Build Trust at a Glance: Visual Protection Against Phishing

With BIMI (Brand Indicators for Message Identification) & VMC (Verified Mark Certificate)

BIMI (Brand Indicators for Message Identification) is a standard for displaying brand logos in company emails. By seeing the logo, recipients can instantly confirm that the email is from a legitimate company. This reduces the risk of threats like phishing and spoofing and helps enhance brand trust. Displaying the logo requires a Verified Mark Certificate (VMC) issued by a Certificate Authority.

Visual Protection Against Phishing With BIMI (Brand Indicators for Message Identification) & VMC (Verified Mark Certificate) image
For internet security, trust GMO too.GMO

Companies Using BIMI & VMC

  • BASE logo
  • DMM logo
  • HIROSE logo
  • TALKEYE logo
  • VELC logo
株式会社トークアイ

Losing Business Opportunities to Undelivered Emails? Visualize Trust with BIMI

A Case Study of TALKEYE Co.,Ltd.

Email deliverability is the lifeline of a business. We spoke with TALKEYE, Inc. to learn what motivated them to consider implementing BIMI (Brand Indicators for Message Identification), and what the deciding factors were in choosing GMO Brand Security for the implementation.
(Note): (This article is currently available in Japanese only.)

Read more

Download Materials
Contact Us

Why are BIMI and VMC necessary?

A Surge in Spoofing and Phishing Scams

Reports of phishing incidents have increased dramatically since 2019. The number of cases skyrocketed from approximately 20,000 in 2018 to nearly 1.2 million in 2023—a staggering 60-fold increase in just six years.

One key factor behind this surge is the COVID-19 pandemic. As economic activities and daily communication moved online, criminal activities like spoofing and phishing also proliferated in the digital world.

The pandemic also brought new demographics online, such as seniors and young students, who previously had limited internet experience. Due to lower digital literacy, these groups have become particularly vulnerable, leading to a sharp rise in the number of victims.

Growth in Reported Phishing Cases

Phishing reports to the Anti‑Phishing Council are rapidly increasing!

Growth in Reported Phishing Cases image
Source: Anti‑Phishing Council monthly reports; compiled by GMO Brand Security

Financial Losses from Phishing

A sharp increase in fraudulent transfers via internet banking (approx. 8.7 billion JPY in 2023).

フィッシングによる被害
Source: Compiled by GMO Brand Security from the Deputy Chief Cabinet Secretary’s Office — “Comprehensive Measures to Protect Citizens from Fraud (Draft)”.

Key Benefits of Implementing BIMI & VMC

In today's complex world of cybersecurity, BIMI and VMC offer a refreshingly simple advantage: security you can see. Displaying a trusted logo directly in the inbox gives users instant confidence that a message is legitimate.

This visual verification is a game-changer for businesses. It helps boost email open rates—a key marketing metric—and strengthens brand trust. In an era where email is the key to countless online services, allowing customers to identify your messages at a glance is a powerful advantage.

1

Protection Against Spoofing & Phishing

When combined with DMARC (an anti-spoofing email protocol), it helps prevent fraudulent emails and reduces the risk of phishing attacks.

2

Enhanced Brand Trust

When recipients see the official logo, they can instantly trust the sender and confidently open the message.

3

Increased Brand Recognition

With your logo visible in the inbox, recipients instantly recognize your brand. This consistent visibility reinforces brand identity with every email.

How BIMI Works

How BIMI Works - image

Major Companies
Using BIMI & VMC

Japanese Companies

  • Rakuten
  • Yahoo!
  • Sumitomo Mitsui Banking Corporation (SMBC)
  • Matsui Securities
  • GMO Internet Group (50 companies)
etc

Global Companies

  • Amazon
  • NVIDIA
etc

BIMI/VMC Supported
Email Clients

  • Gmail
  • Yahoo! Mail
  • Apple Mail
  • Fastmail

What are the requirements for using BIMI & VMC?

Step1Implement and Enforce DMARC

DMARC is an essential protocol that protects your domain from being used in phishing and spoofing attacks.

While many domains now have a DMARC policy of p=none to meet Google's guidelines, BIMI requires a stricter enforcement level. To display your logo, you must set your policy to either p=quarantine or p=reject.

IMPORTANT: Before you enforce a quarantine or reject policy, you must analyze your DMARC reports. This analysis is vital to ensure your valid emails don't get blocked and to avoid disrupting your email delivery.

Step2Register Your Brand Logo as a Trademark

The brand logo displayed in emails must be a registered trademark.
Your trademark needs to be registered with the intellectual property office of a country or region that is a member of the World Intellectual Property Organization (WIPO). The specific trademark class or the designated goods and services do not affect eligibility.

Step3Submit Your VMC Application

To complete your application for a Verified Mark Certificate (VMC), you will need:
Your Domain: The email domain you wish to certify.
Trademark Details: Information about your registered trademark. If you are a licensee, a letter of authorization from the trademark holder is required.
SVG Logo File: A logo file in the specific SVG Tiny 1.2 format. (Refer to the specifications here: https://support.google.com/a/answer/10911027?hl=en)
Proof of Organization: Official documents to prove your organization's legal status, such as articles of incorporation or a business license. The main types of documents are listed below.

  • VMC Application Form
  • User Agreement Form
  • Certificate of Employment for the Authorized Signer

→ FAQ content is available in Japanese only. Please contact us for English support.

Check if your company logo is ready for BIMI.

SVG Logo Checker

Free : up to 10 checks per day

Version 1.0.0 – English Edition in Development

upload

Drag and drop your SVG logo file here, or click to select a file.

This checker is based on the BIMI Group guidelines. Please note that the tool's results are for reference only; final determinations of compliance may vary according to each certification authority's criteria. Previews shown by this tool are illustrative and do not guarantee how the logo will appear in actual recipient environments.

Step4Vetting and Verification

The VMC vetting process is comprehensive, combining the strict checks of an EV SSL certificate with dedicated trademark validation.

1. Domain validation
Confirms you are the legitimate user of the domain.
Performed either by approving a verification email sent to a public contact address for the domain, or by adding a specific token string provided by the CA to the domain’s DNS.

2. Existence/operational validation of the organization
Verifies that the organization and its authorized representatives actually exist and that the service is operated in reality.
Uses objective documents (e.g., company registration) and may include phone calls or in-person interviews to confirm operational substance and authority.

3. Trademark validation
Confirms the brand logo (SVG file) and the trademark registration status.
The trademark must be registered in a country/region that is a member of WIPO. Trademark class or designated goods/services do not matter, but the registered mark must match the brand logo.
If the logo differs from the registered mark (for example, if only a word mark is registered), a trademark application covering the logo may be required.

Step5Issuance of the Verified Mark Certificate (VMC)

The Certificate Authority (CA) will issue the Verified Mark Certificate (VMC) in PEM file format.
A PEM (Privacy Enhanced Mail) file is a standard format used to store cryptographic items such as digital certificates and private keys, primarily for encryption and authentication purposes.

Step6Final BIMI Configuration

The final configuration for BIMI involves the following two steps:
Upload the PEM File and SVG Logo
Create the BIMI DNS Record

1. Upload the PEM File and SVG Logo Upload your PEM file and your brand logo (in SVG format) to a publicly accessible location on your web server. It is required that these files are available at static URLs.

Example:
https://www.your-domain.com/bimi/vmc/certificate.pem
https://www.your-domain.com/bimi/logo/brand_logo.svg

2. Create the BIMI record in your DNS as follows.

FieldValueDescription
TypeTXTDNS record type
Hostdefault._bimi.[your_domain]Enter your authentication domain after "default._bimi."
Valuev=BIMI1; l=[URL_to_SVG_file]; a=[URL_to_PEM_file];Your BIMI record
TTL3600Set to 3600 seconds (1 hour).

→ FAQ content is available in Japanese only. Please contact us for English support.

By utilizing BIMI and VMC, users can engage with email with greater confidence. In turn, this enables companies to significantly enhance their brand's trustworthiness.

Download Materials
Contact Us

Why Choose

for BIMI & VMC?

1Trademark services
— 20 years’ experience

With two decades of experience, GMO Brand Security possesses deep expertise in trademarks. You can confidently entrust us with the critical trademark verification required for VMC issuance, ensuring a seamless process.

2Seamless BIMI Operation
with Our Group's Root CA

With our group company, GlobalSign—a trusted global Certificate Authority—serving as the Root CA, we deliver a seamless BIMI experience. This direct collaboration guarantees stable and consistent logo display across various email clients, providing you with peace of mind.

3Comprehensive Brand Protection Services

We also offer solutions to address brand infringement and cybersecurity risks. Our services include:
Brand Abuse Monitoring
Site Takedown Services
Vulnerability Assessments

4Experienced team
delivering tailored solutions

Our experienced staff design solutions tailored to each company’s challenges. We serve around 2,000 clients, primarily large enterprises, and excel at providing customized problem‑solving.