Brand Indicators for Message Identification (BIMI) is gaining traction, allowing companies to display their trademarked logos next to their authenticated emails in supporting inboxes.
To fully implement BIMI and ensure your logo appears for major providers like Google and Yahoo, a Verified Mark Certificate (VMC) is often required. This certificate acts as a digital seal of authenticity for your brand's logo. However, the process of obtaining a VMC involves several steps, and one common question that arises is whether a notary is required.
The short answer is: Yes, in many cases, a notary or an equivalent identity verification process has been, and in some contexts still is, a critical part of obtaining a VMC. This requirement stems from the need for Certificate Authorities (CAs) to rigorously verify the identity of the applicant and their right to use the trademarked logo associated with the VMC.
This detailed verification process is designed to prevent brand impersonation and enhance the trustworthiness of email communication, which is a core goal of BIMI. Let's delve into why a notary is (or was) involved and what this means for your VMC application.
The VMC verification process
Obtaining a VMC is a rigorous process, similar to acquiring an Extended Validation (EV) SSL certificate. The goal is to bind a verified trademarked logo to your domain, ensuring that only legitimate senders can display it.
One of the key requirements for a VMC is that your domain must have a DMARC policy enforced at either a quarantine (p=quarantine) or reject (p=reject) level. This strong DMARC policy provides a foundational layer of email authentication, critical for VMC eligibility.
Beyond DMARC, the logo itself must be a registered trademark in a recognized jurisdiction. This ensures the company legally owns the mark it wishes to display. The verification process then focuses on confirming the legitimacy of the requesting organization and its authorized representative. For more information on VMC eligibility, you can refer to the BIMI Group's VMC Guidelines.
The Certified Authority (CA) will verify your organization's legal existence, operational presence, and that the individual applying for the VMC is indeed authorized by the organization. This is where the notary comes in.
The role of a notary (or equivalent)
Historically, and still commonly, Certificate Authorities (CAs) like DigiCert and Entrust (or their successors) require face-to-face validation to confirm the identity of the applicant. This validation can be performed by an employee of the CA, a Latin Notary, or a Notary Public. The notary's role is to verify the identity of the person signing the VMC declaration and to attest that the person is who they claim to be.
This typically involves the applicant presenting government-issued identification to the notary, who then certifies the signature on the VMC application documents. Some CAs may also require notarized copies of corporate documents or proof of employment for the individual requesting the certificate.
The rigor of this process is designed to ensure maximum trust in the VMC. By requiring an independent third party (the notary) to verify identity, CAs add a layer of security that helps prevent fraudulent VMC issuance, thereby protecting brands and email recipients from phishing and spoofing attempts. Even if you're not on a blocklist (or blacklist), maintaining strong authentication like VMC is crucial for your overall email security posture.
While a notary has been a standard part, some CAs have introduced alternative methods. For instance, some providers may allow identity verification via a video call directly with a CA representative, which might reduce the need for an in-person notary meeting. However, it's essential to confirm the specific requirements with your chosen BIMI accredited certificate provider.
Evolution of VMC verification requirements
The exact requirements for VMC validation can vary slightly between Certificate Authorities and may evolve over time. The BIMI Group’s VMC guidelines outline the framework, but CAs interpret and implement these guidelines into their specific processes.
For some time, a physical notary was a very common, if not universal, requirement. This often meant scheduling an appointment, sometimes even in unconventional locations, to get the necessary documents signed and verified. However, as the VMC adoption has matured, some CAs have explored more flexible approaches.
The evolution of these requirements is aimed at balancing stringent security with practical accessibility. While the core principle of strong identity verification remains, the methods for achieving it might expand to include remote options where feasible, especially for global organizations.
It's important to remember that the primary goal is robust validation of your brand and the authorized individual, regardless of the specific method used. Ensuring your domain meets all BIMI requirements, including DMARC enforcement and trademark validation, is paramount.
Traditional verification
In-person meeting: Requires a physical meeting with a notary public to verify identity and witness signatures on official documents.
Document notarization: Submission of notarized copies of identity documents, corporate registration, and authorization letters.
Time intensive: Can add significant time and logistical challenges to the VMC issuance process, especially for international applicants.
Modernized verification
Video call verification: Some CAs now offer video conferencing with a CA representative to verify identity and review documents.
Digital identity platforms: Emerging use of secure digital identity verification services, reducing reliance on physical notaries.
Streamlined process: Potentially faster and more convenient for applicants, especially those in different time zones or remote locations.
Regardless of the specific method, the core requirement remains: robust verification of the applicant's identity and their organizational authority. This ensures the integrity of the VMC and the trust placed in BIMI logos. When considering your VMC application, it's always best to consult the latest guidelines from your chosen Certificate Authority.
Navigating the verification landscape
For organizations in regions where notary services are less common, or during periods of restricted travel, the notary requirement can pose a significant hurdle. In such scenarios, exploring CAs that offer virtual verification options, like video calls with their representatives, becomes crucial.
Additionally, ensuring all your documentation is perfectly in order beforehand can help expedite the process, regardless of the verification method. This includes having your trademark registration details readily available and your DMARC policy fully enforced. Remember, expediting the VMC issuance process often comes down to preparedness.
While the notary requirement may seem like an extra step, it underscores the importance of VMC in building trust and combating email fraud. It's a small price to pay for the enhanced brand visibility and security that BIMI provides, which contributes to better email deliverability.
Views from the trenches
Best practices
Always confirm the latest VMC verification requirements directly with your chosen Certificate Authority (CA) before starting the application process.
Ensure your organization's DMARC policy is set to 'quarantine' or 'reject' well in advance of applying for a VMC, as this is a fundamental prerequisite.
Have all necessary legal and identity documents ready, including proof of trademark ownership and authorization for the applying individual, to avoid delays.
Consider working with a CA that offers flexible verification methods, such as video calls, if in-person notary services are challenging in your region.
Common pitfalls
Assuming a notary is never required, leading to unexpected delays when the CA requests notarized documents or in-person verification.
Not having a properly registered trademark, or having one registered in a jurisdiction not recognized by the VMC guidelines.
Attempting to apply for a VMC without a DMARC policy enforced at 'quarantine' or 'reject', which will result in immediate disqualification.
Underestimating the time and effort required for the identity verification steps, especially if international notarization is involved.
Expert tips
Research which VMC issuers are officially recognized by major email providers like Google and Yahoo.
Be prepared for a thorough vetting process; the strictness is for your brand's protection against impersonation.
If meeting a notary in person, ensure they are familiar with remote online notarization (RON) if applicable in your jurisdiction.
Keep communication clear and prompt with your chosen CA to address any queries quickly and ensure a smooth verification flow.
Marketer view
Marketer from Email Geeks says a notary is currently required for VMC acquisition.
2022-03-18 - Email Geeks
Marketer view
Marketer from Email Geeks says they can confirm the notary requirement for VMC.
2022-03-18 - Email Geeks
Final considerations for VMC and BIMI
The question of whether a notary is required for a VMC is nuanced, with the answer often depending on the specific Certificate Authority and the latest verification standards. While a notary (or an equivalent face-to-face verification) has been a common and often mandatory step, the industry is seeing some flexibility emerge, with options like video calls gaining traction.
The key takeaway is that robust identity and authorization verification is an indispensable part of the VMC issuance process. This ensures that only legitimate brand owners can display their logos, strengthening the trust in email communications. By understanding these requirements and preparing thoroughly, you can successfully navigate the VMC application and unlock the full potential of BIMI for your brand.
Google and Yahoo, a Verified Mark Certificate (VMC) is often required. This certificate acts as a digital seal of authenticity for your brand's logo. However, the process of obtaining a VMC involves several steps, and one common question that arises is whether a notary is required.
DigiCert and 
Entrust (or their successors) require face-to-face validation to confirm the identity of the applicant. This validation can be performed by an employee of the CA, a Latin Notary, or a Notary Public. The notary's role is to verify the identity of the person signing the VMC declaration and to attest that the person is who they claim to be.
