Can a trademark owner authorize a third party to use their logo for BIMI?

Summary

All sources agree that a trademark owner *can* authorize a third party to use their logo for BIMI. This authorization is primarily managed through DMARC compliance and, increasingly, Verified Mark Certificates (VMCs). DMARC ensures the 'From:' domain is authenticated, demonstrating control and authorization. VMCs, issued by Certificate Authorities, provide a stronger validation, requiring proof of trademark ownership and the right to use the logo. As BIMI implementation matures, VMCs will become crucial in confirming authorized logo usage and building trust by assuring recipients that the email is not a phishing attempt.

Key findings

  • DMARC is Key: BIMI requires a DMARC pass, implying control and authorization of the sending domain by the trademark owner.
  • VMC Validates Rights: VMCs certify the logo's usage rights, providing a validated assurance of authorization from the trademark owner.
  • Trust and Security: BIMI is designed to improve trust in email and prevent phishing; it relies on verifying the sender's right to use the brand's logo.

Key considerations

  • Third-Party Access: Brands can authorize third parties to send BIMI-compliant email if they meet DMARC requirements and potentially have their sending domains included in the brand's VMC.
  • CA Authority: Certificate Authorities (CAs) like DigiCert and Entrust play a crucial role in validating rights and issuing VMCs, verifying the legitimacy of the logo's usage.
  • Evolving Standards: The BIMI landscape is evolving, with increasing emphasis on VMCs as a core component for ensuring brand security and trust in email communications.

What email marketers say
8Marketer opinions

The consensus is that a trademark owner can authorize a third party to use their logo for BIMI. This authorization is facilitated through mechanisms like DMARC compliance and Verified Mark Certificates (VMCs), which validate the right to use the logo. These measures ensure that only authorized senders can display the brand's logo, preventing fraud and building trust.

Key opinions

  • DMARC Compliance: BIMI requires DMARC compliance, which implies the trademark owner has authorized the sender.
  • VMC Requirement: Many mailboxes require a VMC to display the BIMI logo, which validates the organization's right to use the logo.
  • Authorization Implied: BIMI implementations inherently rely on the trademark owner's authorization for logo usage.
  • Certificate Authority Role: Certificate Authorities (CAs) verify the entity applying for the VMC and the mark to be used, further ensuring authorization.

Key considerations

  • Third-Party VMC: If a third party owns the sending domain (e.g., a marketing agency), the trademark owner may need to add that domain to their VMC.
  • Domain Ownership: The entity using the logo must demonstrate the right to use it, often through domain ownership or explicit permission from the trademark owner.
  • Trust and Fraud Prevention: BIMI and VMCs are designed to build trust and prevent fraud by ensuring only authorized senders can display brand logos.
Marketer view

Email marketer from Mailjet explains that BIMI relies on strong authentication to ensure that only authorized senders are displaying the brand's logo. Third-party use depends on compliant DMARC records.

June 2023 - Mailjet.com
Marketer view

Email marketer from Reddit shares that if a company authorizes a third-party vendor to send emails on their behalf using their domain (and passes DMARC), then the vendor can typically use the company's logo for BIMI, assuming they also have a VMC.

August 2024 - Reddit
Marketer view

Email marketer from Proofpoint.com shares that BIMI builds on DMARC by displaying the brand's logo in the recipient's inbox. The domain in the ‘From’ header must pass DMARC authentication, which implies authorization by the trademark owner for its use.

January 2024 - Proofpoint.com
Marketer view

Email marketer from StackOverflow mentions the whole point of BIMI/VMC is to ensure authorization. The logo displayed is validated, and if you're sending on someone else's behalf, you need their explicit permission and for them to have a valid VMC.

December 2023 - StackOverflow
Marketer view

Email marketer from Sendinblue responds that BIMI is designed to build trust and prevent fraud, stating that only verified trademark owners can use the BIMI logo, which means explicit authorization is always implied.

March 2022 - Sendinblue.com
Marketer view

Email marketer from Emaildrips.com explains BIMI's requirements for DMARC compliance means a certain level of control over who can send emails using the domain, effectively implying the trademark owner authorizes the sender and, by extension, the use of the logo.

July 2021 - Emaildrips.com
Marketer view

Email marketer from Valimail.com explains that BIMI (Brand Indicators for Message Identification) allows brands to display their logo next to their emails in supporting inboxes. To use a logo, the sender domain must be DMARC compliant. It is implied that trademark owners can authorize use, as BIMI is intended to enhance trust.

May 2022 - Valimail.com
Marketer view

Email marketer from Email Geeks explains that it’s up to the Certificate Authority to decide whether or not to issue a VMC in that case. VMCs can contain multiple domains.

January 2025 - Email Geeks

What the experts say
3Expert opinions

The provided answers converge on the idea that trademark owners can authorize third parties to use their logos for BIMI. This authorization is achieved through adherence to technical standards like DMARC and the acquisition of a Verified Mark Certificate (VMC). These mechanisms ensure that only entities with validated rights can display the logo, enhancing trust and preventing phishing.

Key opinions

  • DMARC Alignment: BIMI implementation relies on DMARC compliance, which necessitates alignment with the 'From:' domain and proper authentication.
  • VMC Validation: VMCs serve as a validation mechanism, confirming that the entity using the logo has the right to do so, thereby verifying authorization.
  • Trust Indicator: BIMI, particularly with a VMC, signals to recipients that the email is legitimate and not a phishing attempt.

Key considerations

  • Third-Party Usage: Brands can employ third parties to send BIMI-compliant email, assuming they meet DMARC requirements and potentially have the domain added to the brand's VMC.
  • Rights Verification: The process of obtaining a VMC requires verification of the sender's right to use the logo, underscoring the importance of authorization.
  • Mature Implementation: As BIMI implementation matures, the reliance on VMCs will become more prevalent, further solidifying the assurance of authorization.
Expert view

Email marketer from Email Geeks answers that BIMI is keyed to the visible From: domain in the message and requires an aligned DMARC pass. A brand can employ a third party to send DMARC-aligned and passing mail on their behalf, and a brand can also use a third party to send BIMI-compliant mail.

June 2022 - Email Geeks
Expert view

Expert from Word to the Wise responds that as BIMI implementations mature, the use of VMCs will confirm that the sender is authorized to use the logo, as they have verified their ownership and rights to the logo. Using BIMI shows the recipient you're not a phisher.

May 2024 - Word to the Wise
Expert view

Expert from Spam Resource indicates that BIMI, combined with a VMC, necessitates validation of the right to use a logo, effectively confirming that authorization from the trademark owner is inherent to the BIMI implementation.

June 2023 - Spam Resource

What the documentation says
3Technical articles

The provided documentation highlights that using a Verified Mark Certificate (VMC) is crucial for BIMI implementation, particularly for displaying logos in supporting mailboxes. Obtaining a VMC necessitates proving exclusive rights to use the logo, implying and verifying authorization from the trademark owner. This process ensures that only those with legitimate rights can display the logo in email marketing.

Key findings

  • VMC Requirement: BIMI often requires a VMC for logo display.
  • Rights Verification: VMC issuance involves verifying the organization's right to use the logo.
  • Implicit Authorization: The VMC process confirms the trademark owner's authorization, either implicitly or explicitly.

Key considerations

  • Exclusive Rights: Applicants must demonstrate exclusive rights to use the logo to obtain a VMC.
  • Trademark Validation: VMC issuers perform trademark validation to confirm usage rights.
  • Issuer Specifics: DigiCert and Entrust are examples of CAs that issue VMCs and have specific requirements for verifying trademark rights.
Technical article

Documentation from Entrust explains that they issue VMCs which require trademark validation. This validation step confirms the right to use the logo, thus indicating authorization for BIMI use.

August 2023 - Entrust.com
Technical article

Documentation from DigiCert explains that to get a VMC from them, you must demonstrate exclusive rights to use the logo in your email marketing. The process to verify that right implies authorization.

April 2022 - DigiCert.com
Technical article

Documentation from BIMIGroup.org explains that BIMI requires a VMC (Verified Mark Certificate) for logo display in some mailboxes. The VMC verifies the organization's right to use the logo, which implicitly confirms the trademark owner's authorization.

February 2024 - BIMIGroup.org