What are the key differences between BIMI certificate vendors Entrust and DigiCert?

Key findings

• Functional parity: From a functional standpoint, the Verified Mark Certificates (VMCs) issued by both Entrust and DigiCert achieve the same result. They enable your brand's logo to display next to your email messages in supporting inboxes, provided your DMARC policy is enforced and your logo meets the necessary specifications.
• Process similarity: The validation process for obtaining a VMC is largely similar across both providers, involving rigorous checks to verify trademark ownership and organizational identity, which is a key requirement for BIMI. More details on the implementation steps can be found in our guide on BIMI requirements and implementation.
• Pricing variations: While the end product is similar, there can be price differences, potentially around $500, between the two vendors. These differences might stem from their pricing strategies, support models, or partner programs. It's advisable to compare current pricing directly from the vendors or their authorized resellers, as highlighted by resources such as The SSL Store's guide on BIMI certificate costs.
• Ongoing costs: It is crucial to clarify whether the quoted price is for the first year only or if it reflects the renewal cost, as some providers may offer introductory rates. This is an important aspect to consider when evaluating the overall costs and steps for implementing BIMI.

Key considerations

• Google's trust: A notable development to be aware of is Google's stance on distrusting public TLS certificates issued by Entrust. While this primarily impacts TLS, it's a point of consideration for overall vendor trust, though for BIMI, both remain accredited. More information can be found on EmailExpert regarding Google's announcement.
• API access: For organizations managing many clients or certificates, API access can be a significant factor. Some vendors may offer more robust or user-friendly API integrations, streamlining the VMC issuance and management process.
• Support and service: While the technical outcome is the same, the quality of customer support, responsiveness, and guidance throughout the application process can vary. This can be critical, especially if you encounter issues during setup, as discussed in common BIMI questions.
• Renewals: Understand the renewal process and potential price adjustments for subsequent years. A lower initial price might be offset by higher renewal costs.

Key opinions

• Cost is king: Many marketers prioritize the cost difference, seeing a $500 saving as a significant factor in their decision-making process, especially when the perceived end result is identical.
• End result matters: The primary goal is to get the logo to appear in inboxes. If both vendors facilitate this, the specific internal processes of each are less critical to the marketer.
• Implementation challenges: Even with a VMC, marketers sometimes face issues with logo display, indicating that VMC acquisition is only one part of the broader BIMI implementation puzzle.

Key considerations

• Pricing transparency: Always clarify whether the quoted price is a recurring annual fee or an introductory offer, as this impacts long-term budgeting for BIMI.
• Sales process: Engaging in discussions with both vendors simultaneously can provide clearer insights into their pricing, processes, and any potential added value, which can help in making an informed decision.
• Pre-requisite fulfillment: Ensure all prerequisites for BIMI, particularly a strong DMARC policy, are in place before acquiring a VMC to avoid delays in logo display, as detailed in the requirements and implementation steps for BIMI.

Key opinions

• No functional difference: Experts confirm that there's no inherent difference in how the VMC from either Entrust or DigiCert performs its job for BIMI. The end result, displaying the logo, is the same.
• Process variations: While the outcome is the same, the internal processes for application, verification, and issuance might vary slightly between the two CAs. These subtle differences usually don't impact the end-user or the functionality.
• Partner programs: Some organizations, especially those providing services to multiple clients, might have existing partner relationships (e.g., API access) with one vendor, which could influence their choice due to streamlined workflows.
• External trust factors: Google's decision to distrust Entrust's public TLS certificates is a significant external factor, even if it doesn't directly impact BIMI VMCs. This emphasizes the importance of understanding the broader trust landscape, as discussed in the context of DigiCert's role as a VMC issuer for Google.

Key considerations

• Clarity on pricing: Experts advise obtaining explicit clarification on pricing structures, particularly regarding initial vs. renewal costs, to avoid unexpected expenses.
• Support resources: The quality of technical support and responsiveness during the VMC acquisition and troubleshooting phases can be a differentiator, especially for complex implementations or unforeseen issues.
• Industry accreditations: Ensure that any chosen VMC provider is officially recognized and accredited by the BIMI Group and major Mailbox Providers, as detailed in our guide on BIMI accredited certificate providers.

Key findings

• Standardized requirements: The BIMI Group and its working groups establish common standards for VMC issuance and validation, ensuring that all accredited CAs, including Entrust and DigiCert, adhere to the same baseline for security and trust. This ensures a consistent level of validation for your brand's logo.
• Trademark verification: Documentation confirms that VMCs require proof of trademark ownership for the logo to be displayed, which is a key step in preventing brand impersonation. This stringent requirement applies equally to all accredited CAs.
• DMARC enforcement: Official specifications state that a domain must have a DMARC policy set to 'quarantine' or 'reject' for BIMI to function. The VMC validates the logo, but DMARC authenticates the email domain itself, a critical component detailed in our guide on setting up DMARC for BIMI.

Key considerations

• SVG format: Documentation specifies that BIMI logos must be in SVG format and adhere to certain styling and security requirements. Proper formatting is essential for logo display, irrespective of the VMC vendor. For more on this, see our guide on validating your BIMI SVG and certificate.
• Provider support: While VMCs are standardized, the support and resources provided by the CA to help organizations meet these technical requirements can vary. Organizations should ensure their chosen provider offers clear guidance.
• BIMI record syntax: The BIMI record published in DNS must correctly reference the VMC and logo URL. This syntax is universal and not vendor-specific. The BIMI Group provides official documentation and guidance for understanding BIMI certificate types and implementation.