Email security is crucial in combating spoofing and phishing. SPF, DKIM, and DMARC help authenticate messages, while BIMI enhances trust by displaying verified brand logos. A VMC certificate adds further credibility by confirming logo ownership. This article explores how these protocols improve email deliverability and security.
Several mechanisms exist to increase the deliverability of emails and protect against identity theft (spoofing):
- Sender-Policy-Framework (SPF) – Protocol for validating email, making it possible in particular to check that incoming mail from a given domain name comes from an IP address authorised by the administrators of the said domain, contained in the SPF record.
- DomainKeys Identified Mail (DKIM) – allows a recipient to check that an email claiming to come from a given domain name has in fact been authorised by the owner of the domain concerned
- Domain-based Message Authentication Reporting and conformance (DMARC) – Validation system dedicated to processing non-compliant emails according to the guidelines (Rejection, quarantine, etc.) defined by the domain name administrator. DMARC uses SPF and DKIM to authenticate emails.
BIMI – A protocol that complements the SPF, DKIM and DMARC
Brand Indicator for Message Identification (BIMI) is a protocol for associating a logo with an email in the recipient’s inbox:
This protocol is the result of a working group founded in 2019. In order to use BIMI, the administrator of a domain name must include a TXT record in the DNS zone containing the URL address of the desired logo, in .svg format.
It is important to note that in order to use BIMI, the domain name concerned must have a valid DMARC using a quarantine policy (pct 100 minimum) or a Reject policy.
BIMI has since been adopted by a number of messaging service providers; in June 2023, the list of messaging services using BIMI included:
- AOL mail
- Apple mail
- Fastmail
- Gmail
- La Poste
- Yahoo
We can only hope that this list will grow in the coming years. Indeed, the survey by the UK Department for Science, Innovation & Technology, published in 2023, and the annual report on cybercrime 2024, published by the French Ministry of the Interior’s Cyberspace Command in France, shows that email-based cyberattacks account for a significant proportion of all attacks observed.
In this context, we believe it would be advisable for email service providers to adopt the BIMI protocol more widely, in addition to existing mechanisms (SPF, DKIM, DMARC), in order to boost the confidence of email recipients.
What about the VMC certificate?
SSL certificates, which in reality should be called TLS certificates, are a well-known mechanism for securing exchanges between an Internet user and a website.
As far as emails are concerned, the VMC certificate complements the BIMI protocol mentioned above. The certificate authenticates the logo used by the email sender as a logo corresponding to a registered trademark in the name of the email sender.
Although the VMC certificate is not essential for using the BIMI protocol, some messaging systems conditions BIMI operation on the presence of a VMC certificate.
The prerequisites for obtaining a VMC certificate are as follows:
- The issuing domain name must be covered by a valid DMARC Policy (see above)
- The proposed logo must be the subject of a registered trademark (identical)
- The proposed logo must be available in .svg format
The VMC certificate not only indicates that the sender applies DMARC, but also certifies to the recipient that the logo associated with the email is the subject of a trademark registered by the domain name holder. This helps to reinforce confidence in emails sent by a company to its contacts, whether they be customers, prospects, service providers, its own staff or investors.
The IP Twins teams can help you obtain your VMC certificate, from configuring your DNS to issuing the certificate. Please contact your dedicated account manager for more information on the process involved.
