Amit Kothari
Amit Kothari CEO of Tallyfy · Workflow AI Expert

Our BIMI certificate went from $999 to $1,608 in three years

In brief

Red Sift charged us $999 for a verified mark certificate in 2022, $1,299 in 2024, and $1,608 in 2025, a 61 percent climb for the same product. In June 2026 we asked for a price match, set a Friday deadline, got a refusal, and signed a 3-year deal elsewhere at $850 per year. The counter arrived eight days too late.

Summary

  • Red Sift billed us $999 per year in 2022, $1,299 in 2024, and $1,608 in 2025 for the same BIMI verified mark certificate. That is a 61% climb across three signed order forms, with the 2026 renewal set to raise it again.
  • The issuing CA changed underneath the subscription. Our 2022 and 2024 order forms name Entrust as the technology partner; the 2025 form says DigiCert. Entrust stopped issuing VMCs on May 12, 2025, and the year of that migration also carried a 24% increase.
  • A price-match ask with a Friday deadline got a refusal on June 12, 2026. We canceled on June 15, paid SSL Dragon $2,550 for a 3-year DigiCert VMC, and a $1,299-a-year counter arrived on June 23, eight days after our money left.
  • Calendar the cancellation window the day you sign. Auto-renew plus 30-day email notice made June 27 our real deadline, and we hit it with twelve days to spare.

The DocuSign envelope arrived on June 8, 2026. One line item: the annual renewal of the verified mark certificate behind the Tallyfy logo in Gmail. The email around it mentioned “a small increase … due to a small increase in pricing by Digicert”. No number attached. The lowercase c is theirs.

By that morning we were nearly six weeks into replacing the product it renewed. We’d started evaluating alternatives on April 29 and had four vendors in the running by mid-May, with two rounds of discounting already banked. The shopping had also taught us what the market charges, which no incumbent invoice will ever volunteer. So the renewal landed mid-comparison, which is the only good time for a renewal to land.

Every order form we’d signed with Red Sift carries the same clause: “Subscriptions are non-cancellable before their Order End Date… License automatically renews at the end of the term, unless cancelled via email 30 days or more before the end of the term”. Our term renewed on July 27, 2026. Thirty days back from that is June 27, and the envelope arrived June 8, so we had nineteen days of real runway before silence would buy another year at more than $1,608. Auto-renew clauses do their work in the gap between those two dates.

To make sense of what we did with our nineteen days, rewind to 2022.

Three order forms and one quiet chain swap

Tallyfy has bought a verified mark certificate through Red Sift every term since July 2022. A VMC is the X.509 certificate that proves you own the registered trademark in your email logo; paired with DMARC enforcement, it’s what earns a sender the logo and blue checkmark in Gmail. The BIMI plumbing gets its own post. This one is about the invoices.

The first order form, quote Q-06020, was signed on July 18, 2022 at $999.00 a year, with service running from July 6. Our logo went live in inboxes around July 27, 2022. Three weeks later we sent Red Sift a note that still reads like a testimonial: “Following our implementation of BIMI which was roughly July 27 (give or take) - we’ve seen uplifts in open rates in the order of 10% - 25% via Mailgun data after we went live with BIMI.” That was our own Mailgun read over a short window, and whether it deserves the excitement is a question we take apart separately. The 2022 verdict was shorter: worth it, renew.

The 2024 renewal, quote Q-09453, was signed on May 22, 2024 at $1,299.00. Up 30%. We signed it with a shrug; $1,299 felt a bit steep for a certificate, and we paid anyway because switching felt like work. Renewal pricing is built on exactly that feeling. The 2025 renewal, quote Q-13051, went through on June 6, 2025 at $1,608.00. Another 24%. The same product now cost 61% more than it had in 2022.

SignedQuoteAnnual priceChangeCA named on the form
2022-07-18Q-06020$999.00baselineEntrust
2024-05-22Q-09453$1,299.00+30%Entrust
2025-06-06Q-13051$1,608.00+24%DigiCert

The last column took us three years to notice. In June 2026, deciding whether to stay, we re-read all three signed PDFs side by side. The 2022 and 2024 forms describe the product as “provided by our technology partner Entrust”. The 2025 form reads “Provided by our technology partner DigiCert”. Same product name, same line item, a different certificate authority underneath.

Nobody re-reads a signed order form. We hadn’t either. Signed PDFs are the sharpest kind of audit trail nobody edits: they record what was true at signing, with no one’s memory in the loop.

There was a reason for the swap, and it wasn’t Red Sift’s idea. Entrust, one of only two accepted issuers at BIMI’s launch, dropped off the issuer list maintained by the BIMI Group around the end of 2024, with GlobalSign added in its place; the sale of Entrust’s public certificates business to Sectigo followed in January 2025. Issuance through Entrust Certificate Services then ended on May 12, 2025, with existing certificates left valid to expiry. The current issuer list, as of July 2026, names DigiCert, GlobalSign, and SSL.com. Entrust is gone. Any reseller built on Entrust had to re-platform its customers, and Red Sift moved us to DigiCert without our noticing a thing. Credit where due.

The annoying part was the direction of travel: the chain-swap year was also the +24% year, and no relief came with the migration. When the 2026 renewal then cited DigiCert’s pricing as the reason for another increase, that was at least consistent. Pass-through costs on a resold certificate are real. So is a 61% climb in three years.

We called it a quiet swap in the heading, and that’s not quite fair. Quiet described us. The form said DigiCert in plain text, and we signed it.

Would they match $780 a year?

By renewal week the market had answered. Between May 14 and June 5, 2026, three of the four vendors we’d approached sent dollar figures, though one set sat in an unopened attachment until June 14 and the fourth vendor never produced a number. The best three-year figure actually in hand was $2,340 total, or $780 a year, on a GlobalSign chain. Red Sift’s 2025 price bought a single year for $1,608. On June 9 we put the gap to them plainly: “Our Red Sift price has gone from around $999 to $1,608 over the last three years, and this renewal pushes it up again.” Then the ask, verbatim: “match a 3-year commitment at $2,340 total ($780/year)? That is the best 3-year price I have in hand from another authorized BIMI provider.” Deadline: that Friday, June 12.

Why put a date on a price-match request? An open-ended ask turns into a friendly thread that outlives your own runway, while a dated one forces an answer before your alternatives go stale. Reseller quotes expire and coupon codes lapse. On top of that, a DigiCert validation queue sits between any order and a working certificate, and our live one would expire on July 28 whether or not anyone replied to an email. The Friday came straight out of that arithmetic.

Their first reply asked a clarifying question worth repeating: “To clarify, are you wanting to keep your BIMI VMC or a CMC?” Fair question. A CMC, a common mark certificate, is the tier for logos without a registered trademark; Gmail shows the avatar but no verified checkmark, a distinction Google spelled out in September 2024. The checkmark was the entire reason we’d held a USPTO-registered mark in a certificate since 2022, so downgrading would have defeated the purchase. We answered with a typo we’ll own forever: “Its the full blue-checkbox version (official, blue checkmark in gmail)”.

Friday brought the decision: “I’ve spoken with my team and unfortunately, we won’t be able to honor the price matching offer.” No counter came with it. What did come was an offer to fold “complimentary BIMI” into their DMARC monitoring platform, which we declined; we wanted a standalone certificate, not a platform subscription.

Our reply went back the same day: “If you’re unable to match price we can’t stay.” Four years, closed in nine words.

None of this flow is specific to certificates. A renewal notice arrives; you get market quotes; you hand the incumbent the best number you hold, with a proper deadline attached; they match or they don’t. Both endings are workable. Staying on merits is a win, and so is walking with better terms.

BIMI certificate renewal decision flow: get market quotes, ask the incumbent to match with a deadline, stay or switch

Canceled on the 15th, countered on the 23rd

The order went elsewhere on Monday, June 15: a 3-year DigiCert-chain VMC through SSL Dragon, a reseller operated by US-based GPI Holding LLC. Their list price for the term was $3,147. Coupon 3YEARVMCO cut $597, and one more push had already landed the final figure at $2,550 on June 5, which works out to $850 a year. Order #2447625402, invoice 46980, term June 15, 2026 to June 14, 2029, with a 25-day money-back window. At $850 against $1,608, signing was a no-brainer even before counting the three-year price lock. One wrinkle for the sharp-eyed: we paid $210 more than the $2,340 quote we’d asked Red Sift to match. That cheaper number rode a GlobalSign chain, and why we chose DigiCert’s chain anyway belongs to the bake-off story.

The formal notice went out the same day: “Please take this as formal notice of cancellation and non-renewal.” Twelve days before the June 27 cutoff, in writing, per the clause. Red Sift acknowledged it on June 16 without fuss: “Thanks for your time here at Red Sift. If anything changes please feel free to reach out.” As offboarding goes, graceful.

Then, on June 23: “I was just notified that we can offer a 3 year term for your BIMI priced at $1,299/year.” Eight days after our money had left.

Run that counter through the numbers. Three years at $1,299 comes to $3,897 against the $2,550 we’d already paid, so it loses on total cost alone. It also sits $309 a year below the 2025 price we’d been renewing at, back at the exact 2024 rate. So a discount of that size did exist; it took eleven days past the deadline and a formal cancellation for it to surface. Would $1,299 inside the deadline have changed the outcome? Probably not, since it was still $449 a year above the deal we signed three days later and $519 above the ask. But it would have been an answer inside the window, and answers inside the window are the only kind that count.

To be fair to Red Sift on every count: the increases were attributed to DigiCert’s pricing, and cost pass-through on a resold certificate is a real thing. Declining to match $780 a year against a $1,608 base is a rational call, because the margin may not have existed. Nobody hid anything, and we signed all three order forms with the numbers printed on them. The June 23 counter probably says more about how long internal approvals take than about anyone’s sincerity. The offboarding itself was handled well. All of it is ordinary commercial behavior, which is exactly the useful part: the loyalty discount gets calculated only after the money walks. Ours did the walking.

Against staying at the 2025 price, the switch saves $758 a year, roughly 47%, or $2,274 over the three-year term. Measured against whatever the 2026 renewal would have cost, the saving is larger; we never learned that number and never will.

Where this leaves us

Status as of early July 2026: the live certificate, issued by DigiCert on July 29, 2025, expires on July 28, 2026. The replacement is mid-validation. We submitted the request in DigiCert CertCentral on June 16, and the organization and trademark checks were still running as this post went up, sixteen days later. Whatever the fast path through mark-certificate validation looks like, we are apparently not on it. SSL Dragon flagged on June 17 that a new VMC neither replaces the old one nor activates itself, so the cutover is ours to perform.

That part doesn’t worry us, because of one early decision: self-hosting. Our BIMI record points both l= and a= at files on our own domain:

default._bimi.tallyfy.com  TXT  "v=BIMI1; l=https://tallyfy.com/bimi/logo.svg; a=https://tallyfy.com/bimi/certificate.pem"

So switching certificate vendors changes nothing in DNS: the entire cutover is one PEM file swapped after a deploy. The vendor relationship turns out to be the only part of BIMI with switching costs, and even those amounted to a few emails.

Waiting on validation also made us look harder at everything nearby, so on July 2 we went through every zone we own, all 11 of them, and cleaned up the SPF and DMARC drift we found. Leaving a vendor has a way of making you re-read your whole setup.

Four lessons, all paid for.

Calendar the cancellation window the day you sign. The order form hands you the math: end date minus 30 days, cancellation by email. Ours worked out to June 27. The clause defaults to renewal, so your calendar has to default to a decision.

Get market quotes before the renewal lands. Our numbers were three weeks old and twice-negotiated when the DocuSign arrived, which is why nineteen days felt roomy. From first research to usable figures took a good two weeks, and that fortnight has to come from somewhere. Start quoting after the notice shows up and you’ll negotiate on the vendor’s clock instead of your own.

A deadline makes a price-match ask real. We named the number in hand and picked a Friday. The answer arrived on the Friday. A vendor can let an open-ended request drift for weeks, but a dated one produces information either way.

Assume the better number exists. It surfaced for us on June 23, with the money already gone. If a discount only materializes once your cancellation is formal, you’ve learned exactly what the earlier price was: the cost of not asking.

One more thing this bought us: sympathy for anyone pricing anything, and none for hidden price lists. Nearly every figure in this post had to be extracted from PDFs and email threads, because the VMC market rarely prints a dollar amount in public. We sell software too, and we publish our pricing with the numbers on the page. After six weeks of asking strangers what things cost, we intend to keep it that way.

About the author

Amit is the CEO of Tallyfy. He has 25+ years of practical experience in technology, entrepreneurship, and operational efficiency. He's been hands-on with AI-first engineering and changing Tallyfy to AI-native workflow automation since Claude Code was first released. He's also an Entrepreneur in Residence at WashU's Skandalaris Center, created the OneDay (Woolf) AI curriculum for their accredited MBA and consults with clients who need help with AI via Blue Sheen. He graduated with a Computer Science degree from the University of Bath. He's originally British and lives in St. Louis, MO.

Find Amit on his website , LinkedIn , or GitHub . Read Amit's bio →

Automate your workflows with Tallyfy

Stop chasing status updates. Give people and AI a process to follow.