When delving into email deliverability and brand presence, Brand Indicators for Message Identification (BIMI) often comes up as a key topic. It promises to display your brand's logo right in the recipient's inbox, which sounds like a fantastic way to boost trust and recognition. However, a common question that arises is whether a Verified Mark Certificate (VMC) is an absolute necessity for BIMI implementation.
The straightforward answer is, it depends on which mailbox providers you want your logo to appear on. While BIMI itself does not universally mandate a VMC, several major players, including Google and Apple, do require it for the logo to be displayed.
This guide will explore the nuances of VMC requirements for BIMI, helping you understand when it's essential and what benefits it brings. We will also touch on the implementation process and provide insights into ensuring your brand's logo shines in every inbox that supports BIMI.
What are BIMI and VMC?
BIMI, or Brand Indicators for Message Identification, is an email specification that allows organizations to display their brand's logo next to their authenticated email messages in supporting inboxes. It's built on top of robust email authentication protocols like DMARC, SPF, and DKIM, ensuring that only legitimate senders can display their logos. The primary goal of BIMI is to enhance brand recognition and trust, giving recipients a visual cue that an email is genuinely from the claimed sender.
A Verified Mark Certificate (VMC) is a digital certificate that verifies the ownership of a logo. Issued by a trusted Certificate Authority (CA), a VMC confirms that your organization has the legal right to use the trademarked logo you wish to display via BIMI. This certificate is crucial for establishing the authenticity of your visual brand identity in the inbox, providing an extra layer of assurance against phishing and brand impersonation. Without a VMC, there's no official, third-party verification that the logo belongs to your brand.
While BIMI itself enables the display of logos, the VMC acts as the necessary validation step for certain email providers. It ensures that the logo displayed is indeed a registered trademark and is owned by the sending organization. This distinction is key because it influences where and how your logo appears.
BIMI without a VMC
Requirements: Requires a DMARC policy set to enforcement (p=quarantine or p=reject), a properly formatted SVG logo, and a BIMI DNS record.
Display: Your logo may appear in inboxes that support self-asserted BIMI, such as Yahoo Mail.
Trust Level: Provides basic brand recognition, but lacks the verified trust of a VMC.
Mailbox provider requirements
While the core BIMI standard does not strictly require a VMC, major email service providers (ESPs) have implemented their own policies that often make a VMC a de facto requirement for full logo display. The most notable examples are Google and Apple. Both of these providers, which collectively handle a vast portion of global email traffic, mandate a VMC for your logo to be displayed in their inboxes alongside authenticated messages.
For Gmail users, a VMC is essential if you want your logo to appear. Similarly, Apple Mail also requires a VMC. This means that if your target audience uses these platforms, obtaining a VMC isn't just an option, but a critical step to ensure your BIMI implementation is effective. Without it, your carefully crafted logo might simply not show up.
However, not all mailbox providers have this strict requirement. Some, like Fastmail, may display your logo with a self-asserted BIMI record, even without a VMC. This means you can still leverage BIMI to some extent without the certificate, but your reach will be limited to these less stringent providers. The decision often comes down to your audience demographics and how critical it is for your logo to appear across the widest possible range of inboxes.
For a comprehensive list, you can check various resources like the BIMI Group's official page on BIMI support and requirements, which is frequently updated.
Why a VMC is important
Even if a VMC isn't strictly mandated by all mailbox providers, its benefits extend far beyond simple logo display. A VMC significantly elevates the level of trust and authenticity associated with your email communications. It signifies that your brand's logo is not just present, but has been verified as a registered trademark by a reputable third-party Certificate Authority (CA).
This verified status is particularly important in an era rife with phishing and brand impersonation attacks. When recipients see a logo accompanied by a verified indicator (like Gmail's blue checkmark), they are far more likely to open and interact with your emails, knowing they are legitimate. This directly contributes to improved email deliverability and engagement rates.
Furthermore, a VMC reinforces your brand's overall digital security posture. It demonstrates a commitment to email authentication best practices, which can positively influence how mailbox providers perceive your sending reputation. In a competitive inbox, standing out with a verified logo can provide a significant advantage, increasing both brand recall and customer confidence. You can learn more about the business value of BIMI in our dedicated guide.
BIMI with VMC
Trust: Highest level of trust, verified by a Certificate Authority.
Visibility: Logo displayed across major providers including Gmail and Apple Mail.
Security: Enhanced protection against phishing and brand abuse.
Requirement: Requires a registered trademark for your logo.
BIMI without VMC (Self-Asserted)
Trust: Relies solely on your domain's DMARC policy for authentication.
Visibility: Limited to providers that accept self-asserted BIMI, like AOL and Verizon.
Security: Less stringent verification, higher risk of brand impersonation.
Requirement: Does not require a trademarked logo or VMC.
Implementation steps and considerations
Implementing BIMI, whether with or without a VMC, follows a set of foundational steps. First and foremost, you must have a DMARC policy enforced for your domain (i.e., set to p=quarantine or p=reject). This ensures that your emails are properly authenticated via SPF and DKIM, and that unauthenticated emails are handled according to your policy. Without this, BIMI will not function.
Next, you need a logo that meets the specific requirements for BIMI, typically an SVG file. If you decide to pursue a VMC, your logo must be a registered trademark in one of the accepted trademark jurisdictions. Once your logo is trademarked, you can obtain a VMC from a recognized Certificate Authority (CA) that issues them, such as DigiCert or Entrust. This involves a validation process to confirm your ownership of the trademark.
Finally, you publish a BIMI record in your DNS, which is a TXT record that points to the URL of your SVG logo and, if you have one, your VMC. Testing and validating your BIMI setup is crucial to ensure everything is configured correctly and your logo displays as intended across various email clients. For detailed steps on the setup, you can refer to our guide on how to set up BIMI. A typical BIMI DNS record with a VMC would look like this:
Remember, even if you can implement BIMI without a VMC for some providers, the full benefits of enhanced trust and wider display come with the Verified Mark Certificate. The investment in a VMC is an investment in your brand's security and visibility in the digital landscape.
Views from the trenches
Best practices
Ensure your DMARC policy is at enforcement (p=quarantine or p=reject) before attempting BIMI.
Trademark your logo in an accepted jurisdiction if you plan to obtain a VMC for broad support.
Use a reputable Certificate Authority for your VMC to avoid compatibility issues.
Regularly monitor your BIMI record and logo URL to prevent display issues.
Common pitfalls
Expecting your logo to appear everywhere without a VMC, especially in Gmail or Apple Mail.
Not having a properly trademarked logo, which prevents VMC acquisition.
Ignoring DMARC alignment, which is a prerequisite for BIMI to function.
Using an SVG logo that doesn't meet BIMI's specific formatting requirements.
Expert tips
Consider starting with self-asserted BIMI to gain initial experience and monitor its impact.
Prioritize VMC acquisition if your primary audience uses Google or Apple email services.
Leverage BIMI as part of a broader email security strategy, including DMARC monitoring and
domain reputation management.
Expert view
Expert from Email Geeks says some mailbox providers, like Google and Apple, do require a VMC for BIMI to be displayed, so it's often a worthwhile investment.
2024-04-15 - Email Geeks
Marketer view
Marketer from Email Geeks says only Yahoo and Fastmail currently do not require a VMC for BIMI to work.
2024-04-15 - Email Geeks
The strategic value of VMC for BIMI
In summary, while a VMC is not technically mandatory for every single BIMI implementation, it is practically indispensable for achieving widespread logo display across the most influential email platforms. For brands serious about maximizing their presence and building trust in the inbox, obtaining a VMC is a crucial step.
It adds a layer of verified authenticity that a self-asserted BIMI record simply cannot provide, especially with providers like Google and Apple setting the standard. By investing in a VMC, you not only comply with their requirements but also enhance your email deliverability, strengthen your brand's credibility, and protect against impersonation. This strategic investment helps ensure your brand's logo consistently reaches and resonates with your audience.
Apple, do require it for the logo to be displayed.
Yahoo Mail.
Fastmail, may display your logo with a self-asserted BIMI record, even without a VMC. This means you can still leverage BIMI to some extent without the certificate, but your reach will be limited to these less stringent providers. The decision often comes down to your audience demographics and how critical it is for your logo to appear across the widest possible range of inboxes.
Gmail and 
AOL and 
Verizon.
