Suped

Who should attest to a trademark for a Verified Mark Certificate (VMC)?

7 Marketer opinions6 Expert opinions5 Technical articles3 Resources

Summary

The attestation of a trademark for a Verified Mark Certificate (VMC) is a multi-faceted process, primarily involving the legal owner of the trademark and a Certificate Authority (CA). While someone who can officially represent the company (e.g., legal counsel, executive) is essential, the CA plays a crucial role in validating the organization's identity, legal existence, trademark ownership, and logo. They ensure compliance with industry standards and protect against fraudulent use. Documentation is required to prove rightful ownership, and the specific validation process varies between CAs and Mailbox Providers (MBPs). Although self-assertion is an evolving aspect of BIMI, a VMC provides enhanced credibility. Some sources suggest legal counsel or registration alone may suffice, but the consensus leans toward CA validation for robustness and compliance.

Key findings

  • Legal Owner: The legal owner of the trademark must ultimately attest to its validity.
  • Certificate Authority (CA): A CA validates the organization’s identity, trademark ownership, and logo.
  • Official Representation: Someone who can officially represent the company (e.g., legal counsel, executive) is usually required.
  • Documentation Needed: Official records and documentation are required to prove trademark ownership.
  • VMC Benefits: VMC's provide brand protection and enhanced credibility compared to self-assertion.

Key considerations

  • Identify Representative: Determine who within your organization can legally represent the company.
  • Choose CA Carefully: Select a reputable Certificate Authority with a thorough validation process.
  • Prepare Documentation: Gather all necessary documents to prove trademark ownership.
  • Monitor MBP Policies: Stay informed about Mailbox Provider policies regarding VMC and BIMI.
  • Cost of VMC: Evaluate costs associated with a VMC against risks without it

What email marketers say
7Marketer opinions

Attestation for a Verified Mark Certificate (VMC) primarily involves verifying the legal ownership of a trademarked logo. Various sources indicate that while the organization legally owning the trademark is critical, the process is often facilitated by a Certificate Authority (CA). The CA validates the applicant’s identity, trademark registration, and business details to ensure that only legitimate trademark holders can use the logo in email. While some suggest that legal representation or simply the trademark registration might suffice, the prevailing opinion highlights the CA's role in attesting the trademark's validity and protecting brand reputation.

Key opinions

  • Trademark Ownership: Legal ownership of the trademark is a fundamental requirement for VMC attestation.
  • Certificate Authority Role: A Certificate Authority (CA) typically validates the applicant's identity, trademark, and business details.
  • Phishing Prevention: VMCS help prevent phishing by ensuring that only authorized senders use the logo.
  • Validation of Identity: Before attestation, the registration of the company must be validated

Key considerations

  • Legal Verification: Ensure the trademark is legally registered and that you have documentation to prove ownership.
  • Choosing a CA: Select a reputable Certificate Authority to handle the validation and attestation process.
  • Implementation: Ensure you have the ability to implement the changes
Marketer view

Email marketer from DNSrecords mentions that a registration of the trademark is sufficient to attest to it

April 2024 - DNSrecords.io
Marketer view

Marketer from Email Geeks argues that without the VMC, it would be really easy to buy a domain similar to a legitimate one, enforce DMARC, self-assert a logo, and start phishing people.

April 2021 - Email Geeks
Marketer view

Email marketer from BIMI Group explains that a VMC is a digital certificate that verifies the logo is owned by the organization using it. The attestation is provided by a Certification Authority (CA) that verifies the trademark and business details.

June 2022 - BIMI Group
Marketer view

Email marketer from Red Sift shares that while a VMC is the 'gold standard' for BIMI, the company legally owning the trademark is critical. They will need to attest to the information provided during implementation.

January 2024 - Red Sift
Marketer view

Email marketer from ZeroBounce mentions that the Certificate Authority confirms the trademark's validity. It protects brand reputation by ensuring only authorized senders use the logo.

June 2021 - ZeroBounce
Marketer view

Email marketer from Reddit mentions you will probably need a lawyer to attest to the information.

February 2025 - Reddit
Marketer view

Email marketer from Namecheap states that to be eligible for a VMC, you must have a registered trademark with a government trademark office. This trademark must match the logo you intend to use in your BIMI record. It should be attested to by the legal owner of the trademark.

October 2022 - Namecheap

What the experts say
6Expert opinions

The attestation process for a Verified Mark Certificate (VMC) involves multiple layers of verification and varies based on the company and Mailbox Providers (MBPs). It's generally agreed that someone who can officially represent the company, such as legal counsel or an executive, is required. A Certification Authority (CA) validates the organization's logo, trademark, and identity before issuing a VMC. This ensures brand protection and helps prevent phishing. The AuthIndicators Working Group aims to expand BIMI accessibility, while MBPs individually decide whether to accept self-asserted logos or require VMC-signed mail.

Key opinions

  • Company Representative: Attestation typically requires someone who can officially represent the company, such as legal or an executive.
  • CA Validation: A Certification Authority (CA) validates the organization's logo, trademark, and identity.
  • MBP Variation: Mailbox Providers (MBPs) have different policies regarding self-asserted logos versus VMC-signed mail.
  • VMC and Trademark Link: A VMC is linked to a trademark; both are generally needed.

Key considerations

  • Legal Authority: Identify who within your organization has the authority to officially represent the company for trademark matters.
  • CA Selection: Choose a reputable Certification Authority for validation and attestation.
  • MBP Policies: Be aware that different Mailbox Providers may have different requirements for logo display.
  • BIMI Accessibility: While a VMC is the gold standard, self-assertion options may become more prevalent as BIMI evolves.
Expert view

Expert from Email Geeks shares that the AuthIndicators Working Group is exploring options to expand into other forms of identification and logo support to make BIMI more accessible to more senders. This is why "self assertion" was built into the standard, but it is up to the mailbox providers to decide if they will consider self asserted logos, or the higher bar of VMC signed mail.

January 2022 - Email Geeks
Expert view

Expert from Email Geeks clarifies that a VMC and a trademark are linked and both are needed. However, one can self-assert and sign without a VMC, but not all mail will display the BIMI logos, as the rules vary between Mailbox Providers (MBPs).

May 2022 - Email Geeks
Expert view

Expert from Email Geeks explains that attestation of a trademark for a Verified Mark Certificate (VMC) varies from company to company. It usually requires someone who can officially represent the company, such as legal or an executive with signature privileges.

February 2023 - Email Geeks
Expert view

Expert from Email Geeks notes that Mailbox Providers (MBPs) are not making money from VMCs. Identification management is expensive to operate, and hard to automate.

April 2023 - Email Geeks
Expert view

Expert from Word to the Wise explains that before a VMC is issued, an organization’s logo and trademark must be validated by a Certification Authority (CA). The CA acts as the attesting party by checking the identity of the organisation and their legal ownership.

May 2022 - Word to the Wise
Expert view

Expert from Email Geeks explains that different networks have different rules, like all things email. They have different internal reputation management solutions along with policies for when to show or not show the logos vs an avatar, vs a big red X on something.

July 2024 - Email Geeks

What the documentation says
5Technical articles

All documentation consistently states that for a Verified Mark Certificate (VMC), the applicant must prove rightful ownership of the trademarked logo. This involves providing official records for validation by a Certificate Authority (CA). The CA acts as the attesting party, performing legal checks on the applicant's identity, trademark ownership, and the organization's legal existence. The entire process aims to ensure that only legitimate trademark holders can use the logo in email, which helps protect users from phishing.

Key findings

  • Rightful Ownership: Applicants must prove they are the rightful owner of the trademarked logo.
  • Official Records: Proving ownership requires providing official records and documentation.
  • CA Validation: A Certificate Authority (CA) validates the applicant’s identity and trademark ownership.
  • Legal Checks: The CA performs legal checks on the information.
  • Phishing Protection: The process ensures only legitimate trademark holders can use the logo in email, protecting users from phishing.

Key considerations

  • Documentation Preparation: Prepare all necessary official records and documentation to prove trademark ownership.
  • CA Selection: Select a reputable Certificate Authority for validation and attestation.
  • Validation Process: Be prepared to undergo a thorough validation process by the CA.
Technical article

Documentation from Entrust.com states that the applicant must prove they are the rightful owner of the trademarked logo when applying for a VMC. This involves providing official records or documentation that shows their legal ownership and right to use the logo for email authentication.

February 2023 - Entrust.com
Technical article

Documentation from DigiCert.com explains that a VMC is issued after verifying the applicant’s identity and trademark. This process ensures that only legitimate trademark holders can use the corresponding logo in email, protecting users from phishing.

May 2024 - DigiCert.com
Technical article

Documentation from GlobalSign explain that they do a thorough validation of the applicant's organization. A validation agent at the Certificate Authority is responsible for the attestation and validation.

December 2021 - GlobalSign
Technical article

Documentation from Sectigo.com says that the applicant’s organization needs to undergo validation to prove their legal existence and trademark ownership. This involves providing documentation to a Certificate Authority (CA) who acts as the attesting party. They will be the ones who do the legal checks on the information.

June 2021 - Sectigo.com
Technical article

Documentation from Comodo indicates the registration and identity of the company will be validated. This information will need to be attested to

July 2022 - Comodo

Related resources
3Resources

Verified Mark Certificates - Feature Requests - Let's Encrypt ...
Verified Mark Certificates - Feature Requests - Let's Encrypt ...

Is there any plan to provide VMC (Verified Mark Certificates) for the BIMI protocol? The current two site that provide this charge a whopping $1000 to $1500 annual. --RayJ

Let's Encrypt Community Support
How to Get a Verified Mark Certificate (VMC) – The Ultimate Guide ...
How to Get a Verified Mark Certificate (VMC) – The Ultimate Guide ...

Learn everything you need to know about acquiring and implementing a verified mark certificate on your email system. We make it fast and easy.

Hashed Out by The SSL Store™
What are Verified Mark Certificates and Why You Need Them ...
What are Verified Mark Certificates and Why You Need Them ...

Verified Mark Certificates are a verification badge for brand logo ownership. This article covers its importance and acquisition process.

EasyDMARC

Related questions