Who should attest to a trademark for a Verified Mark Certificate (VMC)?
Summary
What email marketers say7Marketer opinions
Email marketer from DNSrecords mentions that a registration of the trademark is sufficient to attest to it
Marketer from Email Geeks argues that without the VMC, it would be really easy to buy a domain similar to a legitimate one, enforce DMARC, self-assert a logo, and start phishing people.
Email marketer from BIMI Group explains that a VMC is a digital certificate that verifies the logo is owned by the organization using it. The attestation is provided by a Certification Authority (CA) that verifies the trademark and business details.
Email marketer from Red Sift shares that while a VMC is the 'gold standard' for BIMI, the company legally owning the trademark is critical. They will need to attest to the information provided during implementation.
Email marketer from ZeroBounce mentions that the Certificate Authority confirms the trademark's validity. It protects brand reputation by ensuring only authorized senders use the logo.
Email marketer from Reddit mentions you will probably need a lawyer to attest to the information.
Email marketer from Namecheap states that to be eligible for a VMC, you must have a registered trademark with a government trademark office. This trademark must match the logo you intend to use in your BIMI record. It should be attested to by the legal owner of the trademark.
What the experts say6Expert opinions
Expert from Email Geeks shares that the AuthIndicators Working Group is exploring options to expand into other forms of identification and logo support to make BIMI more accessible to more senders. This is why "self assertion" was built into the standard, but it is up to the mailbox providers to decide if they will consider self asserted logos, or the higher bar of VMC signed mail.
Expert from Email Geeks clarifies that a VMC and a trademark are linked and both are needed. However, one can self-assert and sign without a VMC, but not all mail will display the BIMI logos, as the rules vary between Mailbox Providers (MBPs).
Expert from Email Geeks explains that attestation of a trademark for a Verified Mark Certificate (VMC) varies from company to company. It usually requires someone who can officially represent the company, such as legal or an executive with signature privileges.
Expert from Email Geeks notes that Mailbox Providers (MBPs) are not making money from VMCs. Identification management is expensive to operate, and hard to automate.
Expert from Word to the Wise explains that before a VMC is issued, an organization’s logo and trademark must be validated by a Certification Authority (CA). The CA acts as the attesting party by checking the identity of the organisation and their legal ownership.
Expert from Email Geeks explains that different networks have different rules, like all things email. They have different internal reputation management solutions along with policies for when to show or not show the logos vs an avatar, vs a big red X on something.
What the documentation says5Technical articles
Documentation from Entrust.com states that the applicant must prove they are the rightful owner of the trademarked logo when applying for a VMC. This involves providing official records or documentation that shows their legal ownership and right to use the logo for email authentication.
Documentation from DigiCert.com explains that a VMC is issued after verifying the applicant’s identity and trademark. This process ensures that only legitimate trademark holders can use the corresponding logo in email, protecting users from phishing.
Documentation from GlobalSign explain that they do a thorough validation of the applicant's organization. A validation agent at the Certificate Authority is responsible for the attestation and validation.
Documentation from Sectigo.com says that the applicant’s organization needs to undergo validation to prove their legal existence and trademark ownership. This involves providing documentation to a Certificate Authority (CA) who acts as the attesting party. They will be the ones who do the legal checks on the information.
Documentation from Comodo indicates the registration and identity of the company will be validated. This information will need to be attested to