VMC adoption is rising as email trust moves into the inbox

At a glance

What this is: This is a DigiCert blog post arguing that Verified Mark Certificates are gaining traction because Apple support expands where brand logos can appear in authenticated email.

Why it matters: It matters because inbox branding only works when IAM, certificate, and email authentication controls are aligned, which affects how teams govern sender trust across human, NHI, and platform identities.

By the numbers:

• Since the public release of VMCs in July 2021, DigiCert says it has seen great adoption all over the world.

👉 Read DigiCert's post on VMC adoption and Apple support

Context

Verified Mark Certificates sit at the intersection of email authentication, brand presentation, and certificate governance. They do not stop phishing by themselves, but they depend on DMARC and BIMI so that only authenticated senders can display a trademarked logo in supported inboxes.

The practical issue for IAM and security teams is that sender trust is now part of identity governance, not just marketing operations. When major mailbox providers change what they surface to users, organisations have to treat certificate lifecycle, domain alignment, and anti-spoofing controls as part of the same assurance chain.

The article is specifically about how mailbox support changes the incentives for adoption. That is a typical and recurring governance pattern: ecosystem support often matters more than technical novelty when identity controls move from optional to operational.

Key questions

Q: How should security teams govern verified mark certificates in email environments?

A: Teams should govern verified mark certificates as part of the sender trust chain, not as a standalone branding project. That means enforcing DMARC alignment, managing certificate ownership and renewal, and coordinating PKI, messaging, and domain administration so the visual trust signal stays tied to authenticated email identity.

Q: Why do verified logos depend on more than certificate issuance?

A: A verified logo depends on certificate issuance, but it only works when the receiving mailbox supports the standard and the sender passes the required authentication checks. If DMARC alignment or BIMI configuration is weak, the logo may not appear, and if lifecycle controls fail, the assurance signal becomes unreliable.

Q: When should organisations prioritise VMC over other email improvements?

A: Organisations should prioritise VMC only after core email authentication is mature, especially DMARC enforcement and domain governance. If those basics are weak, the logo adds little security value and can create false confidence. The right sequencing is authentication first, then visual trust indicators.

Q: What do teams get wrong about brand indicators in email?

A: Teams often treat brand indicators as a marketing enhancement and overlook the identity controls underneath them. In practice, VMC is only trustworthy when domain ownership, certificate lifecycle, and anti-spoofing policy are already disciplined. Without that foundation, the logo can outpace the security posture behind it.

Technical breakdown

How verified mark certificates depend on DMARC and BIMI

Verified Mark Certificates are a presentation layer on top of authenticated email. BIMI defines how a sender’s brand logo can be displayed, while DMARC helps prove that the message domain aligns with policy and that unauthorised spoofing is being blocked or quarantined. The certificate acts as evidence that the logo is legitimate, but it only becomes visible when the receiving ecosystem supports the standard. That means the control boundary is shared across mail security, DNS policy, and certificate issuance rather than living in one product.

Practical implication: treat VMC as an outcome of DMARC and BIMI readiness, not as a substitute for them.

Why inbox support changes the operating model for certificate lifecycle

A certificate is only useful if it is valid, trusted, and current at the moment of display. That makes lifecycle management central: issuance, renewal, expiry monitoring, and revocation all affect whether the brand indicator appears reliably. If certificate ownership is unclear, or if domains and logos are not governed consistently, the visible trust signal can fail even when the mail flow itself is legitimate. In practice, this turns VMC into a governance problem across domain management, PKI operations, and change control.

Practical implication: assign explicit ownership for VMC renewal and revocation before scaling logo-based sender trust.

What Apple support changes in the email trust ecosystem

When a major mailbox provider supports VMCs, the standard moves from niche deployment to broader user visibility. That changes the threat model for phishing, because attackers rely on visual cues and sender confusion. It also changes deployment pressure: more organisations will ask whether their domain, certificate, and DMARC posture can support branded mail at scale. The technical issue is not the logo itself, but the assurance chain behind it. If that chain is incomplete, the logo can become cosmetic rather than trustworthy.

Practical implication: validate the full assurance chain before rolling out VMC to user-facing domains.

NHI Mgmt Group analysis

VMC is an email identity control, not a branding feature. The real function of a verified mark is to bind sender presentation to authenticated domain control and certificate assurance. That makes it relevant to identity governance because the logo is only trustworthy when the underlying identity and certificate lifecycle are controlled. Practitioners should treat it as part of sender trust architecture, not marketing decoration.

Mailbox-provider support is what turns a standard into an operating requirement. Until major inboxes surface the indicator consistently, many organisations can defer the work. Once Apple joins Gmail and other providers, the control starts to affect user expectations and security review conversations. The implication is that email authentication maturity becomes more visible to the business, which raises the governance bar for domain owners and security teams.

Brand indicators depend on a chain of trust that is easy to break at the certificate layer. DMARC alignment, BIMI configuration, and certificate validity all have to remain intact. If certificate ownership, renewal, or revocation is weak, the sender trust signal becomes brittle. That makes certificate lifecycle management a practical dependency for any organisation considering VMC at scale.

Identity governance for email now spans human perception and machine assurance. Users make trust decisions visually, but the control path is machine-enforced. That creates a cross-domain governance problem that IAM, PKI, and messaging teams have to own together. The practitioner takeaway is that trust signals in inboxes should be governed with the same discipline as access decisions in applications.

From our research:

• 57% of organisations lack a complete inventory of their machine identities, according to The Critical Gaps in Machine Identity Management report.
• Only 38% have automated certificate lifecycle management in place, which shows how often identity programmes still rely on manual certificate handling.
• Pair that gap with the Guide to the Secret Sprawl Challenge when sender trust depends on both certificates and the secrets that protect email infrastructure.

What this signals

Verified sender display will increasingly be judged as part of identity assurance, not email cosmetics. As inbox ecosystems widen support, organisations will have to show that domain control, DMARC enforcement, and certificate management are aligned. The teams that treat sender trust as a cross-functional control will have fewer surprises when mailbox providers change presentation rules.

The governance pressure will also shift toward lifecycle discipline. If a certificate can expire, be revoked, or be mis-owned, the trust badge can fail quietly, which is exactly why inbox-facing identity controls should be monitored like access credentials.

Identity trust signals only scale when ownership is explicit. The organisations most likely to struggle are the ones that cannot inventory all domains and certificates tied to brand presentation. That is a programme problem, not a tooling problem, and it becomes more visible as user-facing email trust standards mature.

For practitioners

• Map VMC ownership to a named control owner Assign responsibility for domain alignment, certificate renewal, and revocation to a specific team so the trust signal does not drift across marketing, security, and PKI operations.
• Validate DMARC enforcement before piloting VMC Confirm that the sending domains are already aligned to DMARC policy and that quarantine or reject behaviour is in place before relying on branded inbox display.
• Inventory all branded sender domains List every domain that could present a verified logo, then confirm certificate status, logo governance, and ownership boundaries for each one.
• Integrate certificate expiry into mail-security monitoring Track VMC expiry alongside other certificate lifecycle events so inbox presentation failures are detected before user trust degrades.

Key takeaways

• Verified Mark Certificates matter because they connect brand presentation to authenticated email identity, not because they are a cosmetic inbox feature.
• Mailbox-provider support increases the operational relevance of DMARC, BIMI, and certificate lifecycle management across email programmes.
• Teams that cannot inventory and own their sender trust assets will struggle to make VMC reliable at scale.

Key terms

• Verified Mark Certificate: A Verified Mark Certificate is a digital certificate that allows a trademarked logo to appear beside authenticated email from a supported mailbox provider. It ties brand presentation to domain and certificate controls, so the visible trust signal depends on both policy alignment and valid lifecycle management.
• BIMI: Brand Indicators for Message Identification is a specification that defines how supported mail clients display a verified brand logo in email inboxes. It does not authenticate mail by itself. It relies on underlying email security controls, especially DMARC, to make the logo display meaningful.
• DMARC: Domain-based Message Authentication, Reporting and Conformance is an email authentication policy that helps stop spoofing by checking domain alignment. It gives organisations a way to tell receiving systems how to handle unauthorised mail, making it a core dependency for trust indicators such as VMC.
• Certificate Lifecycle Management: Certificate lifecycle management is the process of issuing, tracking, renewing, rotating, and revoking certificates before they fail or become unsafe. In email identity, it ensures that trust signals remain valid over time and that expired or mis-owned certificates do not break assurance.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing identity security capability, it is worth exploring.

This post draws on content published by DigiCert: VMC Adoption is Growing with Apple Support. Read the original.