A verified mark certificate (VMC) is a clear indication to your customers that you are a legitimate business, and not a malicious source trying to phish them. A VMC instills trust among your esteemed client base by visually affirming that you’ve gone through a process to verify your identity and the legitimacy of your business.

Email delivery is in a bit of a crisis. With rising rates of spam and phishing, 26% of messages are now classified as spam, and another study shows a quarter of all recipients open emails via smartphones. In order to protect ourselves from the endless onslaught of malicious emails and improve both deliverability and recipient engagement, the rest of us can do well by including graphical account verification information within our emails. Stand out from the dark background noise of spam and phishing campaigns – let your company’s logo serve as an indicator that this message is actually coming from your organization and has been verified by DMARC authentication standard as a legitimate source, with VMC and BIMI!

What is a VMC and How Do VMCs work?

VMC helps organizations prove their legitimacy to their email recipients by verifying their brand logo. It complements Brand Indicators for Message Identification (BIMI) that helps organizations display their unique brand logos alongside DMARC compliant emails. This promotes a consistent emailing experience that is both visually appealing and authenticated.

Step 1: Make your emails DMARC Compliant 

To get your VMC, as a prerequisite you need to gain DMARC compliance on your emails. DMARC helps you mitigate the risk of email abuse and impersonation attacks like phishing, spoofing, and ransomware by authenticating emails sent from your domain. It also helps in spam compliance and improves email deliverability. Simply configuring the protocol with a published DNS record is not enough to fulfill VMC requirements. To get on board, a minimum DMARC enforcement level of p=reject/quarantine is necessary. By using a DMARC analyzer you can achieve maximum DMARC compliance on your emails and move to an enforced policy to meet the certificate requirements in no time!

Check whether your domain is already DMARC compliant or not, with our free DMARC record checker.

Step 2: Purchase your Verified Mark Certificate

The next step is to purchase your VMC from a trusted, industry-recognized, and licensed Certification Authority. Make sure your brand logo is trademarked and converted to SVG format before you place the order for your VMC.

Learn how to buy VMC for your domain(s) now!

Step 3: Implement BIMI at Your Organization

After getting hold of your verified mark certificate, you can now configure BIMI for your organization to make sure your emails can be visually authenticated, and your selected logos are being displayed by supported mailbox providers. Simply sign up for PowerBIMI, your one-click hosted BIMI record implementation service. Upload your BIMI logo image and VMC instantly and generate a single CNAME record to configure your protocol. Forget about the pain of having to access your DNS every time you need to modify or update your record, while you sit back and enjoy the benefits of BIMI.

How can Growing Businesses Benefit from VMC and BIMI? 

  • Verified emails increase engagement rates and instill trust 

Logos are used across all of the email experiences in an effort to create a consistent, trusted brand that is visually identifiable. VMC and BIMI help you increase visibility, recall, and engagement—including a 10% increase in engagement rates—by creating a marketing experience that visually differentiates you from the competition.

  • It is a visual indication of a legitimate and authenticated email 

VMC is the best way to ensure that your emails are delivered securely from end to end by making it mandatory for domain owners to enforce their DMARC policies before purchasing the certificate. It helps prevent common email security problems like spoofing, phishing, and BEC. When you use VMC with DMARC authentication, you also make it harder for unscrupulous senders to steal identities.

  • It helps email senders choose which logo should be attached

When you use VMC, you can choose which logo should be displayed in your brand’s campaigns. This means that if you have multiple logos, you can select different logos to be displayed for different communication channels. Then, when you upload a logo to your authenticated domain and configure BIMI, the chosen logo will be displayed in your recipient’s inboxes for mailbox providers who support BIMI.

  • A great marketing tool that provides a visually compelling email experience 

VMC and BIMI go hand-in-hand to provide a visually appealing email experience for organizations and their clients alike. It is a great marketing tool that helps domain owners make the most of their email marketing campaigns, reducing the chances of their emails being ignored, and enhancing their brand’s recall and recognition. It provides a more consistent and professional look to your business emails that is sure to capture your client’s attention.

Frequently Asked Questions

1) How many VMCs do I need if I own and operate multiple domains? 

Even if you operate multiple domains, you need to purchase only one VMC for all your domains provided that you want only one standard logo to be displayed across all email channels. However, if you have more than one logo, you need to purchase one VMC per logo.

2) How to get my logo trademarked? 

According to VMC guidelines, if you don’t have a trademarked logo, you need to get your logo trademarked by an official intellectual property office that is functional in your country. Once your logo is trademarked, it will have an ‘®’ symbol attached to it.

3) How to convert BIMI logo image to SVG? 

You can manually convert your BIMI logo image to an SVG file using Adobe Illustrator. Make sure you convert the image to SVG 1.2 (vector-based) as per BIMI standards. For step-by-step instructions on converting your logo image to SVG, read our detailed Guide to BIMI. 

4) Which mailboxes currently support BIMI and VMC? 

Currently, Google, Verizon Media (Yahoo!, AOL), Fastmail, and Proofpoint have successfully extended support. However, many others are in their pilot program.

For more queries regarding how to place an order for a VMC or implement BIMI at your organization, get in touch with us at [email protected]

To complement the Industry-wide BIMI rollout, PowerDMARC has joined hands with DigiCert to provide brands with Verified Mark Certificates (VMC) for starting their BIMI journey seamlessly.

The BIMI program requires that you configure your domain with an enforced DMARC policy, together with a verified mark certificate. PowerDMARC has emerged as a pioneer in the email security industry, allowing organizations to set up their domains with DMARC authentication, and shift to a more secure policy.

Now, with this invaluable partnership, brands can avail of their DigiCert VMCs for BIMI directly by signing up for PowerBIMI: the one-click easy BIMI implementation solution that allows you to upload your VMC and SVG file at ease without the hassle of hosting and maintaining any servers! Sit back and enjoy the benefits of VMC and BIMI as we handle the rest for you in the background.

Verified Mark Certificates: What is VMC?

VMCs allow brands to render their unique brand logo next to the “sender” field for emails as a mark of authenticity. It helps your customers determine the credibility of your message even before they open the email. Overall, it builds trust among customers and provides a visually compelling email experience. It is both an email verification system and a marketing tool that takes your brand recall to a whole new level!

VMC Benefits for Growing Businesses

The various benefits of VMC include:

  • A 10% increase in email engagement rates
  • Enforced DMARC policy that keeps phishing attacks, spoofing, and fake emails at bay
  • Provides a visually appealing email experience
  • Helps you streamline your BIMI adoption journey

About DigiCert

As a leading U.S. certificate authority (CA), DigiCert has issued more than 50 million certificates for more than 10 million domain names and is the largest provider of publicly trusted SSL/TLS certificates in the industry. They follow a unanimous goal of verifying brand identities to secure an organization’s digital interactions.

About PowerDMARC

PowerDMARC is your one-stop email authentication SaaS platform with one goal: to make your emails safe again! We provide hosted email authentication solutions like SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI, along with MSP/MSSP opportunities for global brands. We aim at improving the email security infrastructure at your organization and protect your domains from impersonation, spoofing, and brand abuse. PowerDMARC offers managed DMARC services and deployment services that are both cost-effective and easy to configure, allowing you to roll out BIMI and DMARC at the fastest market speed!

Sign up for your DMARC analyzer today, or contact us at [email protected] for any queries.

It is critical that any business using emails to communicate with their customers becomes DMARC compliant in order to protect the fidelity and privacy of their client’s information. However, a common mistake that organizations often end up making is securing their local/active domains, while completely ignoring the security of their parked domains.

DMARC is an email authentication protocol designed to prevent spammers from impersonating the senders of legitimate emails. Using DMARC provides real value. Not only is it an industry standard, but by implementing it you earn trust and respect from your customers, gain control of your domain from cybercriminals, and increase deliverability and message consistency.

What are Parked Domains?

Parked domains are webmaster-friendly aliases that streamline and promote your online presence. Basically, it refers to the practice of using an alternative domain name (i.e., parked) for advertising or administrative purposes. Parked domains are a great way to create additional brand equity for your business. While Parked Domains are domains that have been registered on purpose, they are not necessarily used to send emails or rank in search engines.

A parked domain is usually just an empty shell with no substance. Such domains often remain dormant and aren’t used for any interactive purposes like sending emails. Often purchased years ago, it is only natural for large enterprises that make use of several domains to carry out daily activities, to forget about them. So naturally, you might be thinking about whether securing your parked domains is even necessary in the first place? The answer is, yes! The low domain security of your inactive domains can make them an easier target for attackers. DMARC steps in to help you secure these parked domains, preventing them from being used for malicious ends.

How Can You Leverage DMARC to Secure Your Parked Domains?

In general, ISPs will treat domain names, especially parked domains, that lack a DMARC record with a low level of scrutiny. This means that these domains may not be protected well against spam and abuse. By skipping this step, you might be protecting your main domain with 100% DMARC enforcement with a policy of p=reject, all while remaining vulnerable on your parked domains. By setting up a set of DNS records for inactive domains, you can help prevent them from being used for phishing or malware distribution.

For every business owner out there, your company’s reputation should be of utmost importance to you. Therefore, when it comes to opting for email authentication, it should be for every domain you own. What’s even better is that implementing DMARC only requires you to publish a couple of records in your DNS.

However, before implementing DMARC you need to consider the following factors:

1) Make sure you have a valid and published SPF record on your DNS

For your inactive or parked domains, you only need a record that specifies that the particular domain is currently inactive and any email originating from it should be rejected. An empty SPF record with the following syntax does exactly that:

yourparkeddomain.com TXT v=spf1 -all

2) Be certain that you have a functional DKIM record published on your DNS

The best way to nullify DKIM selectors that were active in the past is to publish a DKIM record with (*) as your selector and an empty “p” mechanism. This specifies to MTAs that any selector for that parked domain is not valid anymore:

*._domainkey.yourparkeddomain.com TXT v=DKIM1; p=

3) Publish a DMARC record for your Parked Domains

In addition to publishing SPF, you should publish a DMARC record for your parked domains. A DMARC policy of “reject” for your inactive domains helps secure them. With DMARC you can also view and monitor fraudulent activities on these domains with reports you can view on our DMARC report analyzer dashboard.

You can configure the following DMARC record for your parked domains:

_dmarc.yourparkeddomain.com TXT “v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]


Note: replace the sample RUA and RUF email addresses with valid email addresses (that don’t point to your parked domains) wherein you want to receive your DMARC reports. Alternatively, you can add your custom PowerDMARC RUA and RUF addresses to send your reports directly to your PowerDMARC account and view them on your DMARC report analyzer dashboard.

In case you have a large number of previously registered parked domains, you can configure the following CNAME record that points to a single domain, for all your parked domains:

_dmarc.yourparkeddomain.com  CNAME   _dmarc.parked.example.net

Once done, you can then publish a DMARC TXT record that points to the email addresses on which you want to receive your RUA and RUF reports, for that same domain on which you have configured DMARC for your parked domains:

_dmarc.parked.example.net TXT v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

To avoid implementing DMARC for your active and parked domains manually, help us help you automate the process and make it seamless for your organization with our proactive support team and an effective DMARC software solution. Sign up for your DMARC analyzer today!

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a specification that allows you to prevent email spoofing and phishing attempts. In a nutshell, DMARC allows you to implement a policy that helps verify that your email messages can be trusted by your recipients’ mail servers. DMARC can lower your email bounce rates by improving your domain reputation and email deliverability. It also boosts your email marketing campaigns, improves the sender reputation of your domain, and makes receiving emails more secure.

A high email bounce rate can seriously hurt the success rate of your email marketing campaigns in the future. Surveys suggest that 50% of all emails sent out by the marketing professionals at your organization, never even reach the inboxes of your prospective clients. From there, many face a further challenge in actually getting read, with many more emails ending up in your trash or spam folder than any other location. Luckily for us, DMARC is an email authentication standard that’s very close to a reality where it will fix these issues. Let’s find out how!

Why Do Email Bounces Occur?

Sometimes your outbound email gets rejected by the recipients’ mail server. When an email bounces, it is because the email server thinks that there’s a problem or error with how you sent the message. Email bounces can occur due to a wide variety of reasons, here are a few:

  • Server downtime
  • Your receiver’s inbox is full
  • Poor sender reputation as a result of spam complaints

While the first two scenarios are quite easy to handle, the third scenario is where matters get a little tricky and complicated. More often than not your domain can be spoofed by attackers, meaning that your very domain name can be used to send fake emails to phish your recipients. Repeated spoofing attempts on your domain and emails containing fraudulent attachments sent to your receivers can drastically damage your sender’s reputation. This increases the chances of your emails being marked as spam and aggravates the risk of email bounces.

A DMARC analyzer helps you stop email spoofing and protects your receivers from accepting fake emails sent from your domain. This, in turn, upholds your reputation and credibility and lowers your email bounce rate over time.

DMARC and Deliverability

If you run an online business, you already know how important email deliverability is. To maximize profit on your email marketing campaigns, you need to ensure that legitimate emails always get delivered and reduce the chances of your emails being marked as spam in your recipients’ inboxes.

The most effective way to secure user trust is by not allowing phishing and spam emails. But to do this you will need the credibility of appearing legitimate – in other words, your users need to recognize your emails as being real emails and not spam. DMARC is designed to reduce the number of spam emails delivered to your recipients’ inboxes while ensuring legitimate emails from your domain are always successfully delivered. DMARC provides a method for sending organizations to ensure that emails are delivered reliably and offers domain protection using SPF/DKIM records. DMARC is based on the concept of alignment between authentication protocols (the aforementioned SPF and DKIM) and reports describing sender usages such as message repudiation or policy violations.

Monitor Your Email Channels with DMARC Reports

While implementing DMARC, experts recommend that you start off with a none policy and enable DMARC reporting for all your domains. Although a none policy for DMARC doesn’t protect your domain against spoofing and phishing attacks, it is ideal when you want to simply monitor all your email channels and view how your emails are performing. A DMARC report analyzer is the perfect platform to do exactly that, and much more! It helps you view all your email sending sources across a single pane of glass, and fix issues in email delivery.

Slowly, but surely, you can confidently shift to a more enforced policy so as to stop attackers from misusing your domain name. To further increase the chances of your legitimate emails reaching your clients, you can implement BIMI at your organization. Brand Indicators for Message Identification (BIMI), as the name suggests, helps your clients visually identify your brand in their inboxes by affixing your unique logo to each of your outbound emails. This makes your email marketing campaigns more of a success and reduces the chances of email bounces even further!

Domains have grown at an explosive rate over the last decade. With a decades-long history and the power to build trust, domains have long been the premier asset for businesses, online. Domain name security is a top concern for domain holders, and today’s online threats make managing domains more complex than ever. In the 1980s, the first top-level domains were established on the internet. Since then, there have been notable developments in domain name architecture, resulting in more security challenges and costs for businesses and consumers alike. Since their inception, domains have become a channel for cyberattacks and threats to online data and security. DMARC is a widely acclaimed protocol that protects your domain name and online assets from abuse and impersonation.

But before we get to that, here are three reasons why protecting your domain name should be your topmost priority starting today:

Your Domain is the Face of Your Company

Your domain is a reflection of your brand and is one of the most important online assets of your organization. The domain name is the digital address of your business and is an important part of your IP portfolio. It’s the first thing that potential customers and investors will see. Research shows that domains are now one of the most valuable elements of a company’s business, alongside intellectual property rights, easily identifiable assets, and shares. Domains are a vital part of any business’s IP portfolio, providing a long-term and authoritative presence on the Internet. It is essential to protect and renew them. Acquisition or abuse of domain names by cybercriminals can cause clients, customers, and partners to become inconsolable.

Domain Management is Not an Easy Task

Organizations now realize that their domain represents their business goals and creates that unified public face of the company that customers recognize when searching for products and services. As organizations become increasingly reliant on IP assets, domain management is likely to become more of a liability. The domains that are now the cornerstone of an organization’s security must be effectively managed, not just handled by internal IT teams. However, domain management poses its own set of security challenges. With the increasing number of domains each company owns, impersonating your organization for malicious ends becomes quite easy.

Did you know, 33% of organizations experienced cyberattacks specifically targeting their domain names in 2020?

Lack of Domain Name Security Increases the Risk of Domain Spoofing

Domain spoofing is a social engineering tactic, popular among cybercriminals of the digital age. A spoofed email domain accurately impersonates a valid domain and can be used to trick employees, customers, and partners who rely on your services. Spoofed domains are used to send fake emails to customers to perpetrate phishing attacks aimed at stealing sensitive data and bank details to launder money, or inject ransomware into their system. Suffice to say, it is extremely damaging to any business, both financially, as well as reputationally.

How to Secure Your Domain Name?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a mechanism letting organizations protect their domain name from impersonation, domain abuse, and spoofing. It helps stop phishing (which is the leading cause of identity theft) by creating a 100% reliable mechanism for authenticating emails that are sent from your domain. It prevents unauthorized parties from setting up email accounts using a legitimate organization’s domain name. Configuring a DMARC analyzer at your organization can provide all-around protection to your domain name, helping you make sure that your reputation remains intact and your domain can never be used for malicious purposes.

Manage Your Domains Effectively with PowerDMARC DMARC Report Analyzer

With our DMARC report analyzer, you can manage your domains across a single pane of glass, read your DMARC reports, view authentication results, and pick up on malicious activities faster. It also allows you to adjust settings on the fly for immediate changes. Whether you are a small business or enterprise, a DMARC report analyzer gives you deeper control over how you manage email authentication.

Most importantly, it gives you a single place to manage the domains that you own from multiple registrars. Our intuitive interface provides a descriptive breakdown of each failure, helping you take action against them faster than ever before.

  • It provides a single, integrated solution for reading your DMARC reports
  • It provides the ability to quickly identify anomalies in your reports.
  • With report filtering options, this powerful module will allow you to better manage your domain’s health across multiple domains across various mail servers
  • Provides a clear view of the overall picture of how your emails are protected, bounce back messages, and what malicious activities are being attempted on your domain
  • Helps you save time by knowing the full picture with a reliable and clear dashboard that gives you a simple overview of your data
  • Highlights any errors in your SPF, DKIM, BIMI, MTA-STS record and TLS-RPT.

Email authentication standards: SPF, DKIM, and DMARC are showing promise in cutting down on email spoofing attempts and improving email deliverability. While differentiating spoofed (fake) emails from legitimate ones, email authentication standards go further in distinguishing if an email is legitimate by verifying the identity of the sender.

As more organizations adopt these standards, the overall message of trust and authority in email communication will begin to reassert itself. Every business that depends on email marketing, project requests, financial transactions, and the general exchange of information within or across companies needs to understand the basics of what these solutions are designed to accomplish and what benefits they can get out of them.

What is Email Spoofing?

Email spoofing is a common cybersecurity issue encountered by businesses today. In this article, we will understand how spoofing works and the various methods to fight it. We will learn about the three authentication standards used by email providers − SPF, DKIM, and DMARC to stop it from happening.

Email spoofing can be classified as an advanced social engineering attack that uses a combination of sophisticated techniques to manipulate the messaging environment and exploit legitimate features of email. These emails will often appear entirely legitimate, but they are designed with the intention of gaining access to your information and/or resources. Email spoofing is used for a variety of purposes ranging from attempts to commit fraud, to breach security, and even to try to gain access to confidential business information. As a very popular form of email forgery, spoofing attacks aim to deceive recipients into believing that an email was sent from a business they use and can trust, instead of the actual sender. As emails are increasingly being sent and received in bulk, this malicious form of email scam has increased dramatically in recent years.

How can Email Authentication Prevent Spoofing?

Email authentication helps you verify email sending sources with protocols like SPF, DKIM, and DMARC to prevent attackers from forging domain names and launch spoofing attacks to trick unsuspecting users. It provides verifiable information on email senders that can be used to prove their legitimacy and specify to receiving MTAs what to do with emails that fail authentication.

Hence, to enlist the various benefits of email authentication, we can confirm that SPF, DKIM, and DMARC aid in:

  • Protecting your domain from phishing attacks, domain spoofing, and BEC
  • Providing granular information and insights on email sending sources
  • Improving domain reputation and email deliverability rates
  • Preventing your legitimate emails from being marked as spam

How Do SPF, DKIM, and DMARC Work Together to Stop Spoofing?

Sender Policy Framework

SPF is an email authentication technique used to prevent spammers from sending messages on behalf of your domain. With it, you can publish authorized mail servers, giving you the ability to specify which email servers are permitted to send emails on behalf of your domain. An SPF record is stored in the DNS, listing all the IP addresses that are authorized to send mail for your organization.

If you want to leverage SPF in a way that would ensure its proper functioning, you need to ensure that SPF doesn’t break for your emails. This could happen in case you exceed the 10 DNS lookup limit, causing SPF permerror. SPF flattening can help you stay under the limit and authenticate your emails seamlessly.

DomainKeys Identified Mail

Impersonating a trusted sender can be used to trick your recipient into letting their guard down. DKIM is an email security solution that adds a digital signature to every message that comes from your customer’s inbox, allowing the receiver to verify that it was indeed authorized by your domain and enter your site’s trusted list of senders.

DKIM affixes a unique hash value, linked to a domain name, to each outgoing email message, allowing the receiver to check that an email claiming to have come from a specific domain was indeed authorized by the owner of that domain or not. This ultimately helps to pick up on spoofing attempts.

Domain-based Message Authentication, Reporting and Conformance

Simply implementing SPF and DKIM can help verify sending sources but isn’t effective enough to stop spoofing on their own. In order to stop cybercriminals from delivering fake emails to your recipients, you need to implement DMARC today. DMARC helps you align email headers to verify email From addresses, exposing spoofing attempts and fraudulent use of domain names. Moreover, it gives domain owners the power to specify to email receiving servers how to respond to emails failing SPF and DKIM authentication. Domain owners can choose to deliver, quarantine, and reject fake emails based on the degree of DMARC enforcement they need.

Note: Only a DMARC policy of reject allows you to stop spoofing.

Additionally, DMARC also offers a reporting mechanism to provide domain owners with visibility on their email channels and authentication results. By configuring your DMARC report analyzer, you can monitor your email domains on a regular basis with detailed information on email sending sources, email authentication results, geolocations of fraudulent IP addresses, and the overall performance of your emails. It helps you parse your DMARC data into an organized and readable format, and take action against attackers faster.

Ultimately, SPF, DKIM, and DMARC can work together to help you catapult your organization’s email security to new heights, and stop attackers from spoofing your domain name to safeguard your organization’s reputation and credibility.