Gmail Blue Checkmark: What It Means and How to Get One
Messages in Gmail often display blue checkmarks next to verified senders. This visual indicator helps confirm that the sender has verified ownership of the sending domain and the logo used in the message. While the checkmark itself is simple, it depends on a more detailed email authentication and brand verification process that supports sender trust, brand recognition, and phishing defense.
The path to gaining the blue checkmark involves setting up the email specification BIMI (Brand Indicators for Message Identification) and enforcing DMARC (Domain-based Message Authentication, Reporting, and Conformance). Also needed: submitting a compliant SVG Tiny PS logo, and securing a VMC (Verified Mark Certificate) from a trusted Certificate Authority.
Skip any of these steps, and emails may fail to display checkmarks or logos altogether. We explain how the Gmail blue verified checkmark works, the benefits, and what brands need to qualify.
What is the Gmail blue checkmark?
Glance through your email inbox and you may notice a series of blue checkmarks, displayed near sender names whenever you open a message. Hover over the checkmark for a moment and you'll see an important note: "The sender of this email has verified that they own [website name] and the logo in the profile image."
This checkmark is Google's take on the inbox-based trust signal, driven by the widespread push to display sender logos directly in email inboxes. It's closely tied to the BIMI specification and can be secured by configuring accompanying policies and frameworks: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC.
The checkmark itself holds value and can improve trust, but much of its value lies in the security mechanisms that make this checkmark possible in the first place: the use of multiple authentication layers to demonstrate sender legitimacy. This effort helps to protect recipients from spoofing, supporting the overarching system of trust that safeguards today's email inboxes.
What you need to get the Gmail blue checkmark?
Gmail will only display a blue checkmark if all the components of brand verification are in place: protocols, frameworks, logos, and certificates. These requirements work together to confirm brand legitimacy and support authenticated logo display.
Requirements include:
BIMI requirements must be set up correctly
BIMI is at the heart of today's push for inbox trust and verification. This widely used specification determines how organizations prove their identities and authenticate their respective domains.
It depends on SPF, DKIM, and DMARC working correctly. SPF identifies authorized sending servers, DKIM verifies that messages have not been altered, and DMARC tells mailbox providers how to handle messages that fail authentication.
Steps taken to clear BIMI requirements for Gmail will also prove valuable when working with other mailbox providers.
A BIMI-compliant SVG logo
The logo is a critical piece of the verification process. This needs to meet strict formatting and sizing requirements: each submitted logo must be a true vector file, complete with a solid background. This should lack scripts and animations, and it should render cleanly, even at small sizes.
Use the SVG Tiny Portable/Secure format, also known as SVG Tiny PS or SVG Tiny 1.2, and be prepared to make manual modifications to meet BIMI requirements. There are tools provided by the BIMI Group to help with compliance.
A Verified Mark Certificate
Mark certificates help verify that a brand is authorized to use a specific logo for BIMI email display. For Gmail’s blue checkmark, a Verified Mark Certificate is required. A VMC verifies logo authenticity and ties the trademarked logo back to your organization. Google Workspace guidance confirms this requirement, noting that: "In Gmail, you'll see a checkmark next to senders verified with a VMC."
Brands looking to buy a VMC should be prepared to provide business validation details, trademark documentation, and logo files that match the registered mark.
Common Mark Certificates, although helpful for displaying logos, will not satisfy the requirements for unlocking Gmail's blue checkmark. If you're not yet eligible for a VMC because you lack a registered trademark, a CMC is still worthwhile, but it will not deliver a blue checkmark.
How to get the Gmail blue checkmark with BIMI
To strengthen trust through inbox logo display and the blue checkmark, you’ll need to complete a series of technical setup steps involving email authentication, logo formatting, certificate validation, and DNS updates.
Steps include:
Step 1: Configure SPF, DKIM, and DMARC. Use SPF to identify servers that are permitted to send emails. Enable DKIM to apply verifiable cryptographic signatures. Create a DKIM key pair and publish the public key as a DKIM record in the DNS. Finally, configure DMARC with a TXT record in the DNS settings. The policy should be set to p=quarantine or p=reject, and pct=100 should apply the policy to all outgoing mail.
Step 2: Create a compliant SVG logo. Choose a high-quality image of a trademarked logo and confirm that it meets all relevant standards: it uses a Scalable Vector Graphics (SVG) format, complete with a square aspect ratio. Confirm that the logo matches the registered trademark.
Step 3: Get a Verified Mark Certificate. Work with a Certificate Authority to secure a VMC. When submitting the request for the VMC, provide proof of trademark ownership.
Step 4: Publish your BIMI DNS record. Sign in with your domain or DNS provider and add a BIMI TXT record. For Gmail, the record should point to the PEM file issued with your VMC. A Gmail-compatible example may look like: v=BIMI1;l=;a=https://yourdomain.com/certificate.pem. The PEM file must be hosted on a publicly accessible web server over HTTPS.
Step 5: Validate and test. Use a BIMI checker to confirm proper formatting and authentication before sending test messages to supported providers. If the logo doesn’t appear as expected, revisit the DNS record or SVG formatting to confirm that other steps have been completed correctly. BIMI display varies between mailbox providers, so results may differ depending on the inbox.
Benefits of the blue checkmark
Gmail's blue checkmark builds on the trust and visibility gained through verified logos. This delivers an extra layer of assurance, confirming that senders are fully verified and that messages come from legitimate sources.
- Quick visual confirmation. Email recipients rely on split-second decisions to help them navigate jam-packed inboxes. A signal like a blue checkmark can help recipients quickly recognize verified senders, especially if observed alongside a verified logo.
- Professional appearance. Checkmarks convey professionalism, bringing a polished look to emails that builds on existing credibility. Together, logos and checkmarks establish a confident and trustworthy brand presence.
- Increased trust. As email recipients evaluate messages, they look to checkmarks for assurance. Although logos help, dual verification can inspire trust even in the most skeptical users.
- Higher engagement and increased open rates. Trust and visibility may help recipients feel more confident opening or interacting with brand emails. These impact whether recipients actually read emails and may even encourage them to follow through: clicking links or completing forms to strengthen relationships with brands.
Why is my Gmail blue checkmark not showing?
After taking the time to configure BIMI, it can feel frustrating if blue checkmarks fail to appear. This could indicate mistakes on your end, but, even when technical requirements are met, Gmail may also consider sender reputation and other validation factors before displaying a logo or checkmark.
Common reasons it’s not showing include:
- DMARC policy is not enforced. Gmail only displays checkmarks when domains use quarantine or reject policies. This is critical because it lets providers know what to do when emails fail verification.
- SPF or DKIM is failing. SPF can fail if the sending server is deemed unauthorized. DKIM fails if emails are tampered with or if DNS records are misconfigured. Either failure prevents the blue checkmark.
- The SVG logo is not compliant. Logos can only be rendered correctly if they comply with strict standards. The blue checkmark builds on the logo, so if that logo fails to meet necessary standards, the checkmark will remain out of reach as well.
- The BIMI TXT record is missing or incorrect. Gmail can only validate logos if BIMI records are properly formatted. The TXT record shows where to find the verified logo, and, without it, validation is not possible.
- The PEM file is not hosted correctly. A PEM file is provided after a VMC is issued, but Gmail must be able to access that file. Verification cannot occur if the PEM file is missing or otherwise blocked.
- The logo does not match the registered trademark. Displayed logos must match validated trademark logos from VMCs, down to the colors and proportions.
- DNS changes have not fully propagated. It takes time for DNS to reach servers. If updates have not yet made it to the servers Gmail checks, recent authentication efforts (or changes to BIMI) may not be recognized.
Start building trust in the inbox with Sectigo
Sectigo provides Verified Mark Certificates and Common Mark Certificates to help organizations support BIMI logo display in Gmail and other participating inboxes. Either certificate can boost inbox visibility.
If your goal is to display Gmail’s blue checkmark, start with purchasing a VMC from a trusted provider, like Sectigo. Contact us with any questions or if you’re looking to learn more about email security.
Sources:
https://bimigroup.org/creating-bimi-svg-logo-files/
https://knowledge.workspace.google.com/admin/security/set-up-bimi