Is DigiCert the only working VMC issuer for Google BIMI?

Key findings

• Perceived dominance: Early observations by marketers showed a higher success rate of BIMI logo display with VMCs issued by DigiCert in Google mailboxes, compared to some issued by Entrust.
• Coincidental nature: Experts suggest that any perceived disparity in VMC functionality between DigiCert and Entrust with Google is coincidental, not by design or Google's explicit preference.
• Approved issuers: Both DigiCert and Entrust are listed as accredited VMC issuers by the AuthIndicators Working Group (BIMI Group), indicating their validity for BIMI implementation. You can find more information about VMC issuers on the BIMI Group website.
• Underlying issues: Issues with BIMI logo display are more likely tied to other technical factors, such as incorrect DMARC implementation or SVG logo formatting, rather than the VMC issuer itself.
• DMARC enforcement: A crucial requirement for BIMI is a DMARC policy set to p=quarantine or p=reject. Understanding how to set up DMARC for BIMI is critical.

Key considerations

• Holistic BIMI compliance: A VMC is only one component of BIMI. Ensure all other implementation requirements, such as DMARC alignment and SVG file specifications, are met.
• Continuous monitoring: Even with a VMC, logo display can vary across email clients and may be influenced by Google's evolving rendering algorithms. Regularly check your BIMI implementation.
• Troubleshooting methodology: If your BIMI logo isn't displaying, systematically troubleshoot common issues such as DMARC validation, SVG file errors, or DNS record misconfigurations, before attributing the problem solely to the VMC issuer.
• Distinguish logo types: Understand the difference between a BIMI-verified logo and a standard profile picture or avatar in the recipient's mailbox. Google typically differentiates between these clearly.

Key opinions

• Observed disparities: Marketers frequently noted that VMCs issued by DigiCert appeared to work more reliably with Google, while some from Entrust did not display their logos.
• Questioning exclusivity: The consistent display with DigiCert-issued VMCs led to speculation about whether it would become the only effective issuer for Google BIMI, or if a VMC war was imminent.
• Visual distinction: Marketers appreciated Google's clear distinction between a standard profile picture and a verified BIMI logo in the inbox.
• Demand for transparency: There was interest among marketers for a public list of domains that have successfully implemented BIMI with VMCs, to serve as examples or for testing.
• User experience focus: The primary concern for marketers is ensuring their brand logo displays correctly to enhance email engagement metrics and brand trust.

Key considerations

• Verify implementation: Marketers should not solely rely on visual observation; instead, they should validate their BIMI records through official checkers to ensure all technical requirements are met.
• Beyond VMC issuer: While VMC issuance is crucial, issues can stem from other areas such as DMARC policy enforcement, SVG logo format compliance, or the specific email client's support for BIMI. As The SSL Store explains, a VMC is only part of the setup.
• Avoid hasty conclusions: Perceived inconsistencies in logo display between different VMC issuers might be attributed to unique setup challenges of individual domains rather than a systemic issue with the Certificate Authority (CA).
• Focus on the basics: Ensure your DMARC record is correctly published and enforced, as this is the foundational requirement for BIMI to function correctly.

Key opinions

• No issuer preference: Experts confirm that Google does not inherently favor one VMC issuer over another. Any perceived pattern of DigiCert VMCs working more consistently is a coincidence, not a design feature.
• Accredited CAs: Both DigiCert and Entrust are accredited Certificate Authorities for VMCs, meaning their certificates should function correctly if all other BIMI requirements are met. However, it's worth noting the discussion around Google's broader trust in CAs.
• Beyond the VMC: Failure to display a BIMI logo often points to issues beyond the VMC issuer, such as misconfigured DMARC records, invalid SVG files, or domain reputation problems.
• Privacy of BIMI adopters: The BIMI Group does not publicly share a comprehensive list of domains that have obtained VMCs, limiting the ability to conduct widespread comparative analyses based on observable data.
• Evolving standard: BIMI is still evolving, and email client support and rendering can change. Keeping up with BIMI's implementation requirements is key.

Key considerations

• Comprehensive auditing: When troubleshooting BIMI logo display, conduct a thorough audit of all related DNS records (DMARC, BIMI TXT record) and the SVG file itself. Tools to validate BIMI records are essential.
• DMARC policy strength: Ensure your DMARC policy is at p=quarantine or p=reject and consistently aligned for BIMI to work. This is a non-negotiable requirement.
• SVG file compliance: The SVG logo file must adhere to specific formatting requirements for security and display consistency. Deviations can cause display failures regardless of the VMC.
• Domain reputation: While not directly stated, domain reputation can indirectly influence how lenient email clients are with displaying ancillary features like BIMI logos. A good reputation helps overall deliverability.

Key findings

• Accredited CAs: The BIMI standard supports VMCs from multiple accredited Certificate Authorities. The BIMI Group maintains a list of these CAs, including both DigiCert and Entrust.
• DMARC requirement: BIMI mandates that the sending domain must have a DMARC policy enforced at p=quarantine or p=reject. This is a fundamental prerequisite for BIMI to display.
• Trademark validation: A VMC verifies that the organization has the right to use a specific, registered trademarked logo. This verification process ensures legitimate brand representation.
• SVG file format: The brand logo must be in a specific SVG Tiny PS profile format. Adherence to recommended SVG dimensions and styling is crucial for rendering.
• Publicly available BIMI record: A BIMI record (TXT record in DNS) must be publicly available and correctly configured, pointing to both the SVG logo and the VMC.

Key considerations

• Follow specifications precisely: Any deviation from the technical specifications for DMARC, SVG, or the BIMI DNS record can prevent logo display, regardless of the VMC issuer.
• VMC renewal: VMCs have validity periods, typically one year, and must be renewed to ensure continuous BIMI logo display.
• Geographical limitations: Some CAs may have geographical restrictions on where they can issue VMCs, which can impact businesses in certain regions.
• Interoperability: The BIMI standard aims for interoperability, meaning a VMC from any accredited CA should theoretically work across all supporting email clients, provided all other conditions are met.