Who should attest to a trademark for a Verified Mark Certificate (VMC)?

Key findings

• Authorized representative: The individual attesting to the trademark for a VMC must be someone officially authorized to represent the company. This commonly falls to legal teams or executives with signature authority.
• Evolving notary requirements: Some Certificate Authorities, like Entrust, are reportedly moving away from requiring a physical notary for trademark attestation, streamlining the VMC issuance process.
• Trademark linkage: A VMC is intrinsically linked to a registered trademark. You must have a legally registered trademark to qualify for a VMC, as this is the basis of brand verification.
• BIMI requirements: While BIMI can be implemented without a VMC (self-assertion), major mailbox providers (MBPs) such as Google generally require a VMC to display the verified brand logo. Learn more about whether VMC is mandatory for Gmail logo display.

Key considerations

• Internal responsibility: Organizations should clearly define which department or individual is responsible for the VMC attestation process to avoid internal friction and ensure compliance.
• Trademark registration: Prior to pursuing a VMC, ensure your company's logo is a registered trademark with an intellectual property office recognized by the VMC ecosystem. Certera provides details on how to trademark your logo to qualify for VMC.
• Cost vs. benefit: Evaluate the cost of obtaining a VMC against its perceived benefits, especially if your primary audience is not on mailbox providers that require it for logo display. Consider the cost of VMC certificates.
• Security implications: Understand that VMC adds a critical layer of anti-phishing protection by verifying your brand logo, making it harder for impersonators to leverage visual identity.

Key opinions

• Team responsibility: There's confusion and debate among marketing, product, and legal teams about who is ultimately responsible for the administrative task of VMC trademark attestation.
• VMC as an exception: Many marketers view obtaining a VMC certificate as an exception rather than a standard practice, suggesting it's not a universal requirement for BIMI implementation.
• Cost vs. accessibility: The financial cost of VMCs is a significant concern, potentially hindering broader BIMI adoption, particularly for small to medium-sized businesses.
• Prioritizing general BIMI: Some marketers advocate for making customers BIMI-ready in general, without necessarily pushing for VMC certification, unless there's a specific, compelling business case.

Key considerations

• Audience reach: Before investing in a VMC, marketers should analyze their recipient base to determine how many are using mailbox providers that support VMC-enabled BIMI. Consider which email clients actually support BIMI.
• Trademark status: If a trademark is not already registered, the additional effort and cost of trademark registration must be factored into the overall VMC consideration.
• Alternative paths: Marketers should be aware that BIMI can be implemented with self-assertion for some mailbox providers, offering a path to brand display without the VMC cost. You can implement BIMI without a VMC for several email clients.
• Long-term strategy: Consider the long-term value of a verified brand logo in terms of trust and brand recognition, weighing it against the initial and ongoing investment required for VMC.

Key opinions

• Legal representation: The person attesting to the trademark must be able to officially represent the company, typically from legal or an executive role with signature authority.
• Security imperative: VMC is a critical security measure. Without it, it would be much easier for bad actors to use legitimate-looking logos with DMARC-enforced domains for phishing, undermining email trust.
• Mailbox provider discretion: Different mailbox providers have different rules regarding VMC, with some requiring it for logo display while others allow self-assertion. This reflects varied internal reputation management solutions.
• Accessibility efforts: The AuthIndicators Working Group (AIWG) is actively exploring ways to expand identification options and logo support to make BIMI more accessible to a wider range of senders in the future.
• Operational costs: Operating robust identification management systems for VMC is expensive and challenging to automate, contributing to the costs associated with VMC certificates.

Key considerations

• Anti-phishing benefits: While VMC has a cost, its contribution to preventing brand impersonation and enhancing trust is a significant deliverability and security benefit. The SSL Store clarifies how VMCs qualify for BIMI.
• Navigating CA requirements: Be aware that specific CAs may have different requirements for attestation, including whether a notary is still required. It's important to understand which VMC issuer works for Google BIMI.
• Future of BIMI: Stay informed about developments from the AIWG regarding new forms of identification and logo support that could make BIMI more widely available without the VMC requirement.
• DMARC enforcement: VMC relies on a strong DMARC policy (at quarantine or reject) to function effectively. Ensure your DMARC is properly enforced for maximum VMC benefits. Understand DMARC, SPF, and DKIM.

Key findings

• Qualified trademark: A VMC requires a logo that is a registered trademark in a qualified intellectual property office, which means it must be officially recorded and protected.
• CA validation: Certificate Authorities perform a thorough validation process to ensure the applicant is the legitimate owner of the trademark and has the right to use the logo for email.
• Chain of trust: VMC extends the chain of trust established by DMARC, SPF, and DKIM, providing a verifiable link between the authenticated sender and their visual brand identity.
• SVG file format: The brand logo must be provided in a specific SVG Tiny PS format, which is validated by the CA for compliance and security. Read more about BIMI requirements for SVG files.

Key considerations

• Trademark registration process: Companies must navigate the legal process of trademark registration before applying for a VMC. This involves specific filing requirements and can take time.
• CA-specific procedures: While general requirements exist, each accredited Certificate Authority may have slight variations in their VMC issuance and attestation procedures. It's important to understand the pricing and approach behind VMC and BIMI.
• Compliance with standards: Adherence to BIMI specifications and CA guidelines is crucial for successful VMC implementation and ensuring the logo displays correctly in supporting inboxes.
• Ongoing validation: VMCs, like other certificates, have a validity period and require renewal, ensuring that the trademark status and company information remain current and verified.