{
  "slug": "entrust_bimi_certificates",
  "title": "🛑 BIMI Certificates: Why Entrust is in Trouble? 🛑",
  "date": "2025-01-02",
  "banner": "https://port25.sh/blog/img/entrustbaneer.png",
  "content": [
    {
      "type": "markdown",
      "text": "# 🛑 BIMI Certificates: Why Entrust is in Trouble? 🛑\n\nJanuary 2, 2025\n\nThe world of email is rarely calm, and this time, it's **Entrust** making headlines. If you use their **VMC (Verified Mark Certificate)** certificates to proudly display your logo in BIMI-enabled inboxes, here's what you need to know (and perhaps consider switching).\n\n## **Apple: A Key Date 🗓️**\n\nAs of **November 15, 2024**, **new VMC certificates issued by Entrust** will no longer be recognized by Apple systems, according to their latest announcement.\n\n📢 👉 Certificates **issued before this date will continue to work** until their natural expiration. However, be aware that if your clients use addresses like **@icloud.com, @mac.com, or @me.com**, they may no longer see your verified logos in the long run.\n\n🔎 **Here's an excerpt from Entrust's official statement confirming this information:**\n\n![Entrust Statement](https://port25.sh/blog/img/entrustcontent.png)\n\nReceived by Entrust clients\n\n## **What About Gmail?**\n\nOn its part, **Google** has already taken drastic measures against Entrust for certain certificates. Although this **does not yet affect VMC certificates for BIMI**, changes could come in the future. Caution is therefore advised. 😬\n\n---\n\n## **🔍 Which CA Are You Using for BIMI?**\n\nIf you're curious about which Certificate Authority (CA) you're using for your BIMI certificates, you can easily check with a few commands in a Linux terminal or WSL.\n\nHere's how to do it:\n\n```\ndig txt +short @8.8.8.8 default._bimi.sarbacane.com\n```\n\nThen use this command to analyze the certificate and find the CA:\n\n```\ncurl -s https://www.sarbacane.com/local-assets/certificates/sb-bimi.pem | openssl x509 -text -noout | head\n```\n\nHere's the result for Sarbacane:\n\n```\nCertificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number:\n            03:b8:30:e4:45:54:bc:2c:90:52:ec:eb:01:f5:c9:a2\n        Signature Algorithm: sha256WithRSAEncryption\n        Issuer: C = US, O = \"DigiCert, Inc.\", CN = DigiCert Verified Mark RSA4096 SHA256 2021 CA1\n        Validity\n            Not Before: Apr  8 00:00:00 2024 GMT\n            Not After : Apr  8 23:59:59 2025 GMT\n```\n\n👉 Here, we see that **DigiCert** is the Certificate Authority used, and it expires on the evening of April 8.\n\n---\n\n## **What Should You Do?**\n\n1. **If you're using Entrust**, check your expiration dates and start exploring other options now, such as **DigiCert**, which is widely recommended.\n2. **Keep a close eye on the news** about VMC certificates to stay updated on potential changes.\n3. **Keep your BIMI logos online**: Don't let your branding efforts disappear (or into spam)!\n\n---\n\n📢 **BIMI certificates are a major asset for your brand, but it's essential to choose a reliable provider.** Are you already affected by this situation? Share your experience in the comments! 💬\n\n#EmailMarketing #Deliverability #BIMI #Entrust #VMCCertificates #Deliverability\n\nSource: **https://wordtothewise.com/2024/12/stop-using-entrust-for-your-bimi-certificates/**"
    }
  ]
}