How will VMCs be adopted following Gmail's BIMI pilot launch and DMARC discussions?

Key findings

• DMARC requirement: BIMI mandates a DMARC policy at quarantine or reject for the organizational domain, ensuring strong email authentication before logos are displayed.
• VMC necessity: While some early BIMI implementations allowed for self-signed logos, Gmail's pilot and full rollout emphasize the requirement for a Verified Mark Certificate to display the logo reliably.
• Brand trust: The primary goal of BIMI and VMCs is to increase consumer trust in email by visually confirming the sender's identity, thus reducing phishing risks.
• Pilot expansion: Google's Gmail pilot signifies broader industry acceptance and the potential for increased adoption rates across other mailbox providers.

Key considerations

• DMARC policy enforcement: Organizations must ensure their DMARC records are configured correctly and set to an enforcement policy (p=quarantine or p=reject) to be eligible for BIMI.
• Logo trademark: A key VMC requirement is that the logo must be trademarked in the relevant jurisdictions, adding a legal and financial layer to adoption.
• Cost of VMCs: The cost associated with obtaining and maintaining VMCs could be a barrier for some smaller businesses, impacting widespread adoption.
• User experience data: The long-term success and adoption of VMCs and BIMI will depend on empirical data demonstrating their actual impact on user behavior and engagement.

Key opinions

• Mixed reactions: Some marketers are enthusiastic about the enhanced branding and trust, while others are wary of added complexities and costs.
• Deliverability impact: Many focus on whether BIMI will truly improve email deliverability rates or just add another layer of technical requirements.
• ROI concerns: Marketers are looking for clear data on how BIMI and VMCs translate into tangible benefits, such as improved open rates or conversions.
• Implementation challenges: The technical setup, including DMARC enforcement and VMC acquisition, is seen as a potential hurdle for many organizations.

Key considerations

• Strategic planning: Marketers need to assess the strategic value of BIMI for their specific brand and audience before committing resources.
• Technical expertise: Ensuring the necessary technical expertise for DMARC implementation and VMC setup is crucial to avoid emails going to spam.
• Trademark considerations: Brands without registered trademarks will need to factor in the time and cost of obtaining one if they wish to use VMCs.
• Evolving standards: Staying updated with the evolving BIMI standards and mailbox provider requirements is important for consistent logo display.

Key opinions

• Security enhancement: BIMI with VMCs significantly strengthens email security by visually authenticating senders, making it harder for spoofers to trick recipients.
• DMARC prerequisite: Experts consistently reiterate that a robust DMARC implementation at an enforcement policy is non-negotiable for BIMI eligibility. Learning about DMARC, SPF, and DKIM is essential.
• Brand visibility: Beyond security, the visual display of a brand's logo in the inbox offers a significant marketing advantage and builds brand recognition.
• Ecosystem readiness: The readiness of mail providers and certification authorities to support VMCs will heavily influence their widespread adoption.

Key considerations

• Policy enforcement challenges: Moving to a p=quarantine or p=reject DMARC policy requires careful monitoring to ensure legitimate emails are not blocked, potentially involving a gradual transition strategy.
• Cost vs. benefit analysis: Organizations must weigh the costs of VMCs and trademarking against the perceived benefits in brand trust and engagement.
• Scalability: For companies with multiple brands or domains, managing VMCs and DMARC policies across all sending entities can be complex.
• Universal adoption: The full impact of BIMI will only be realized with widespread adoption across all major mailbox providers, as highlighted by Google's ongoing support.

Key findings

• Mandatory DMARC enforcement: BIMI requires a DMARC policy of p=quarantine or p=reject for the organizational domain. A DMARC policy at 'none' will not enable BIMI.
• SVG format for logos: Logos must be in Scalable Vector Graphics (SVG) format, specifically SVG Tiny 1.2, and hosted publicly via HTTPS.
• VMC accreditation: Verified Mark Certificates must be issued by a BIMI-accredited Certification Authority. These CAs verify trademark ownership.
• Trademark requirement: The logo must be a registered trademark with a recognized intellectual property office to be eligible for a VMC, as stated by the BIMI Group.

Key considerations

• DNS record updates: A new DNS TXT record (the BIMI record) must be published that points to the SVG logo and the VMC.
• Compliance with specifications: Strict adherence to the BIMI specifications for SVG formatting, DMARC, and VMC linking is critical for successful implementation.
• Certificate renewal: VMCs, like other digital certificates, have an expiration date and must be renewed to ensure continuous logo display.
• Provider support variations: While Google supports BIMI with VMCs, other providers might have different BIMI implementation requirements or levels of support.