Do you need a VMC for BIMI?
A Verified Mark Certificate (VMC) helps prove you have rights to the logo being displayed. Some mailbox providers require it before they’ll show your BIMI logo.
Practical answer: you need a VMC if the inboxes you care about require one for display.
If you’re unsure, start by validating authentication (SPF/DKIM/DMARC) and your SVG. That work is required either way.
Decision checklist
- Your audience: which mailbox providers do they use (Gmail/Yahoo/others)?
- Brand risk: are you frequently spoofed (finance, marketplaces, SaaS, high-volume senders)?
- Legal readiness: do you have trademark documentation for the mark/logo?
- Budget + time: VMC procurement adds cost and process time.
What a VMC actually does
- Identity signal: ties a verified entity to the mark being displayed.
- Logo rights: typically requires proof you own or have rights to the mark.
- Not deliverability: a VMC does not “improve deliverability” by itself.
When you can often skip a VMC (at first)
- You’re implementing BIMI primarily as an internal security milestone (DMARC enforcement, monitoring).
- Your target providers do not require a VMC for display (varies by provider and policy).
- You’re validating the end-to-end setup first before investing in the certificate.
Quick FAQ
Should I still publish a BIMI record without a VMC?
Often yes. It helps validate that DNS + logo hosting are correct, and it’s still part of the overall BIMI implementation. Display may vary by provider.
Does a VMC replace DMARC?
No. BIMI depends on enforced DMARC. A VMC is an extra signal some providers use for showing the logo.
Next: see BIMI DNS record examples and Gmail BIMI requirements.