“As VMCs are brand new, early adopters have an opportunity to gain not only a very visual advantage over competitors but also an additional layer of security for themselves.“
In the latest interview from BRANDIT we talk to Massimiliano Trincas, Client Support Consultant at BRANDIT, about Verified Mark Certificates.
Massimiliano explains what are Verified Mark Certificates, why should we have them, what the benefits are to brand owners, whether it is worth getting one for your brand.
Interviewer: Hello and welcome! Today we are talking to Massimiliano Trincas, Client Support Consultant for BRANDIT about Verified Mark Certificates. Hello Max!
Interviewer: So, what is Verified Mark Certificates?
Massimiliano: Well, this is a new initiative. It’s probably best I give a bit of background for the listeners, so we all understand. All of this goes back to the basic problem of the spoof-ability of emails. So, emails are self-reported the same way that your phone number is. An Email comes in and it says it’s from whomever, but it doesn’t mean it’s really from whomever. It can say it’s from your bank or from PayPal or from FedEx, but it doesn’t mean that it is, and this is part of the reason why phishing is so effective. Lots of people don’t always understand or remember this in the moment. And so, part of the way the industry is working to solve this issue with an industry standard called a DMARC.
Interviewer: Sorry, what is DMARC?
Massimiliano: DMARC or “Domain-based Message Authentication, Reporting & Conformance” makes it possible for the owner of the DNS and URL to specify who can and cannot send email from this email address and then if there’s a DMARC record, the vast majority of receiving mailboxes, including the Google, Apple and Microsoft, Yahoo etc. will all honour that. So, if I say this is the list of places or services that can send emails from my address and someone else has a phishing server somewhere in the world that is also trying to spoof from that address, it won’t be on the list of approved senders and therefore it won’t be accepted. This is the fundamental capability of a DMARC, which helps domain owners get control of what emails are going out under their name. So, that’s the first part of this and the DMARC has been around for a few years and we’re seeing adoption go up.
Interviewer: How is this related to VMC?
Massimiliano: So, as part of the DMARC effort, a group of industry people came together to create an organisation called Brand Indicators for Message Identification, or BIMI, and they have established a standard for a digital certificate called Verified Mark Certificate or VMC. The basic idea is that if you can prove that you are the domain owner and your company logo is trademarked, then you can get the VMC certificate that can be attached to your company’s emails. This certificate acts as a trusted verification that includes your logo in the recipient’s inbox.
Interviewer: But how does this help prevent against phishing attacks?
Massimiliano: Well, not only does it add an additional layer of security through the authentication of your ownership of the domain and logo, the VMC renders your logo next to the “sender” field in an email so it acts as an un-spoofable visual cue so that users can feel reassured that your organisation has been authenticated—before they even open your message. It’s like the email equivalent of a checkmark on social media accounts, for example. This will also dramatically reduce the effectiveness of phishing as companies will be able to, say, “train” their customers, partners, suppliers, whoever it is, even their own employees, to look for that logo. If people don’t see that logo, they will be less likely to act on the contents of that message.
Interviewer: That sounds great!
Massimiliano: That was kind of a long-winded explanation but that’s what it does.
Interviewer: No, that was good, thank you. So, is it easy to get a VMC?
Massimiliano: Well, it is quite a long-winded procedure, so it may be easier if companies seek the help of an agency that can support them through this process. However, essentially, A VMC logo will display only after the email client verifies that your organisation’s BIMI record shows you have a DMARC, which in turn confirms you have the tools and practices in place to help prevent phishing and spoofing attacks. Then the issuing Certificate Authority— for example DigiCert—will also check your organisation’s logo against your regional trademark office to make sure you’re a legitimate, recognised entity, and the true owner of the logo. All of this adds up to indicate your organisation has the right to display your verified logo. This process ensures spammers and other malicious users cannot use a brand logo they don’t own!
Interviewer: That does sound a little complicated!
Massimiliano: It is easier than it sounds, but yes, it is not done overnight.
Interviewer: Ok. Are VMCs supported in all the major browser clients, everything from say Gmail all the way up to Outlook?
Massimiliano: It is still fairly early days for VMCs at the moment. However, a lot of the main email clients are all onboard. For example, Yahoo, AOL, and Gmail are all implementing support for BIMI and VMCs.
Interviewer: That’s good. So, what would you say are the main benefits of having a VMC?
Massimiliano: From what I can see, there are 3 main benefits are:
- It adds another layer of security and encourages DMARC compliance, which with email-based phishing and other fraud rife, is a welcome reassurance.
- It provides greater trust and confidence for the recipient of the email
- Research so far has shown to improve the engagement rate with emails by 10%! As VMCs are brand new, early adopters have an opportunity to gain a very visual advantage over competitors.
Interviewer: Thanks Massimiliano, that’s great information!
Massimiliano: Thank you.
If you would like to learn more about Verified Mark Certificates, you can speak to one of our experts here.
My curiosity drove me to explore different industries during my career: insurance, tourism and now internet and digital. I love to be helpful and useful; this is why I have mostly been working in customer support.
I am passionate about different cultures, travelling, trekking or organizing barbecues in front of the sea with nice food and a glass of craft beer.
Massimiliano speaks: Italian, and English
Your e-mail address will be used to send you communication messages and invitations to our events in accordance with our Privacy Notice. You can unsubscribe at any time.
© 2020 BRANDIT. All Rights Reserved. Privacy notice & Terms and Conditions