Google is jumping on the bandwagon of dishing out blue checkmarks for verified companies on Google Workspace, but unlike some other ‘verification’ schemes, this isn’t a vanity exercise. When you see a blue tick on somebody’s email in Gmail, it tells you that their organisation take their email security seriously.
Here's what they look like in the wild. Every company with a blue tick has SPF, DKIM and DMARC all set up. These are technologies to help secure Email, and ideally, every organisation should be using them. Don't be the one that doesn't!
The prerequisites
Like all things in life, doing this isn't free. You need to spend a few bob to get up and running with a blue tick. 🙃 Here's what you'll need:
- A trademarked logo
- About £1,300 or $1,500 a year to spend for a VMC
- Knowledge of DNS
- Access to your DNS provider (GoDaddy, NameCheap, Cloudflare...)
- Knowledge of working with .SVG files
Ready? Let's go!
Fancy a blue checkmark? ☑️
First of all, Cobry can set it up for you. Drop us a note, and we’ll sort it out.
(We won't be able to trademark your logo, or set yourself up with the VMCs, but we can definitely guide you through the process.)
If you’re the DIY type, here’s how you can get it done yourself. 👇
Set up SPF, DKIM, and DMARC 🔐
To set up SPF, DKIM and DMARC on Google Workspace, follow these steps:
SPF
To set up SPF, you need to add this TXT record to your DNS:
v=spf1 include:_spf.google.com ~all
Easy peasy.
DKIM
To set up DKIM,
- Go to the Google Workspace Admin Console.
- Click on Apps > Google Workspace > Gmail > Authenticate email.
- Follow the instructions provided to set up DKIM for your domain.
- This involves you setting up another record on your DNS that’s particular to your domain.
DMARC
DMARC is a bit more complex; also, you may have to wait about 24 hours if you’ve just set up SPF and DKIM.
To set up DMARC,
- Create a policy record. More details here. Most people just use the default one provided:
v=DMARC1; p=reject; rua=mailto:postmaster@solarmora.com; pct=100; adkim=s; aspf=s
(replace the solarmora.com with your own domain) - Add a DNS TXT record, or modify an existing record by entering your record in the TXT record for _dmarc:
- TXT record name: In the first field, under the DNS Hostname, enter: _dmarc.solarmora.com Important: Some domain hosts automatically add the domain name after _dmarc. After you add the TXT record, you can verify the DMARC TXT record name to make sure it's formatted correctly.
- TXT record value: In the second field, enter the text for your DMARC record, for example:
v=DMARC1; p=none; rua=mailto:dmarc-reports@solarmora.com
The field names might be different for your provider. DNS TXT record field names can vary slightly from provider to provider. (Again, the domain used here is an example domain. Replace solarmora.com with your own domain)
After you have set up SPF, DKIM and DMARC, the changes may take some time to propagate.
Congrats, you’ve set up the first (probably most important) step! Now it’s time to get your .SVG editing skills handy for getting your logo uploaded!
Set up VMC
Google requires your logo to be trademarked and registered with a Verified Mark Certificate authority, called a VMC. Google provides us with some steps as to how to do this. You'll have to use DigiCert, or Entrust to do this. Once you sign up with that VNC, you must upload the certificate you acquired to your website, make sure it's public-facing, and take note of it. You'll have to use it in the following steps.
Set up BIMI 🖼️
You'll need an SVG version of your logo to make this work.
- Convert that SVG file you have to a Tiny SVG 1.2 format using one of the conversion tools.
- Make sure it’s up to spec by referencing the guide. You can check if it is by running it through the verification tool.
- Upload it to your website, and make sure it’s publicly accessible. Here’s ours.
- Create your BIMI record using the generation tool, and bung it into your DNS as a TXT record. Remember to append the links to your logo and your PEM certificate issued by your VMC provider.
- ???
- Success! Once your domain and logo have been verified, the blue checkmark should appear next to your emails in Gmail!
How do I know I’ve done it right? 🤔
Use the BIMI inspector tool. It’s super handy to know whether your records have propagated. When you email on Gmail, your customers and contacts should also start seeing a brand new checkmark right next to your name!
Can't be bothered doing this yourself? Get in touch and we can help you get verified!