FAQs

VMCs are currently supported in the Gmail web interface, Gmail Android and iPhone app. It is important to note that Gmail owns the most users, with over 1.8 billion active users1. Additionally, 75% of Gmail users access their email via their mobile device2.

The time and effort to get DMARC enforced varies for each business. For some, it may have already been set up by your hosting provider. With just a single sending domain, other businesses could be simple – add the sending domains to SPF, set up DKIM, create a DMARC record, and enforce it. In the case of larger companies with many internal email sending solutions, identifying and building allow-list servers to put into SPF records can require a lot of effort. Some large institutions leverage DMARC specialists, like our partner, Valimail, for DMARC at enforcement and analysis or management of DNS.

DMARC is not required to purchase a VMC, but DMARC at enforcement is necessary before the email client will use the VMC to display the logo.

You can utilize several online tools to check your BIMI record. Here are three options:

• https://domain-checker.valimail.com/dmarc/
• https://www.mailhardener.com/tools/dmarc-validator
• https://bimigroup.org/bimi-generator/

When you purchased your VMC, you submitted an SVG file and received a PEM file in return. Both files, retaining their original names, need to be placed on a publicly accessible server, and they need to be accessible via https: (note: http will cause a failure). Please note: the SVG that is hosted and referenced in your BIMI record must match, to the byte, the SVG file that was validated and is referenced in your PEM file. If there is a mismatch, the BIMI functionality will be inhibited.

You can reference our blog post to walk you through exporting your logo to the correct SVG Tiny PS format. Of course, the most important step has your logo in a vector format. There are also third-party services available to convert your logo, but exporting an SVG file from Adobe Illustrator—or a similar program—and modifying the format can be easily achieved by following our guide.

Currently, there are eight approved trademark offices—found here. We will continue to update the list as new agencies are added. If you have a trademark office you would like to see added, contact BIMIgroup.org to offer your suggestion.

You can reference the validation process here.

Yes! Gmail, which displays VMCs, is used by over 5 million businesses worldwide, including small startups, mid-sized companies, and large enterprises like Verizon, Colgate-Palmolive, and Keller Williams. (Source: Google Cloud, 2019)

VMCs have a validity of 365 days (1 year)

VMCs do not act like a typical TLS certificate. They do not encrypt traffic, use a private key or require a CSR to order. Instead, VMCs assert a typographically verifiable and auditable binding between an identity, a logo, and a domain. This ensures that the identified organization operates on a domain that they own when sending emails to end-users.

All sending domains need to be listed, but subdomains do not, as the base domain will cover them. For example, if you have three sending domains like mail.example.com, marketing.example.com, and example.com, you only need to list example.com in your request. Of course, you are free to list each subdomain if you like, but it is not necessary—and if you do list them, there will be a charge. But if you are also sending from example.co.uk, that should be listed because it’s a different domain.

We charge $499 per listed subdomain and $499 for each additional domain. For more information, you can visit our website digicert.com/vmc or see the following resources:

• Get your VMC Detailed Guide
• Trademarking your logo
• How to set up DMARC to qualify for VMC.