What is a Verified Mark Certificate?

A VMC enables a companies logo to be placed in the  “sender” field in email clients such as gmail and  so that users see your mark—and that your organization has been authenticated—before they even open your message. It’s the email equivalent of a checkmark on social media, with added validation and security requirements to help protect your customers and your brand against phishing and spoofing attacks.

It’s been developed by Entrust and BIMI, Brand Indicators for Message Identification, is an emerging standard for inserting registered trademarks inside email clients that makes it simple for organizations to display their brand on emails. So far Google, Twilio, Fastmail,, Mailchimp, Verizon, Validity, and Valimail have signed up, more are expected to follow shortly.


How to get a VMC for your organisation

Your organisation is going to need a trademarked  logo in SVG format, proof that you have implemented the correct email standards (SPF, DKIM, and DMARC – they sound scarily complicated but you can have them up and running in less than an hour) . Purchased a verified mark certificate, a couple of changes in your domain name records et voila.

Trademarking your logo

Sounds expensive – it needn’t be unless someone objects. You can actually fill out the form, and apply to the Irish Patent Office for 70 euro per class. Larger organisations would be looking to use an attorney, and have a monitoring organisation protect themselves from misuse of their brand. Once you’ve filed the applicaton it’s publlshed in the irish trademark journal, and parties have three months to object. Assuming no-one objects you pay the registration fee of 177 euro to the Irish Patent Office. Beware though – scammers will be sending demands for fees and services since the requesters name and address are published.

Formatting your Logo for a verified mark certificate

The company who designed your logo should be able to produce a logo file in SVG-P/S format. If not BIMI have produced conversion tools for logos, I’d send your graphic designer a link to the tools, Sometimes there’s a case for doing it yourself, but branding is so important i’d be getting a professional.

 Sender Policy Framework (SPF)

SPF is a text record published in your domain records (DNS) that informs email servers on the internet which servers can send email on behalf of the domain. Normally this would be your email service provider, and sometimes your web server. Mxtoolbox provides tools for generating the SPF record. I’d thoroughily recommend that you get your IT provider to do this, and then check that its implemented properly on mxtoolbox.

Domain Keys Identified Mail (DKIM)

DKIM again i’d really get your IT provider to set this up, It’s really worthwhile it’ll greatly assist in ensuring your emails get delivered. Once its done  i’d check in mxtoolbox that it’s configured properly. If your IT provider is on the ball it should have been done already. You;ll need to ask the IT Provider for the selector used. For o365 it’s selector1.

DMARC is an email validation system designed to protect your company’s email domain from being used for email spoofing, phishing scams and other cybercrimes. Its a reporting system which email systems use to report violations of SPF, DKIM to a specific email address, and importantly what to do with those emails (report and deliver, quarantine, or reject the email). Typically you’d start off reporting only, just to make sure you haven’t missed something, then move on to quarantine and finally reject.

It involves the creation of a DNS record, and email addresses for reporting. Again MXtoolbox provide a free DMARC record generator There’s a free service for record generation and monitoring from postmarkapp.com which is upgradeable to a paid service for $10 per month per domain.

Applying for a VMC

The process of getting a VMC  from digicert or Entrust involves the certificate provider checking your SPF, DKIM, and DMARC are implemented properly, and you are DMARC compliant, this usually takes 5-8 weeks