Monthly Archives: December 2019

First Verified Mark Certificate Issued

Recently, JPMorgan Chase became the first company to adopt the VMC standard, and companies gained another tool to prevent email fraud. 

What is VMC?

Verified Mark Certificate (VMC) is a method to watermark outbound messages to declare the email comes from an official, legitimate source.  With a certificate like this, senders get better email deliverability because email recipients will see a valid VMC as a certificate of trust emails.

Entrust Datacard, a U.S.-based provider of trusted identity and secure issuance technology solutions, recently issued the first VMC certificate to JP Morgan Chase. Entrust developed the new vendor-neutral VMC solution in collaboration with the AuthIndicators Working Group, a committee of companies responsible for creating the Brand Indicators for Message Identification (BIMI) standard.  While the VMC and BIMI standards still in the early stages of definition and adoption, this announcement indicates a big push to get BIMI into inboxes.

What is BIMI?

The BIMI protocol helps to improve email authentication and brand assurance by allowing a sender to publish a logo icon through DNS.  Inbox providers then use this logo to highlight DMARC compliant emails from the sender, thereby providing a reassurance to users that this email is free from phishing and spoofing attacks.  The logos themselves will also make it easier for customers to recognize their preferred companies in inboxes and increase brand awareness by prominently displaying trusted logos. 

How do VMC and BIMI work together?

The goal of VMC is to prove a BIMI image is authentic, not a scammer utilizing a fake image of a trusted source like the sender, Microsoft, Amazon, or JP Morgan, for example.  Validating that a BIMI-displayed logo is legitimate will make phishing and spoofing practices more difficult to accomplish. While BIMI allows companies to display logos in supported inboxes, VMC authenticates the logos are valid and owned by the actual sender of the email.

The recent exciting news that JPMorgan Chase was granted the first VMC is a promising sign that BIMI should be standardized soon. BIMI, which leverages DMARC, continues the technological trend of making it difficult for online fraudsters and phishing attacks to trick unsuspecting victims.

How MxToolbox Helps

To achieve the BIMI standard, Domain-based Message Authentication, Reporting, and Conformance (DMARC), along with SPF and DKIM, must first be implemented. MxToolbox’s team of email delivery experts and tools can help you implement and understand DMARC to help your business attain email deliverability.

First, MxToolbox provides a free DMARC lookup tool to analyze your DMARC record and make recommendations for getting your email DMARC compliant.

In addition, MxToolbox’s BIMI Lookup tool is a free diagnostic tool that will look for a BIMI record for the supplied domain name and run a series of diagnostic checks against the record to ensure compliance with standards and accessibility of the BIMI icon to inbox providers.  As the VMC standard is defined, MxToolbox will extend our tools to checking and validating VMC certificates.

Finally, MxToolbox is here to guide your company through the DMARC process and help optimize your email deliverability.  We offer several solutions to help you get your email DMARC compliant and monitor the on-going DMARC compliance of your email:

  • Delivery Center is our base package that allows you to monitor the SPF, DKIM and DMARC compliance of your email while giving you insight into emerging email threats.
  • Delivery Center Plus gives you all the great reporting of Delivery Center combined with deeper reporting on Phishing and Fraud using your domain.
  • Delivery Center Managed Services gives you access to our Email Experts who manage your DMARC compliance and free you to focus on your business.