Who should attest to a trademark for a Verified Mark Certificate (VMC)?
Matthew Whittaker
Co-founder & CTO, Suped
Published 18 May 2025
Updated 17 Aug 2025
6 min read
Obtaining a Verified Mark Certificate (VMC) for your brand's logo to appear in email inboxes is a significant step towards enhancing email trust and brand recognition. A critical part of this process often involves attesting to the authenticity of your trademark. The question of who within an organization should handle this attestation often leads to internal discussions, as it touches upon legal, marketing, and technical aspects of the business.
I've seen many companies grapple with this exact issue, trying to determine the most appropriate individual or department for such a sensitive task. The person responsible needs to have the authority to represent the company legally and knowledge of the trademark's details.
The role of the trademark owner
The primary requirement for a VMC is a registered trademark for your logo. This means the logo must be officially recorded with a qualified intellectual property office, such as the USPTO in the United States or equivalent bodies internationally. The certification authorities (CAs) that issue VMCs, like DigiCert and Sectigo, rely on this official registration to verify your brand's legitimacy. Without a legally registered trademark, obtaining a VMC is not possible. You can learn more about the specific trademark requirements for BIMI VMC in our other guides.
Trademark ownership and attestation
The attestation process essentially confirms to the Certificate Authority that the applicant has the right to use the trademarked logo. This typically falls under the purview of someone with the authority to legally bind the company. This could be a senior executive, a member of the legal department, or anyone explicitly authorized to represent the organization in legal matters. The specific individual will vary based on the company's internal structure and policies.
For many organizations, the legal department is the natural fit because they handle intellectual property rights and corporate legal documentation. They are best equipped to verify the trademark's registration and ensure all legal prerequisites are met. However, in smaller companies, an executive with signing authority might take on this responsibility. I have also seen situations where a product or marketing lead takes the initiative, but they almost always need a legal or executive sign-off for the formal attestation.
Evolving requirements and BIMI adoption
One common point of confusion revolves around the requirement for notarization. Historically, some Certificate Authorities required a notarized affidavit to attest to trademark ownership. This meant someone had to physically go to a notary public and have their signature verified.
Notarization requirements
However, the requirements have evolved, and some CAs, like Sectigo, no longer demand notarization. This change simplifies the process, making it less burdensome for organizations. It's crucial to check with your chosen CA to understand their current specific requirements regarding attestation and notarization, as these can vary.
Whether a notary is required to get a VMC is a frequent question I encounter, and it underscores the need for up-to-date information directly from the VMC issuer. This evolving landscape aims to streamline the VMC acquisition process while maintaining the necessary security and verification standards.
Key distinction: BIMI with or without VMC
While VMC greatly enhances BIMI adoption and visibility, it's important to differentiate between implementing BIMI with and without a VMC.
BIMI without VMC: You can still set up a BIMI record (self-asserted) that points to your logo. This is a good first step, but not all mailbox providers (MBPs) will display your logo without a VMC. Many, like Yahoo and Fastmail, do support self-asserted BIMI.
BIMI with VMC: A VMC provides the highest level of assurance that your logo is legitimate and owned by your organization. This is why Google Gmail requires a VMC to display your logo and the blue checkmark next to your sender name. It confirms the logo's authenticity and enhances recipient trust.
Why VMC is crucial for brand trust and anti-phishing
The existence of VMCs directly addresses the need for stronger brand authentication in email. Without a verifiable link between a sender's logo and their legitimate trademark, it would be much easier for malicious actors to impersonate brands through phishing attacks.
Brand protection and trust
A VMC acts as a digital certificate that validates your ownership of the logo, providing recipients with visual assurance that the email truly comes from your brand. This added layer of trust is invaluable for improving email deliverability and engagement, as users are more likely to open and interact with emails from verified senders. From a DMARC enforcement perspective, VMCs solidify your brand's legitimacy.
The BIMI Group, which develops the BIMI standard, emphasizes the importance of secure identity management. Their VMC Guidelines lay out strict requirements for CAs to ensure the validity of issued VMCs. This rigor is what gives MBPs the confidence to display your logo prominently.
Navigating the attestation process
To effectively navigate the VMC process, a collaborative approach within your organization is usually best. While legal may be responsible for the final attestation, product or marketing teams often initiate the VMC process due to the clear brand visibility benefits of BIMI.
Internal collaboration
Ensuring clear communication between these departments, and potentially the IT team responsible for DNS record management, will expedite the process. Each team brings unique expertise to the table, from legal compliance to technical implementation.
Who is involved in VMC attestation
Legal Department: Best suited to attest to the validity of the trademark and ensure compliance with intellectual property laws and VMC guidelines.
Senior Executive (CEO, CFO, etc.): Can provide the necessary official corporate endorsement and signature authority.
Designated Corporate Officer: Someone explicitly authorized by the company to handle official documentation and legal affirmations related to its assets.
Ultimately, the attestation for a VMC should come from a party within the organization that holds the legal authority to represent the company's trademark ownership. This ensures the VMC is issued correctly and stands up to the rigorous verification standards required by Certificate Authorities and mailbox providers.
Summary of attestation roles
The decision about who should attest to a trademark for a VMC often involves internal discussions among product, CRM, and legal teams. While the specific person or department can vary, the key is to designate someone with the official authority to represent the company and its intellectual property.
This ensures the VMC issuance process goes smoothly and your brand's logo is successfully displayed in supporting inboxes, boosting trust and engagement.
Views from the trenches
Best practices
Ensure your logo is legally trademarked with a recognized intellectual property office before applying for a VMC.
Designate a clear point person, ideally from legal or a senior executive, who has the authority to formally attest to trademark ownership.
Maintain open communication between legal, marketing, and IT teams throughout the VMC application and implementation process.
Common pitfalls
Failing to secure a legally registered trademark for your logo, which is a prerequisite for VMC issuance.
Assuming notarization is always required; requirements have evolved, and some CAs no longer demand it.
Underestimating the internal coordination needed between departments for successful VMC implementation.
Expert tips
Consider the long-term benefits of VMC, such as enhanced brand trust and improved email engagement, despite the initial investment.
Stay informed about updates from the AuthIndicators Working Group (BIMI Group) regarding future BIMI advancements and accessibility.
Even if a VMC isn't immediately pursued, ensure your DMARC policy is at enforcement (quarantine or reject) for basic BIMI functionality.
Expert view
Expert from Email Geeks says that the person attesting to the trademark for a VMC should be someone who can officially represent the company, likely from the legal department or an executive with signature privileges.
February 5, 2024 - Email Geeks
Expert view
Expert from Email Geeks says that notarization is no longer needed by all Certificate Authorities, specifically mentioning Entrust as an example.
February 5, 2024 - Email Geeks
Ensuring brand identity with VMC
The individual responsible for attesting to a trademark for a Verified Mark Certificate (VMC) should be someone with the legal authority to represent the organization, such as a member of the legal department, a senior executive, or a designated corporate officer. While specific notarization requirements have evolved, the core need for verifiable trademark ownership remains paramount.
A VMC significantly enhances brand trust and protection against phishing by securely displaying your logo in email inboxes, particularly those like Gmail that require this certification. Although BIMI can function without a VMC on some platforms, the VMC provides the highest level of assurance, making it a valuable investment for brands serious about email security and identity. Open communication and collaboration across internal teams are key to a smooth VMC acquisition and implementation process.
Yahoo and Fastmail, do support self-asserted BIMI.
Google Gmail requires a VMC to display your logo and the blue checkmark next to your sender name. It confirms the logo's authenticity and enhances recipient trust.
