A verified mark certificate (VMC for BIMI) is a clear indication to your customers that you are a legitimate business, and not a malicious source trying to phish them. A VMC instills trust among your esteemed client base by visually affirming that you’ve gone through a process to verify your identity and the legitimacy of your business.

Email delivery is in a bit of a crisis. With rising rates of spam and phishing, 26% of messages are now classified as spam, and another study shows a quarter of all recipients open emails via smartphones. In order to protect ourselves from the endless onslaught of malicious emails and improve both deliverability and recipient engagement, the rest of us can do well by including graphical account verification information within our emails. Stand out from the dark background noise of spam and phishing campaigns – let your company’s logo serve as an indicator that this message is actually coming from your organization and has been verified by DMARC authentication standard as a legitimate source, with VMC and BIMI!

Table of Contents

What is a VMC and How Do VMCs work?

How can Growing Businesses Benefit from VMC and BIMI?

Frequently Asked Questions

How many VMCs do I need if I own and operate multiple domains?

How to get my logo trademarked?

How to convert BIMI logo image to SVG?

Which mailboxes currently support BIMI and VMC?

What is a VMC and How Do VMCs work?

VMC helps organizations prove their legitimacy to their email recipients by verifying their brand logo. It complements Brand Indicators for Message Identification (BIMI) that helps organizations display their unique brand logos alongside DMARC compliant emails. This promotes a consistent emailing experience that is both visually appealing and authenticated.

Step 1: Make your emails DMARC Compliant 

To get your VMC, as a prerequisite you need to gain DMARC compliance on your emails. DMARC helps you mitigate the risk of email abuse and impersonation attacks like phishing, spoofing, and ransomware by authenticating emails sent from your domain. It also helps in spam compliance and improves email deliverability. Simply configuring the protocol with a published DNS record is not enough to fulfill VMC requirements. To get on board, a minimum DMARC enforcement level of p=reject/quarantine is necessary. By using a DMARC analyzer you can achieve maximum DMARC compliance on your emails and move to an enforced policy to meet the certificate requirements in no time!

Check whether your domain is already DMARC compliant or not, with our free DMARC record checker.

Step 2: Purchase your Verified Mark Certificate

The next step is to purchase your VMC from a trusted, industry-recognized, and licensed Certification Authority. Make sure your brand logo is trademarked and converted to SVG format before you place the order for your VMC.

Learn how to buy VMC for your domain(s) now!

Step 3: Implement BIMI at Your Organization

After getting hold of your verified mark certificate, you can now configure BIMI for your organization to make sure your emails can be visually authenticated, and your selected logos are being displayed by supported mailbox providers. Simply sign up for PowerBIMI, your one-click hosted BIMI record implementation service. Upload your BIMI logo image and VMC instantly and generate a single CNAME record to configure your protocol. Forget about the pain of having to access your DNS every time you need to modify or update your record, while you sit back and enjoy the benefits of BIMI.

How can Growing Businesses Benefit from VMC and BIMI? 

  • Verified emails increase engagement rates and instill trust 

Logos are used across all of the email experiences in an effort to create a consistent, trusted brand that is visually identifiable. VMC and BIMI help you increase visibility, recall, and engagement—including a 10% increase in engagement rates—by creating a marketing experience that visually differentiates you from the competition.

  • It is a visual indication of a legitimate and authenticated email 

VMC is the best way to ensure that your emails are delivered securely from end to end by making it mandatory for domain owners to enforce their DMARC policies before purchasing the certificate. It helps prevent common email security problems like spoofing, phishing, and BEC. When you use VMC with DMARC authentication, you also make it harder for unscrupulous senders to steal identities.

  • It helps email senders choose which logo should be attached

When you use VMC, you can choose which logo should be displayed in your brand’s campaigns. This means that if you have multiple logos, you can select different logos to be displayed for different communication channels. Then, when you upload a logo to your authenticated domain and configure BIMI, the chosen logo will be displayed in your recipient’s inboxes for mailbox providers who support BIMI.

  • A great marketing tool that provides a visually compelling email experience 

VMC and BIMI go hand-in-hand to provide a visually appealing email experience for organizations and their clients alike. It is a great marketing tool that helps domain owners make the most of their email marketing campaigns, reducing the chances of their emails being ignored, and enhancing their brand’s recall and recognition. It provides a more consistent and professional look to your business emails that is sure to capture your client’s attention.

Frequently Asked Questions on VMC for BIMI

  • How many VMCs do I need if I own and operate multiple domains? 

Even if you operate multiple domains, you need to purchase only one VMC for all your domains provided that you want only one standard logo to be displayed across all email channels. However, if you have more than one logo, you need to purchase one VMC per logo.

  • How to get my logo trademarked? 

According to VMC guidelines, if you don’t have a trademarked logo, you need to get your logo trademarked by an official intellectual property office that is functional in your country. Once your logo is trademarked, it will have an ‘®’ symbol attached to it. 

  • How to convert BIMI logo image to SVG? 

You can manually convert your BIMI logo image to an SVG file using Adobe Illustrator. Make sure you convert the image to SVG 1.2 (vector-based) as per BIMI standards. For step-by-step instructions on converting your logo image to SVG, read our detailed Guide to BIMI

  • Which mailboxes currently support BIMI and VMC? 

Currently, Google, Verizon Media (Yahoo!, AOL), Fastmail, and Proofpoint have successfully extended support. However, many others are in their pilot program. 

For more queries regarding how to place an order for a VMC or implement BIMI at your organization, get in touch with us at [email protected].

To complement the Industry-wide BIMI rollout, PowerDMARC has joined hands with DigiCert to provide brands with Verified Mark Certificates (VMC) for starting their BIMI journey seamlessly.

The BIMI program requires that you configure your domain with an enforced DMARC policy, together with a verified mark certificate. PowerDMARC has emerged as a pioneer in the email security industry, allowing organizations to set up their domains with DMARC authentication, and shift to a more secure policy.

Now, with this invaluable partnership, brands can avail of their DigiCert VMCs for BIMI directly by signing up for PowerBIMI: the one-click easy BIMI implementation solution that allows you to upload your VMC and SVG file at ease without the hassle of hosting and maintaining any servers! Sit back and enjoy the benefits of VMC and BIMI as we handle the rest for you in the background.

Verified Mark Certificates: What is VMC?

VMCs allow brands to render their unique brand logo next to the “sender” field for emails as a mark of authenticity. It helps your customers determine the credibility of your message even before they open the email. Overall, it builds trust among customers and provides a visually compelling email experience. It is both an email verification system and a marketing tool that takes your brand recall to a whole new level!

VMC Benefits for Growing Businesses

The various benefits of VMC include:

  • A 10% increase in email engagement rates
  • Enforced DMARC policy that keeps phishing attacks, spoofing, and fake emails at bay
  • Provides a visually appealing email experience
  • Helps you streamline your BIMI adoption journey

About DigiCert

As a leading U.S. certificate authority (CA), DigiCert has issued more than 50 million certificates for more than 10 million domain names and is the largest provider of publicly trusted SSL/TLS certificates in the industry. They follow a unanimous goal of verifying brand identities to secure an organization’s digital interactions.

About PowerDMARC

PowerDMARC is your one-stop email authentication SaaS platform with one goal: to make your emails safe again! We provide hosted email authentication solutions like SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI, along with MSP/MSSP opportunities for global brands. We aim at improving the email security infrastructure at your organization and protect your domains from impersonation, spoofing, and brand abuse. PowerDMARC offers managed DMARC services and deployment services that are both cost-effective and easy to configure, allowing you to roll out BIMI and DMARC at the fastest market speed!

Sign up for your DMARC analyzer today, or contact us at [email protected] for any queries.

It is critical that any business using emails to communicate with their customers becomes DMARC compliant in order to protect the fidelity and privacy of their client’s information. However, a common mistake that organizations often end up making is securing their local/active domains, while completely ignoring the security of their parked domains.

DMARC is an email authentication protocol designed to prevent spammers from impersonating the senders of legitimate emails. Using DMARC provides real value. Not only is it an industry standard, but by implementing it you earn trust and respect from your customers, gain control of your domain from cybercriminals, and increase deliverability and message consistency.

What are Parked Domains?

Parked domains are webmaster-friendly aliases that streamline and promote your online presence. Basically, it refers to the practice of using an alternative domain name (i.e., parked) for advertising or administrative purposes. Parked domains are a great way to create additional brand equity for your business. While Parked Domains are domains that have been registered on purpose, they are not necessarily used to send emails or rank in search engines.

A parked domain is usually just an empty shell with no substance. Such domains often remain dormant and aren’t used for any interactive purposes like sending emails. Often purchased years ago, it is only natural for large enterprises that make use of several domains to carry out daily activities, to forget about them. So naturally, you might be thinking about whether securing your parked domains is even necessary in the first place? The answer is, yes! The low domain security of your inactive domains can make them an easier target for attackers. DMARC steps in to help you secure these parked domains, preventing them from being used for malicious ends.

How Can You Leverage DMARC to Secure Your Parked Domains?

In general, ISPs will treat domain names, especially parked domains, that lack a DMARC record with a low level of scrutiny. This means that these domains may not be protected well against spam and abuse. By skipping this step, you might be protecting your main domain with 100% DMARC enforcement with a policy of p=reject, all while remaining vulnerable on your parked domains. By setting up a set of DNS records for inactive domains, you can help prevent them from being used for phishing or malware distribution.

For every business owner out there, your company’s reputation should be of utmost importance to you. Therefore, when it comes to opting for email authentication, it should be for every domain you own. What’s even better is that implementing DMARC only requires you to publish a couple of records in your DNS.

However, before implementing DMARC you need to consider the following factors:

1) Make sure you have a valid and published SPF record on your DNS

For your inactive or parked domains, you only need a record that specifies that the particular domain is currently inactive and any email originating from it should be rejected. An empty SPF record with the following syntax does exactly that:

yourparkeddomain.com TXT v=spf1 -all

2) Be certain that you have a functional DKIM record published on your DNS

The best way to nullify DKIM selectors that were active in the past is to publish a DKIM record with (*) as your selector and an empty “p” mechanism. This specifies to MTAs that any selector for that parked domain is not valid anymore:

*._domainkey.yourparkeddomain.com TXT v=DKIM1; p=

3) Publish a DMARC record for your Parked Domains

In addition to publishing SPF, you should publish a DMARC record for your parked domains. A DMARC policy of “reject” for your inactive domains helps secure them. With DMARC you can also view and monitor fraudulent activities on these domains with reports you can view on our DMARC report analyzer dashboard.

You can configure the following DMARC record for your parked domains:

_dmarc.yourparkeddomain.com TXT “v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]


Note: replace the sample RUA and RUF email addresses with valid email addresses (that don’t point to your parked domains) wherein you want to receive your DMARC reports. Alternatively, you can add your custom PowerDMARC RUA and RUF addresses to send your reports directly to your PowerDMARC account and view them on your DMARC report analyzer dashboard.

In case you have a large number of previously registered parked domains, you can configure the following CNAME record that points to a single domain, for all your parked domains:

_dmarc.yourparkeddomain.com  CNAME   _dmarc.parked.example.net

Once done, you can then publish a DMARC TXT record that points to the email addresses on which you want to receive your RUA and RUF reports, for that same domain on which you have configured DMARC for your parked domains:

_dmarc.parked.example.net TXT v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

To avoid implementing DMARC for your active and parked domains manually, help us help you automate the process and make it seamless for your organization with our proactive support team and an effective DMARC software solution. Sign up for your DMARC analyzer today!

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a specification that allows you to prevent email spoofing and phishing attempts. In a nutshell, DMARC allows you to implement a policy that helps verify that your email messages can be trusted by your recipients’ mail servers. DMARC can lower your email bounce rates by improving your domain reputation and email deliverability. It also boosts your email marketing campaigns, improves the sender reputation of your domain, and makes receiving emails more secure.

A high email bounce rate can seriously hurt the success rate of your email marketing campaigns in the future. Surveys suggest that 50% of all emails sent out by the marketing professionals at your organization, never even reach the inboxes of your prospective clients. From there, many face a further challenge in actually getting read, with many more emails ending up in your trash or spam folder than any other location. Luckily for us, DMARC is an email authentication standard that’s very close to a reality where it will fix these issues. Let’s find out how!

Why Do Email Bounces Occur?

Sometimes your outbound email gets rejected by the recipients’ mail server. When an email bounces, it is because the email server thinks that there’s a problem or error with how you sent the message. Email bounces can occur due to a wide variety of reasons, here are a few:

  • Server downtime
  • Your receiver’s inbox is full
  • Poor sender reputation as a result of spam complaints

While the first two scenarios are quite easy to handle, the third scenario is where matters get a little tricky and complicated. More often than not your domain can be spoofed by attackers, meaning that your very domain name can be used to send fake emails to phish your recipients. Repeated spoofing attempts on your domain and emails containing fraudulent attachments sent to your receivers can drastically damage your sender’s reputation. This increases the chances of your emails being marked as spam and aggravates the risk of email bounces.

A DMARC analyzer helps you stop email spoofing and protects your receivers from accepting fake emails sent from your domain. This, in turn, upholds your reputation and credibility and lowers your email bounce rate over time.

DMARC and Deliverability

If you run an online business, you already know how important email deliverability is. To maximize profit on your email marketing campaigns, you need to ensure that legitimate emails always get delivered and reduce the chances of your emails being marked as spam in your recipients’ inboxes.

The most effective way to secure user trust is by not allowing phishing and spam emails. But to do this you will need the credibility of appearing legitimate – in other words, your users need to recognize your emails as being real emails and not spam. DMARC is designed to reduce the number of spam emails delivered to your recipients’ inboxes while ensuring legitimate emails from your domain are always successfully delivered. DMARC provides a method for sending organizations to ensure that emails are delivered reliably and offers domain protection using SPF/DKIM records. DMARC is based on the concept of alignment between authentication protocols (the aforementioned SPF and DKIM) and reports describing sender usages such as message repudiation or policy violations.

Monitor Your Email Channels with DMARC Reports

While implementing DMARC, experts recommend that you start off with a none policy and enable DMARC reporting for all your domains. Although a none policy for DMARC doesn’t protect your domain against spoofing and phishing attacks, it is ideal when you want to simply monitor all your email channels and view how your emails are performing. A DMARC report analyzer is the perfect platform to do exactly that, and much more! It helps you view all your email sending sources across a single pane of glass, and fix issues in email delivery.

Slowly, but surely, you can confidently shift to a more enforced policy so as to stop attackers from misusing your domain name. To further increase the chances of your legitimate emails reaching your clients, you can implement BIMI at your organization. Brand Indicators for Message Identification (BIMI), as the name suggests, helps your clients visually identify your brand in their inboxes by affixing your unique logo to each of your outbound emails. This makes your email marketing campaigns more of a success and reduces the chances of email bounces even further!