DEV Community

Cover image for Verified Mark Certificate Guide
Eden Allen
Eden Allen

Posted on

Verified Mark Certificate Guide

#learning #security #tutorial #identity

Getting a Verified Mark Certificate (VMC) is essential if you want your brand’s logo to appear next to authenticated emails. This enhances trust and combats phishing. Here’s a simplified overview of the process in six key steps:

1. Become DMARC Compliant

Before applying for a VMC, your domain must have DMARC set up. DMARC (Domain-based Message Authentication, Reporting & Conformance) helps stop email spoofing. You must first:

  • Set up SPF (Sender Policy Framework) by listing all IPs allowed to send emails from your domain.

  • Configure DKIM (DomainKeys Identified Mail) to ensure email integrity using cryptographic signatures.

  • Add a DMARC TXT record in your DNS with a policy like p=quarantine or p=reject and monitor reports to fine-tune your email authentication.

2. Trademark Your Logo

To be eligible for a VMC, your logo must be a registered trademark.

  • Search for your logo in WIPO or your national trademark database.

  • Register it with official trademark offices (USPTO, EUIPO, etc.) if not already done.

  • If registration is difficult, a Common Mark Certificate (CMC) may work but is less preferred.

3. Format Your Logo Properly

Your logo must follow BIMI standards and be saved as SVG Tiny 1.2 (SVG-P/S) format.

  • Use tools like Adobe Illustrator to save it in the correct format.

  • Ensure the SVG includes attributes like xmlns and <title> for accessibility.

  • The logo should have a 1:1 aspect ratio, centered, with a transparent background.

4. Purchase a VMC from a Trusted CA

Buy your Verified Mark Certificate from a trusted provider like DigiCert.

  • Prepare trademark proof and identification documents.

  • You may undergo video or in-person validation.

  • For multiple logos or domains, you may need Multi-SAN VMCs.

5. Upload Your VMC

Once issued:

  • Upload the PEM file to your public web server.

  • Ensure any intermediate certificates are appended if needed.

  • Keep the URL handy for DNS configuration.

6. Add the BIMI Record

Finally, add a BIMI TXT record to your DNS:

v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/cert.pem

This tells mailbox providers where to find your logo and certificate.
Validate your setup with a BIMI checker tool to ensure it works as expected.

Source

Top comments (0)