Can a trademark owner authorize a third party to use their logo for BIMI?
Summary
What email marketers say8Marketer opinions
Email marketer from Mailjet explains that BIMI relies on strong authentication to ensure that only authorized senders are displaying the brand's logo. Third-party use depends on compliant DMARC records.
Email marketer from Reddit shares that if a company authorizes a third-party vendor to send emails on their behalf using their domain (and passes DMARC), then the vendor can typically use the company's logo for BIMI, assuming they also have a VMC.
Email marketer from Proofpoint.com shares that BIMI builds on DMARC by displaying the brand's logo in the recipient's inbox. The domain in the ‘From’ header must pass DMARC authentication, which implies authorization by the trademark owner for its use.
Email marketer from StackOverflow mentions the whole point of BIMI/VMC is to ensure authorization. The logo displayed is validated, and if you're sending on someone else's behalf, you need their explicit permission and for them to have a valid VMC.
Email marketer from Sendinblue responds that BIMI is designed to build trust and prevent fraud, stating that only verified trademark owners can use the BIMI logo, which means explicit authorization is always implied.
Email marketer from Emaildrips.com explains BIMI's requirements for DMARC compliance means a certain level of control over who can send emails using the domain, effectively implying the trademark owner authorizes the sender and, by extension, the use of the logo.
Email marketer from Valimail.com explains that BIMI (Brand Indicators for Message Identification) allows brands to display their logo next to their emails in supporting inboxes. To use a logo, the sender domain must be DMARC compliant. It is implied that trademark owners can authorize use, as BIMI is intended to enhance trust.
Email marketer from Email Geeks explains that it’s up to the Certificate Authority to decide whether or not to issue a VMC in that case. VMCs can contain multiple domains.
What the experts say3Expert opinions
Email marketer from Email Geeks answers that BIMI is keyed to the visible From: domain in the message and requires an aligned DMARC pass. A brand can employ a third party to send DMARC-aligned and passing mail on their behalf, and a brand can also use a third party to send BIMI-compliant mail.
Expert from Word to the Wise responds that as BIMI implementations mature, the use of VMCs will confirm that the sender is authorized to use the logo, as they have verified their ownership and rights to the logo. Using BIMI shows the recipient you're not a phisher.
Expert from Spam Resource indicates that BIMI, combined with a VMC, necessitates validation of the right to use a logo, effectively confirming that authorization from the trademark owner is inherent to the BIMI implementation.
What the documentation says3Technical articles
Documentation from Entrust explains that they issue VMCs which require trademark validation. This validation step confirms the right to use the logo, thus indicating authorization for BIMI use.
Documentation from DigiCert explains that to get a VMC from them, you must demonstrate exclusive rights to use the logo in your email marketing. The process to verify that right implies authorization.
Documentation from BIMIGroup.org explains that BIMI requires a VMC (Verified Mark Certificate) for logo display in some mailboxes. The VMC verifies the organization's right to use the logo, which implicitly confirms the trademark owner's authorization.