Authenticating BIMI – Mark Verifying Authorities

As we have discussed before, adopting BIMI will significantly improve the deliverability and visibility of your email in your customers’ inboxes. Since BIMI requires a strong Reject DMARC policy to display a logo, your email delivery will be already close to the best possible. The BIMI logo, especially in the short-term, will give you a branding advantage over your competitors and heighten visibility with your potential customers. However, the question is –

How can you prevent a fraudster from using your BIMI Logo?

If anyone could publish any BIMI logo they liked, then fraudulent email could be sent, with some difficulty, that mimics your real email. For example, feclex.com is an open domain that looks similar to a popular parcel delivery company in the US with the right font. Setting up strict DMARC policies and BIMI on this domain takes time, skill and resources, but fraudsters tend to be adept at mimicry like this. If there were no way to verify the use of a corporate logo, fraudsters could setup fake domains that leverage well-known brands and domains. Enter Mark Verifying Authorities.

What is a Mark Verifying Authority (MVA)?

An MVA is similar to an SSL Certificate Authority, a trusted 3rd party that issues a certification of ownership of a BIMI logo. Known as a Verified Mark Certificate (VMC), the certificate is proof that a domain owner holds the rights to the logo image being used.

How do MVAs Verify Ownership?

MVA standards and practices are still in flux as the exact details of a VMC have yet to be ratified. However, the general requirements are:

  • Ownership or license to a registered trademark
  • Registered trademark must be registered in a competent jurisdiction
  • Proposed mark or logo must match the registered trademark
  • Owner or licensor of the trademark must also be the registrant (or licensee) of the associated domain name

How do I Implement a VMC?

VMC’s are not yet a requirement as BIMI is still in the roll-out stages, however, there are some things you can do to get ahead:

  1. If you have not already, now is the time to implement SPF, DKIM and DMARC and move to a strict Reject policy for non-compliant email. MxToolbox Delivery Center is designed to help you manage your email delivery.
  2. Research the Mark Verifying Authorities available and select one that works well with your business and begin the process of verifying your logo for BIMI.
  3. Add your VMC to the “a” tag of your BIMI record. This tag has been reserved for the signing authority.

MxToolbox is dedicated to helping our customers improve their email delivery. Continue to leverage our free BIMI Lookup tool as we add features relevant to VMCs and MVAs.

Delivery Center provides the best insight into your email delivery posture and MxToolbox Managed Services gives you direct access to our email experts to help you get started quickly.