SmartHR is a human resources software solution centered around security. Founded in 2013, the company brings the very human HR industry into the digital age, enabling customers to accelerate a range of HR processes that usually involve manual oversight (and mounds of paperwork).
Has a new employer ever asked you to email a tax document, direct deposit form, or a picture of your passport? You know, the kind of sensitive, carefully guarded personal information you wouldn’t want a complete stranger getting their hands on?
That’s the type of outdated HR request SmartHR solves for. And security solutions like DigiCert Mark Certificates make it possible.
Employment contracts, onboarding, and employee data management are just a few of the HR tasks SmartHR uses technology to transform. SmartHR’s solutions simplify the collection, processing, and storage of sensitive information—and most importantly, they keep the data secure.
The company protects its systems and customers with solutions like encryption, single sign-on (SSO), multi-factor authentication (MFA), source IP restrictions, and logging. SmartHR even obtained an ISO 27001 (ISMS) certification and SOC2 Type 2 report, demonstrating the integrity of security controls based on five criteria: security, availability, processing integrity, confidentiality, and privacy.
Business email compromise (BEC) tactics like email and domain spoofing cost organizations more than two billion dollars every year. In 2023, individuals lost $43 billion to the identity fraud that’s often a result of phishing—and that number only accounts for victims in the United States.
To thwart this type of attack, SmartHR implemented Domain-based Message Authentication, Reporting, and Conformance (DMARC), preventing cybercriminals from spoofing the company’s domain to access systems or steal information.
Activating DMARC allowed SmartHR to obtain a Verified Mark Certificate (VMC) from DigiCert, which requires organizations to successfully pass a validation process that includes verifying ownership of the trademark and domain. The DigiCert VMC enables SmartHR to display their logo within the sender field of Gmail and other email clients, providing visual proof that the message in a recipient’s inbox is valid and authenticated.
Spoofing attacks and BEC haven’t stopped companies from relying on email for marketing and stakeholder communications. That’s why mark certificates like VMCs are so essential to establishing email trust and efficiency.
Here’s how a DigiCert Mark Certificate can support your email marketing efforts:
When mailbox providers first began allowing companies to display their logos in inboxes, the organization had to first satisfy three criteria:
1. Set up DMARC
Brand Indicators for Message Identification (BIMI), the email authentication standard that displays a brand's verified logo in the recipient's inbox, requires that the sending domain have DMARC set up to authenticate emails. DMARC ensures that only emails legitimately sent by an organization are delivered under its domain—a must for BIMI compliance.
2. Verify the trademark
Initially, displaying a logo through BIMI required a VMC to confirm the legitimacy of the logo and trademark ownership. The VMC, issued by a certificate authority (CA) like DigiCert, verifies that the company owns the logo, adding another layer of trust to BIMI-compliant emails.
3. Set up a BIMI record
After verifying the trademark and receiving your mark certificate, the company then sets up a BIMI record in its Domain Name System (DNS). The record includes a pointer to the organization’s SVG logo, formatted to BIMI specifications, which allows compatible email clients to display the logo beside the email sender’s name. You can add a BIMI record before getting your mark certificate; doing so will help with email deliverability, but Gmail and other inbox providers won’t display the logo without a corresponding certificate.
They can’t. And while that’s not an issue for a well-established company like SmartHR, this requirement meant plenty of perfectly legitimate organizations had no choice but to send out emails with no logo attached.
But that all changed with the introduction of Common Mark Certificates (CMCs) in October 2024. CMCs bring the benefits of VMCs to organizations that have a trademark protected by prior use but not formally covered by registration. In addition to providing added security and brand visibility to smaller organizations, CMCs allow companies to use variations of their logo for things like holiday-themed or cause-related purposes without the expense or effort required for a VMC—an investment of time and energy that simply wouldn’t be worth it for a limited-use logo.
DigiCert Mark Certificates give organizations like SmartHR a competitive edge while providing advanced security, allowing customers to see the company’s commitment to security with just a glance. And in a world where people—especially HR departments—use email to build and maintain relationships, a mark certificate is a small investment with a very big impact.
Check out the full SmartHR case study for more details. And if you want to learn more about topics like mark certificates, data security, and DNS, subscribe to the DigiCert blog to ensure you never miss a story.