Frequently Asked Questions

A Verified Mark Certificate is a digital certificate issued by a trusted certificate authority (CA) that allows an organization to display its registered trademark logo next to email messages in supporting email clients, using the Brand Indicators for Message Identification (BIMI) standard.

A VMC works by linking your verified organizational identity and trademarked logo to your domain. Once the certificate has been issued after validation, it works with email authentication protocols such as DMARC and BIMI. When an email is received, the protocol verifies the originator and recipient using supported email clients like Gmail or Yahoo Mail and displays the registered logo in the inbox to confirm the email is genuine.

A Common Mark Certificate is a type of digital certificate used in the context of BIMI (Brand Indicators for Message Identification) that allows an organization to display a brand logo in email clients without requiring a registered trademark.

Mark Certificates build trust and visibility. When your logo appears in the inbox, it grabs attention of users and increases open rates and also confirms to recipients that your email is legitimate, while cutting down on phishing risk and brand spoofing.

The simplest method is to find out with your legal or brand team; they will tell you whether your logo has been registered with an approved trademark from known trademark offices such as the USPTO or EUIPO. In case you don’t have internal legal assistance, you can do that yourself by checking the WIPO Global Brand Database. If your logo is registered and active with approved authorities, then it qualifies as a legitimate trademark within that country.

To get a Mark Certificate, your logo has to be a registered trademark from a recognized trademark office like USPTO, EUIPO, or JPO.

In case it is not trademarked, you will first have to file a trademark registration with the appropriate authority and wait for approval before requesting the VMC order. During this time you can implement SPF, DKIM and DMARC as measures of email verification without the VMC.

To qualify for a VMC, your logo must be registered as a trademark with an approved intellectual property office. Currently recognized offices include:

• United States Patent and Trademark Office
• Canadian Intellectual Property Office
• European Union Intellectual Property Office
• UK Intellectual Property Office
• Deutsches Patent- und Markenamt
• Japan Trademark Office
• Spanish Patent and Trademark Office O.A.
• IP Australia
• Intellectual Property India
• Korean Intellectual Property Office
• Instituto Nacional da Propriedade Industrial
• French Institut National de la Propriete Industrielle
• Benelux Office for Intellectual Property
• Denmark Ministry of Culture
• Swedish Intellectual Property Office
• Swiss Federal Institute of Intellectual Property<
• Intellectual Property Office of New Zealand

Other trademark offices can be added in future as adoption of BIMI and VMC expands.

VMC is required for every individual logo, each distinct logo must be associated with a separate VMC. Therefore, if your organization has more than one logo, you will need a separate certificate for each logo.

Once your logo is officially trademarked, you can upgrade from a CMC to a VMC. You’ll need to go through the logo verification and certificate reissuance process.

The following requirements need to be fulfilled to get a Verified Mark Certificate:

1. A registered trademark logo in SVG Tiny 1.2 (Tiny PS) format.
2. DMARC policy set to p=quarantine or p=reject on your domain.
3. A BIMI record that points your logo and VMC certificate to your domain.

If all these requirements are in place, you can buy Verified Mark Certificate and complete DigiCert’s validation process.

The logo must be uploaded in SVG Tiny 1.2 (Tiny PS) format for it to be verified.

It normally requires 5 to 7 business days to issue a VMC certificate. The faster the following steps are done, the quicker it can be issued:

1. Domain and organization validation
2. Trademark checking (because a registered trademark is necessary)
3. BIMI Alignment of email logo
4. Faster response to any CA (Certificate Authority) documentation requests

Delays can arise when extra documentation or corrections are required in the process of validation.

No. A Mark Certificate is linked to your registered logo, organization details, and the primary domain used for email authentication (BIMI/DMARC). You only need to include the domain that will display the logo in recipients’ inboxes, not every domain or subdomain you own.

Every organization is unique in its email and domain structure. If your company has a single email domain and logo, one VMC may be all you need. If you have multiple email domains and a single logo, one VMC may still work. But if you have you’ll need a VMC for each, no matter how many email domains you’re using.

After you buy the VMC and send your brand logo, we will send you a PEM file. You have to make sure that the SVG logo and the PEM file are located on a publicly accessible server. Also, change your BIMI record accordingly. Successful implementation requires that the hosted files match the BIMI record.

BIMI (Brand Indicators for Message Identification) is an email specification that enables organizations to display their verified brand logo alongside authenticated messages in recipients’ inboxes. It works in conjunction with DMARC, SPF, and DKIM and is used along with VMCs. BIMI also contributes to the increased brand recognition and builds trust, as your logo can be only displayed in verified emails. Check BIMI Status

Both VMC and CMC require BIMI to function. BIMI provides the DNS-based mechanism for logo display, while the certificate validates logo ownership. Without BIMI, email providers will not display your logo.

BIMI itself is not mandatory for Google. But, if you want your brand logo to appear in Gmail inboxes, Google requires BIMI along with DMARC enforcement and a VMC/CMC certificate. Without BIMI, your logo will not be displayed. Get BIMI eligibility report

SPF is an email authentication protocol which enables the domain user to define which mail servers have permission to send email messages on behalf of the domain user. When a user receives an email, the recipient server looks up the SPF record in your DNS to ensure the IP address of the sending server. It helps reduce spoofing and unauthorized use. Validate SPF record

DKIM (DomainKeys Identified Mail) is a protocol used to authenticate email messages, it adds a digital signature to the message headers to indicate whether the message has been modified in transit and that the mail is coming from an authorized user. It functions via the signing of outgoing emails with a private key and the publishing of a public key in DNS to allow the recipient servers to verify the signature.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps prevent others from sending fake emails using your domain. It protects against phishing, spoofing, and other email-based attacks, improving email security and trust with your recipients.

DMARC is strictly required for VMCs and CMCs because it serves as a foundational security and authentication layer that enables trusted logo. To get a certificate, your domain should have a properly configured DMARC (Domain-based Message Authentication, Reporting, and Conformance) record and a policy of either “p=quarantine” or “p=reject”. It is essential for conforming domain ownership and showcasing brand logo in your supported inboxes.Get DMARC Complaint

DMARC enforcement can differ by environment. If the organization has one sending domain, where both SPF and DKIM have already been configured, it is possible to progress the enforcement policy (p=quarantine or p=reject) within days or weeks.

In larger orgs that have multiple domains, subdomains and more third-party senders, it might take months. This is because every legitimate source of emails should be identified, authenticated, and aligned prior to enforcement. Consulting with an expert or trusted provider when working with DMARC can help simplify and prevent delivery issues.

Your VMC remains valid, but your logo won’t display in supported inboxes until DMARC alignment is restored. Inspect DMARC record

VMC and CMC certificates enable BIMI logo display in supported mailbox providers, including Gmail, Yahoo Mail, Apple Mail, Fastmail, Zoho Mail, La Poste, and others.

A Mark certificate is not the same as a TLS certificate. A TLS/SSL certificate is used to secure your website and encrypt data during transmission. A Mark Certificate is used for email authentication to verify your brand identity and display the logo in supported email clients via BIMI.

VMC and BIMI are only supported on public-facing email domains and inboxes. Internal systems are not compatible.

VMCs cannot change how mail servers decide whether to accept or reject your messages. But having strong authentication (SPF, DKIM, DMARC) does help. And with a trusted, verified logo, your emails are more likely to be opened and less likely to be flagged as suspicious.

Host them on a publicly-accessible, secure server using HTTPS. Ensure URLs are permanent, well accessible and match to the locations indicated in your BIMI record.

DigiCert verified mark and common mark certificates are valid for 397 days, from the day of issuance. We offer multi-year subscription options at discounted prices, these certificates need to be renewed annually to get continuous logo display and compliance with verification requirements.

If you purchased your VMC or CMC through us, you can request a revocation at any time by reaching out to our support team. Revocations can also occur automatically if the underlying trademark (for VMC) becomes invalid or if persistent email authentication failures are detected. In case you want to reissue, we’ll guide you through the process and help you maintain the compliance requirements.

We are a global provider of VMC Certificates and CMC Certificates from leading Certificate Authorities (CAs) like DigiCert, Sectigo & GlobalSign. Anyone can order directly through our site at competitive pricing and get end-to-end assistance from DMARC setup to final BIMI integration without having to navigate CA procedures alone.