your logo is converted to a secure SVG Tiny 1.2 file.
HTTPS hosting: Your SVG logo is hosted on a publicly accessible HTTPS URL.
Email authentication: Your domain has valid SPF and DKIM records in place and aligned with DMARC.

Step-by-step implementation

Once you've ensured all the prerequisites are met, you can proceed with the technical implementation of BIMI and VMC. This involves several distinct steps, each crucial for the successful display of your logo and the Gmail blue check mark.

Step 1: Obtain a Verified Mark Certificate (VMC)

The first major step is acquiring a VMC from a recognized Certificate Authority (CA) or Mark Verifying Authority (MVA). These are the only entities authorized to issue VMCs. The process typically involves submitting proof of your trademark registration, verifying your organization's identity, and validating domain ownership. Be prepared for a thorough validation process.

VMCs are not free, and their cost can vary, but generally expect an annual fee. Once validated, the MVA will provide you with a Privacy Enhanced Mail (PEM) file, which contains your VMC. This file will be referenced in your BIMI DNS record.

Step 2: Create and publish your BIMI DNS record

With your VMC in hand and your SVG logo hosted, the next step is to create a BIMI TXT record in your Domain Name System (DNS). This record tells supporting email clients where to find your logo and, if applicable, your VMC.

The BIMI record is a TXT record that you add to your domain's DNS. The host should be default._bimi.yourdomain.com, and the value will contain the BIMI version, the URL to your SVG logo, and the URL to your VMC PEM file.

Example BIMI DNS TXT RecordDNS

v=BIMI1;l=https://yourdomain.com/your-logo.svg;a=https://yourdomain.com/your-vmc.pem;

Publish this record through your DNS provider. Once published, it may take some time for the changes to propagate across the internet.

Step 3: Monitor and verify

After publishing your BIMI record, allow some time for DNS propagation and for mailbox providers like

Gmail to detect and process it. There isn't a manual approval process; if your technical setup and domain reputation are in order, the blue check mark should appear automatically. If you encounter issues, tools like BIMI inspectors can help diagnose problems, and resources like troubleshooting guides can be invaluable. Sometimes, the problem could be due to your domain being on a blacklist or blocklist, which negatively impacts deliverability and BIMI display.

Troubleshooting and considerations

While the steps to implement a blue check mark seem straightforward, several factors can impact success. Understanding common pitfalls and important considerations will help you navigate the process more smoothly and ensure your efforts yield the desired outcome.

Common reasons for BIMI/VMC failure

Even with diligent setup, issues can arise that prevent your logo or the blue check mark from appearing. Common culprits include: DMARC policy not enforced (still at p=none or misconfigured), incorrect SVG format (not Tiny 1.2 or not hosted securely), VMC expiry or invalidity, or poor sender reputation. Mailbox providers prioritize security and user experience, so any deviation from the standards can result in non-display. For more troubleshooting, refer to this BIMI logo not showing guide.

The role of sender reputation

Beyond the technical configurations, your domain and IP reputation play a significant role. Mailbox providers, including

Outlook,

Yahoo, and

Gmail, are less likely to display visual cues like BIMI logos or blue check marks if your sending practices are poor or if your domain frequently lands on a blacklist (or blocklist). Maintaining a clean sending history, avoiding spam traps, and adhering to email deliverability best practices are just as important as the technical setup.

If you're facing deliverability issues and your emails are landing in spam folders, your BIMI efforts might be in vain. Focus on improving your domain reputation first, then pursue BIMI and VMC. These signals are built on a foundation of trust and consistent positive sending behavior.

Views from the trenches

Best practices

Ensure your DMARC policy is actively enforced (p=quarantine or p=reject) before attempting BIMI.

Verify your trademark registration is valid and recognized by VMC providers.

Use a robust DMARC monitoring solution to track alignment and reporting over time.

Regularly check your SVG logo file for correct formatting and HTTPS accessibility.

Keep an eye on your sender reputation, as it directly impacts BIMI display.

Common pitfalls

Attempting to implement BIMI without a strict DMARC policy in place.

Using an SVG logo that is not Tiny 1.2 or not hosted securely (HTTPS).

Not having a legally registered trademark for your logo, which prevents VMC issuance.

Failing to renew your VMC, leading to the disappearance of the blue check mark.

Expecting immediate results; DNS propagation and mailbox provider processing take time.

Expert tips

If your logo isn't trademarked, consider a Common Mark Certificate (CMC) as a stepping stone. While it won't give the blue checkmark in Gmail, it still allows logo display in some inboxes.

Work closely with your legal team to ensure your trademark is compliant for VMC purposes.

Test your BIMI implementation using online validators to catch errors early.

Understand that even with perfect setup, poor sending reputation can still impact visibility.

Stay informed about updates from Google and other mailbox providers regarding BIMI and VMC requirements.

Expert view

Expert from Email Geeks says implementing BIMI is the correct approach to getting the checkmark, and it is not only Google that is doing this.

2024-03-13 - Email Geeks

Expert view

Expert from Email Geeks says Google currently requires a VMC to show a BIMI logo, but not all providers have this requirement.

2024-03-14 - Email Geeks

Securing your sender identity

Implementing a blue check mark on Gmail through BIMI and VMC is an investment in your brand's credibility and email security. It requires a meticulous approach, starting with a strong DMARC foundation and culminating in the acquisition and proper configuration of a Verified Mark Certificate and BIMI DNS record.

While the process has its technical and financial requirements, the benefits of enhanced trust, improved brand recognition, and reduced phishing risks make it a worthwhile endeavor for any organization serious about its email presence. By following these steps and maintaining strong email deliverability practices, your brand can proudly display that blue check mark, signaling verified authenticity to every recipient.