VMC 11-25-2024

SmartHR: A DigiCert Mark Certificate success story

Mike Fleck
SmartHR: A DigiCert Mark Certificate Success Story

SmartHR is a human resources software solution centered around security. Founded in 2013, the company brings the very human HR industry into the digital age, enabling customers to accelerate a range of HR processes that usually involve manual oversight (and mounds of paperwork).

Has a new employer ever asked you to email a tax document, direct deposit form, or a picture of your passport? You know, the kind of sensitive, carefully guarded personal information you wouldn’t want a complete stranger getting their hands on?

That’s the type of outdated HR request SmartHR solves for. And security solutions like DigiCert Mark Certificates make it possible.

Building trust and streamlining processes with SmartHR

Employment contracts, onboarding, and employee data management are just a few of the HR tasks SmartHR uses technology to transform. SmartHR’s solutions simplify the collection, processing, and storage of sensitive information—and most importantly, they keep the data secure.

The company protects its systems and customers with solutions like encryption, single sign-on (SSO), multi-factor authentication (MFA), source IP restrictions, and logging. SmartHR even obtained an ISO 27001 (ISMS) certification and SOC2 Type 2 report, demonstrating the integrity of security controls based on five criteria: security, availability, processing integrity, confidentiality, and privacy.

Email has been under attack—SmartHR partners with DigiCert to fight back

Business email compromise (BEC) tactics like email and domain spoofing cost organizations more than two billion dollars every year. In 2023, individuals lost $43 billion to the identity fraud that’s often a result of phishing—and that number only accounts for victims in the United States.

To thwart this type of attack, SmartHR implemented Domain-based Message Authentication, Reporting, and Conformance (DMARC), preventing cybercriminals from spoofing the company’s domain to access systems or steal information.

Activating DMARC allowed SmartHR to obtain a Verified Mark Certificate (VMC) from DigiCert, which requires organizations to successfully pass a validation process that includes verifying ownership of the trademark and domain. The DigiCert VMC enables SmartHR to display their logo within the sender field of Gmail and other email clients, providing visual proof that the message in a recipient’s inbox is valid and authenticated.

DigiCert Mark Certificate Verified Logos

How a DigiCert Mark Certificate improves consumer trust

Spoofing attacks and BEC haven’t stopped companies from relying on email for marketing and stakeholder communications. That’s why mark certificates like VMCs are so essential to establishing email trust and efficiency.

Here’s how a DigiCert Mark Certificate can support your email marketing efforts:

  • Enhanced security and customer confidence: Mark certificates verify the sender’s identity, showing customers that your company prioritizes security. That's particularly valuable for industries like finance, where phishing attempts are especially common.
  • Increased brand recognition and visibility: Mark certificates display a verified logo in the recipient’s inbox, boosting your brand presence and making your emails stand out.
  • Higher open rates: Many recipients hesitate to open unsolicited emails because they're afraid of being phished. But since mark certificates visually show that the sender is verified, customers will be less inclined to just hit “delete.”

How do mark certificates work?

When mailbox providers first began allowing companies to display their logos in inboxes, the organization had to first satisfy three criteria:

1. Set up DMARC

Brand Indicators for Message Identification (BIMI), the email authentication standard that displays a brand's verified logo in the recipient's inbox, requires that the sending domain have DMARC set up to authenticate emails. DMARC ensures that only emails legitimately sent by an organization are delivered under its domain—a must for BIMI compliance.

2. Verify the trademark

Initially, displaying a logo through BIMI required a VMC to confirm the legitimacy of the logo and trademark ownership. The VMC, issued by a certificate authority (CA) like DigiCert, verifies that the company owns the logo, adding another layer of trust to BIMI-compliant emails.

3. Set up a BIMI record

After verifying the trademark and receiving your mark certificate, the company then sets up a BIMI record in its Domain Name System (DNS). The record includes a pointer to the organization’s SVG logo, formatted to BIMI specifications, which allows compatible email clients to display the logo beside the email sender’s name. You can add a BIMI record before getting your mark certificate; doing so will help with email deliverability, but Gmail and other inbox providers won’t display the logo without a corresponding certificate.

How can organizations without a registered trademark get a VMC?

They can’t. And while that’s not an issue for a well-established company like SmartHR, this requirement meant plenty of perfectly legitimate organizations had no choice but to send out emails with no logo attached.

But that all changed with the introduction of Common Mark Certificates (CMCs) in October 2024. CMCs bring the benefits of VMCs to organizations that have a trademark protected by prior use but not formally covered by registration. In addition to providing added security and brand visibility to smaller organizations, CMCs allow companies to use variations of their logo for things like holiday-themed or cause-related purposes without the expense or effort required for a VMC—an investment of time and energy that simply wouldn’t be worth it for a limited-use logo.

DigiCert Mark Certificates give organizations like SmartHR a competitive edge while providing advanced security, allowing customers to see the company’s commitment to security with just a glance. And in a world where people—especially HR departments—use email to build and maintain relationships, a mark certificate is a small investment with a very big impact.

The latest developments in digital trust

Check out the full SmartHR case study for more details. And if you want to learn more about topics like mark certificates, data security, and DNS, subscribe to the DigiCert blog to ensure you never miss a story.

Subscribe to the blog