DigiCert Verified Mark Certificate (VMC) is an advanced email security solution that enables organizations to display a verified brand logo directly next to the sender field in recipients’ mailboxes. The VMC certificate guarantees that the logo shown in messages comes from the genuine owner, confirming the authenticity and legality of the trademark or official seal used. Its primary purpose is to enhance the authenticity of messages, thereby minimizing the risk of phishing and increasing brand recognition. For the system to correctly display the logo, integration with the BIMI (Brand Indicators for Message Identification) protocol is required. Combined with a strict DMARC (Domain-based Message Authentication, Reporting & Conformance) policy, this ensures that the sender’s domain is fully protected against spoofing and phishing attempts. Additionally, the implementation of VMC necessitates the proper configuration of the DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) protocols, further strengthening authentication mechanisms and safeguarding against unauthorized use of the domain.

The process of obtaining a VMC certificate involves a multi-stage verification of the organization’s identity, reminiscent of the procedures used for Extended Validation (EV SSL) certificates. DigiCert makes every effort to confirm that the logo provided by the client is either a registered trademark or holds the status of an official seal, which is verified through documentation review. The logo intended for use in the certificate must be submitted in SVG format compliant with the SVG-P/S profile, ensuring its proper rendering in various email clients. Additionally, the logo must be legally protected—either as a registered trademark with a patent office (e.g., EUIPO, USPTO) or under legal provisions in the case of government institutions. Implementing VMC is not merely about obtaining a certificate; it also involves the comprehensive integration of security systems. Once the DNS record is updated, email clients such as Gmail, Yahoo, or Apple Mail verify the configuration and, if all requirements are met, display the logo along with an additional indicator – in the form of a blue “checkmark” – which boosts brand visibility and enhances recipient trust in the messages sent. With such a solution, organizations can not only increase open rates and engagement in marketing campaigns but also significantly reduce the risk of fraud associated with impersonation of legitimate senders.

DigiCert Verified Mark represents a strategic move for companies that prioritize high security standards and a professional brand image in electronic communications. This certificate allows for the integration of the latest authentication technologies while providing comprehensive protection against phishing attacks, as well as strengthening brand recognition through the consistent and reliable presentation of the logo in email messages. Such an approach not only increases recipient trust but also contributes to the effective building of customer relationships, which is crucial in today’s rapidly changing digital environment.

• Visual authenticity verification (BIMI): Integration with the BIMI (Brand Indicators for Message Identification) standard enables the display of a verified brand logo in email client interfaces (e.g., Gmail), providing cryptographic confirmation of the sender’s authenticity. This eliminates the risk of message forgery through immediate visual identification.
• Advanced protection against phishing and spoofing: VMC certificate integrates with key authentication protocols such as DMARC, DKIM, SPF, and BIMI. This synergistic configuration effectively reduces the risk of impersonating legitimate senders by safeguarding the domain against identity forgery attempts and minimizing potential phishing attacks. The requirement for full DMARC compliance (p=quarantine/reject) and the DNS validation of SPF/DKIM records effectively block spoofing and domain spoofing attempts. Tests indicate a 30–40% reduction in the effectiveness of phishing attacks due to logo verification.
• Improvement in engagement and brand recognition metrics: Displaying the verified logo (often supplemented by a blue “checkmark” in email clients like Gmail) increases brand visibility, contributing to higher open rates, click-through rates, and overall audience engagement.
• Rigorous identity verification and compliance with standards: Process of issuing a VMC involves a multi-stage validation of the organization’s identity and confirmation of the logo’s legality (including verification of trademark registration), ensuring compliance with international standards (X.509, CA/B forum) and enhancing communication security. The requirement for the logo to be registered with a patent office (e.g., USPTO, EUIPO) or legally confirmed (for government institutions) ensures that only authorized entities can use the trademark in communications, eliminating unauthorized usage.
• Optimization of message deliverability: Combination of DMARC, SPF, DKIM, and VMC enhances the domain’s reputation in Email Service Provider (ESP) systems, leading to higher deliverability rates (inbox placement) and increased open rates (by as much as 10%).
• Secure hosting of metadata: Requirement to host SVG and PEM files via HTTPS with integrity verification (checksum) protects against logo manipulation during transmission, ensuring the immutability of visual assets.
• Support for future BIMI extensions: Certificate is compatible with planned BIMI updates, such as dynamic logos with animation support (SVG Native) or integration with AI systems for anomaly detection.
• Cryptographic non-repudiation: VMC certificate uses an X.509 v3 digital signature with an RSA/ECC key, ensuring the integrity and authenticity of the brand metadata in accordance with the ETSI EN 319 412-1 standard.
• Enhancing the professional image of the brand: Implementation of DigiCert VMC enables companies to present themselves as technologically advanced and committed to the highest security standards, which not only builds recipient trust but also distinguishes the brand from its competitors.

To obtain a DigiCert Verified Mark Certificate (VMC), you must meet several key requirements. Without fulfilling the conditions below, generating a VMC certificate will not be possible. If you have any doubts and/or questions, please contact our sales department.

• Ensure that the domain for which the VMC certificate will be generated has correctly configured DNS records: SPF, DKIM, and DMARC.
• The logo that will be displayed alongside the sent message must be in SVG format and meet the BIMI requirements.
• The logo must be registered as a trademark. It should be confirmed by an entry, e.g., in the USPTO (United States Patent and Trademark Office), EUIPO (European Union Intellectual Property Office), or another equivalent authority.
• Once these conditions have been met, you can place an order for aVMC certificate.

VMC certificates allow the brand logo to be displayed in popular web-based email clients:

• Gmail
• Yahoo
• Fastmail web
• Verizon
• AOL

Additionally, CMC certificates support displaying the logo alongside sent messages in popular (including mobile) email clients and blue checkmark:

• Gmail Android
• Gmail iPhone
• Fastmail mobile

Technical support for the DigiCert Verified Mark Certificate (VMC) is based on a comprehensive approach to the implementation, configuration, and maintenance of email communication security. This process begins with a detailed analysis of the client’s IT environment, including the mail server configuration, the deployment of message authentication mechanisms, and the implementation of the DMARC, DKIM, and SPF protocols. DigiCert specialists work with the client to prepare and optimize the logo files in SVG format, which must comply with the strict requirements of the SVG-P/S profile, and then coordinate the synchronization of these files with the certificate chain in PEM format. A key element of the support is the configuration of the BIMI record in the DNS system, where the precise setting of the certificate file locations enables the remote retrieval of the logo without end-user intervention. The technical team conducts detailed diagnostics and monitors server logs, which allows for the identification of any configuration discrepancies and rapid intervention if issues are detected. The certificate renewal process is automated through a subscription model that enables timely updates, and the notification system alerts users about the impending expiration of the certificate. The entirety of the technical support is carried out in accordance with the highest standards of security and industry compliance, guaranteeing uninterrupted brand protection and the reliability of email communication.