Summary
After Entrust's acquisition of its PKI services assets by Sectigo, the primary recommended Verified Mark Certificate (VMC) providers for BIMI setup have largely consolidated around Sectigo and DigiCert. These two Certificate Authorities (CAs) are widely recognized by major email clients and are considered the most reliable options for authenticating and displaying trademarked logos in inboxes. While other CAs like GlobalSign are also listed as issuers, their VMCs may not yet have universal acceptance from all key Mailbox Providers, highlighting the importance of verifying broad support before commitment. Existing Entrust-issued VMCs remain valid until their expiration, with the market now looking to Sectigo and DigiCert for new VMC needs.
Key findings
- Sectigo and DigiCert are Primary VMC Providers: Following Entrust's acquisition, Sectigo and DigiCert are consistently identified as the leading and most reliable Verified Mark Certificate (VMC) providers for BIMI, widely recognized by major email clients.
- Entrust's Transition to Sectigo: Sectigo acquired Entrust's PKI services assets, meaning Entrust has ceased issuing new VMCs. Existing Entrust VMCs remain valid, and future VMCs issued by Sectigo may leverage DigiCert's Certificate Authority.
- Sectigo's Strengthened Position: Through its acquisition, Sectigo has solidified its role as a key player in the VMC market, now offering both direct VMC issuance and reselling DigiCert VMCs.
- GlobalSign's Developing Acceptance: While GlobalSign is listed as a VMC issuer, its VMCs are not yet universally approved by major Mailbox Providers such as Google and Apple, advising a cautious approach until broader support is confirmed.
- Consolidated VMC Market: The market for VMC providers has largely consolidated around Sectigo and DigiCert, making them the most prominent and reliable choices for organizations implementing BIMI.
Key considerations
- Mailbox Provider Acceptance: While a VMC provider may be listed, ensure their certificates are accepted by your target Mailbox Providers, especially major ones like Google and Apple, as not all listed CAs have universal support yet.
- Existing VMC Validity: If you have an existing Entrust-issued VMC, it will remain valid until its expiration date. The shift primarily affects new VMC issuances and customer account management.
- Provider Support and Integration: Select a VMC provider that offers robust support and integrates seamlessly with your current email infrastructure to facilitate a smooth BIMI implementation.
- Trademarked Logo Requirement: A crucial prerequisite for obtaining a VMC and successfully implementing BIMI is having a legally registered and validly trademarked logo.
What email marketers say
13 marketer opinions
For brands looking to implement BIMI following the acquisition of Entrust's PKI assets by Sectigo, the landscape of Verified Mark Certificate (VMC) providers has largely coalesced around Sectigo and DigiCert. These two Certificate Authorities are consistently identified as the most reliable choices, recognized by major mailbox providers for authenticating and displaying trademarked logos in email inboxes. While other providers like GlobalSign are emerging, it's essential for marketers to confirm their VMCs' acceptance across all desired mailbox providers, as universal support is still evolving. Existing VMCs issued by Entrust will remain valid until their expiration, with new issuances now directed toward the consolidated market leaders.
Key opinions
- Sectigo and DigiCert Dominate VMC Issuance: After Entrust's PKI assets moved to Sectigo, these two Certificate Authorities are widely recognized as the leading and most reliable VMC providers for BIMI, with broad acceptance from major email clients.
- Entrust VMC Legacy and Transition: Entrust has ceased issuing new VMCs, but those previously issued remain valid until their expiration date, with Sectigo now handling subsequent VMC needs, sometimes leveraging DigiCert's CA.
- Sectigo's Expanded Role: Sectigo, previously known as Comodo, has significantly strengthened its position in the VMC market through strategic acquisitions, solidifying its status as a primary go-to provider.
- GlobalSign's Emerging Status: While GlobalSign is listed as a VMC issuer on the BIMI Group site, its VMCs do not yet have universal approval from major Mailbox Providers like Google and Apple, requiring caution for broader adoption.
- Market Consolidation Simplifies Choice: The VMC market has largely consolidated around a few key players, simplifying the selection process for brands, with Sectigo and DigiCert being the most recommended due to their established processes and support.
Key considerations
- Prioritize Major Mailbox Provider Acceptance: Always confirm that a VMC provider's certificates are broadly accepted by crucial Mailbox Providers such as Google, Apple, and others relevant to your audience, as not all listed CAs have uniform support.
- Plan for Expiring Entrust VMCs: Brands currently using Entrust-issued VMCs should note their expiration dates and plan to transition to a new VMC from Sectigo or DigiCert well in advance.
- Evaluate Provider Support and Integration: Beyond mere issuance, consider a VMC provider's customer support quality and its compatibility with your existing email infrastructure for a seamless BIMI implementation process.
- Ensure Trademark Compliance: A fundamental requirement for obtaining a VMC is possessing a valid, legally registered trademark for the logo you intend to display, which is crucial for the authentication process.
Marketer view
Email marketer from Email Geeks explains that Sectigo resells DigiCert VMCs. Faisal notes Entrust will stop issuing VMCs on May 12, and future VMCs issued by Sectigo will likely use the DigiCert VMC CA. He clarifies that existing Entrust-issued VMCs will remain valid until their expiry, and the migration process involves customer accounts, not the underlying certification authorities.
7 Aug 2024 - Email Geeks
Marketer view
Email marketer from Email Geeks suggests DigiCert is currently the primary or only reliable VMC provider. Al also states that while GlobalSign is listed as a VMC issuer, his understanding is that they are not yet approved by major Mailbox Providers like Google and Apple, advising caution until broader support is confirmed.
29 Oct 2021 - Email Geeks
What the experts say
1 expert opinions
The market for Verified Mark Certificates (VMCs), crucial for BIMI implementation, saw a definitive change following Sectigo's acquisition of Entrust's PKI services assets. As of February 2023, Sectigo solidified its position as the exclusive Certificate Authority directly providing VMCs, making it the single recommended source for brands aiming to display their trademarked logos in email inboxes. This development simplifies the process for businesses, identifying Sectigo as the primary, and effectively only, provider for new VMC acquisition after the acquisition.
Key opinions
- Sectigo's Exclusive VMC Role: Following its acquisition of Entrust's PKI services assets, Sectigo became the sole Certificate Authority directly offering Verified Mark Certificates (VMCs) for BIMI as of February 2023.
- Direct Result of Entrust Acquisition: This singular status for Sectigo is a direct consequence of the Entrust acquisition, effectively consolidating VMC issuance to one primary provider from that point onward.
- Simplified VMC Provider Choice: For organizations seeking to obtain new VMCs after the acquisition, Sectigo stands as the definitive and recommended provider, streamlining the selection process.
Key considerations
- Navigating Consolidated Market: Brands should note that the market for new VMCs for BIMI has consolidated to a single direct issuer, Sectigo, simplifying the vendor selection process significantly.
- Validity of Existing VMCs: It is important to remember that VMCs issued prior to this change, including those from Entrust, retain their validity until their original expiration dates.
- Strategic Planning for BIMI: Businesses implementing or updating BIMI should strategically plan around Sectigo as the go-to Certificate Authority for all new VMC requirements to ensure compliance and smooth operation.
Expert view
Expert from Word to the Wise explains that following Entrust's acquisition, Sectigo became the sole Certificate Authority offering Verified Mark Certificates (VMCs) as of February 2023. This means Sectigo is the provider for BIMI setup in the context of VMCs, effectively making it the recommended and only option.
3 Feb 2022 - Word to the Wise
What the documentation says
5 technical articles
The landscape of Verified Mark Certificate (VMC) providers for BIMI setup has become clearer following the consolidation of Entrust's PKI assets under Sectigo. Organizations seeking to implement BIMI and display their trademarked logos in email clients will primarily find Sectigo and DigiCert as the leading and most trusted Certificate Authorities (CAs). These two providers are the only CAs officially listed by the BIMI Group as having met all stringent requirements for VMC issuance, ensuring broad recognition across participating email clients. While other entities like GlobalSign also issue VMCs, the market consensus and official documentation point to Sectigo and DigiCert as the go-to choices for reliable BIMI implementation.
Key findings
- Primary VMC Providers: Sectigo and DigiCert are consistently identified as the foremost and most reliable VMC providers for BIMI, widely recognized by major email clients.
- Official Recognition by BIMI Group: The BIMI Group officially lists only Sectigo and DigiCert as CAs that have completed the stringent requirements for VMC issuance.
- Market Consolidation: The VMC market has largely streamlined, with new issuances primarily coming from Sectigo and DigiCert, further solidified by Sectigo's acquisition of Entrust's PKI services.
- GlobalSign's Role: GlobalSign is an authorized VMC provider; however, the universal acceptance of its VMCs by all major Mailbox Providers may still be evolving compared to Sectigo and DigiCert.
- Trusted Sources for Implementation: Industry discussions and documentation confirm Sectigo and DigiCert as the trusted sources for VMC acquisition, simplifying the choice for BIMI implementation.
Key considerations
- Confirm Mailbox Provider Acceptance: Always verify that the chosen VMC provider's certificates are widely accepted by key Mailbox Providers relevant to your audience, especially Google and Apple.
- Trademark Requirement: A legally registered and valid trademark for your logo is a mandatory prerequisite for obtaining a Verified Mark Certificate (VMC).
- Evaluate Provider Support: Assess the VMC provider's customer support and their ability to integrate seamlessly with your existing email infrastructure for a smooth BIMI rollout.
- Existing VMC Validity: VMCs previously issued by Entrust remain valid until their expiration date, but all new VMC acquisitions should be directed to the currently authorized providers like Sectigo or DigiCert.
Technical article
Documentation from DigiCert explains that they are an authorized Certificate Authority (CA) issuing Verified Mark Certificates (VMCs) for BIMI, enabling organizations to display their trademarked logos in email clients. They offer a streamlined process for VMC acquisition and management, making them a top choice for BIMI implementation.
6 May 2022 - DigiCert
Technical article
Documentation from BIMI Group explains that the official list of authorized Certificate Authorities (CAs) for issuing Verified Mark Certificates (VMCs) currently includes Sectigo and DigiCert. These are the only CAs that have completed the stringent requirements to issue VMCs recognized by participating email clients.
9 Mar 2025 - BIMI Group
How do I set up BIMI? Is a VMC certificate always required?
Is DigiCert the only working VMC issuer for Google BIMI?
Is VMC mandatory for BIMI implementation?
What are BIMI best practices for domain setup and VMC implementation?
What email providers support BIMI without a VMC, and what are key considerations for BIMI implementation?
Which certification authorities are recommended for BIMI VMC authentication?
