VMC adoption and DMARC: what email teams need to know

TL;DR: Verified Mark Certificates are gaining broader inbox support as Apple plans to display brand logos in Mail on iOS and macOS, extending a model already adopted by Gmail and tied to DMARC enforcement and BIMI, according to DigiCert. The governance question is not branding polish but whether identity, mail authentication, and certificate lifecycle controls are mature enough to sustain trustworthy sender presentation.

NHIMG editorial — based on content published by DigiCert: VMC Adoption is Growing with Apple Support

By the numbers:

• Since the public release of VMCs in July 2021, DigiCert says it has seen great adoption all over the world.

Questions worth separating out

Q: How should security teams govern verified mark certificates in email environments?

A: Teams should govern verified mark certificates as part of the sender trust chain, not as a standalone branding project.

Q: Why do verified logos depend on more than certificate issuance?

A: A verified logo depends on certificate issuance, but it only works when the receiving mailbox supports the standard and the sender passes the required authentication checks.

Q: When should organisations prioritise VMC over other email improvements?

A: Organisations should prioritise VMC only after core email authentication is mature, especially DMARC enforcement and domain governance.

Practitioner guidance

• Map VMC ownership to a named control owner Assign responsibility for domain alignment, certificate renewal, and revocation to a specific team so the trust signal does not drift across marketing, security, and PKI operations.
• Validate DMARC enforcement before piloting VMC Confirm that the sending domains are already aligned to DMARC policy and that quarantine or reject behaviour is in place before relying on branded inbox display.
• Inventory all branded sender domains List every domain that could present a verified logo, then confirm certificate status, logo governance, and ownership boundaries for each one.

What's in the full article

DigiCert's full blog post covers the operational detail this post intentionally leaves for the source:

• The specific mailbox-provider rollout context behind VMC adoption and why Apple support changes the deployment conversation
• The BIMI and DMARC dependency chain that determines whether a logo can appear in supported inboxes
• The original VMC specification context and early pilot experience that shaped the standard’s public release
• The customer-facing use case for showing a verified logo in Gmail, Fastmail, Apple Mail, and iCloud environments

👉 Read DigiCert's post on VMC adoption and Apple support →

VMC adoption and DMARC: what email teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →