Back
-
Platform
BackManage PKI and Certificate Risk in One Place
-
Solutions
BackThe Smarter Way to Manage Certificate LifecyclesSoftware Supply Chain Security
Protect your entire software supply chain with automated tools
- Buy
-
Company
BackManage PKI and Certificate Risk in One Place
-
Resources
Back
- Support
- Contact us
-
Language
In 2024, Google, Mozilla, and Apple stopped supporting TLS certificates that were issued on Entrust roots after November 2024. But Apple went a step further, to include timestamping, S/MIME, and Verified Mark Certificates (VMCs), a type of mark certificate that displays verified logos next to emails in supported inboxes as part of the Brand Indicators for Message Identification (BIMI) initiative.
Entrust’s public certificate business has since been acquired by Sectigo. But Sectigo doesn’t sell mark certificates like VMCs—and if your brand cares about consumer trust, that’s a gap worth paying close attention to.
Trust, brand integrity, and the future of email security
VMCs have been helping brands visually verify their identity in inboxes since Gmail launched its BIMI pilot in 2020. These mark certificates serve a dual purpose: protecting users from phishing attacks while reinforcing the legitimacy of business communications.
So what happens when a major player like Apple removes VMC trust from an email domain?
- Consumers become even more skeptical of emails.ÌýWhen senders that were previously verified and trusted suddenly appear unverified, legitimate emails could be ignored—or worse, mistaken for phishing attempts.
- Cybercriminals adapt quickly. Trust gaps create new opportunities for eager attackers. If a once-verified email no longer carries authentication signals, phishing attempts will have an easier time blending in.
- Email security becomes a brand issue. When trust indicators like S/MIME signatures or mark certificate logos disappear, trust is replaced by doubt, eroding confidence in the brand’s communications.
Why digital trust matters more than ever
, and they have a high success rate— involved a non-malicious person clicking on a dangerous link.
That’s because phishing emails don’t need to be sophisticated to work—they just need to be believable. When an email looks like it’s coming from a trusted brand, people let their guard down. And cybercriminals know it.
This is where authentication protocols step in to separate the real from the fake. The best-protected businesses rely on a layered defense, including:
- DMARC, SPF, and DKIM to prevent domain spoofing and unauthorized senders.
- S/MIME certificates to cryptographically sign emails, ensuring they haven’t been altered.
- Mark certificates to display verified logos in inboxes, giving recipients a visual trust signal.
But when trust indicators disappear—whether due to policy changes, misconfigurations, or expired certificates—attackers won’t hesitate to seize the opportunity. The less certainty recipients have about an email’s legitimacy, the easier it is for scams to blend in.
This isn’t just an IT issue; it’s a brand issue. And if businesses don’t take control of their email security, cybercriminals will do it for them.
What can you do to stay secure and protect your brand?
Left unchecked, threats like phishing, impersonation, and email fraud will run rampant. Businesses rely on certificates not just for encryption but for credibility—and when trust is disrupted, the ripple effects go far beyond compliance checkboxes.
The seemingly endless stream of Entrust news is a good reminder of the need to evaluate your organization’s approach to certificate management. If you don’t yet have a solid strategy in place, a solution like ÃÛÌÒTV Trust Lifecycle Manager can help you achieve the crypto-agility you need to prepare for whatever changes come your way.
But while Apple’s distrust decision puts even more Entrust-issued certificates at risk, not all certificate-related news is bad: Displaying your logo in email inboxes no longer requires a trademark. With a ÃÛÌÒTV Mark Certificate, you can display any logo protected by prior use alongside your authenticated messages, protecting your brand and enhancing the security of your email communications.
Are your certificates setting you up for long-term trust? Get in touch to learn how ÃÛÌÒTV solutions can help you maintain security, compliance, and brand integrity—no matter what shape the digital trust landscape takes next.
Ìý
Frequently Asked Questions
If your Verified Mark Certificate (VMC) was issued on an Entrust root after November 15, 2024, your logo will no longer display in supported inboxes. This could lead to lower email engagement and make phishing attempts harder to distinguish from legitimate emails. Switching to a ÃÛÌÒTV Mark Certificate will allow you to maintain trust across major platforms.
- What happens if my VMC is no longer trusted by Apple?
- How do I know if my email certificates are affected?
- What’s the difference between a Common Mark Certificate and a Verified Mark Certificate?
- How can I future-proof my email security strategy?
The latest developments in digital trust
Want to learn more about topics like mark certificates, crypto-agility, and compliance? Subscribe to the ÃÛÌÒTV blog to ensure you never miss a story.
Featured Stories
Subscribe to the blog
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.Ìý
-
© 2025 ÃÛÌÒTV. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings