In the world of email marketing and deliverability, visual trust indicators are becoming increasingly important. One of the most significant advancements in this area is Brand Indicators for Message Identification, or BIMI. BIMI allows brands to display their official logo next to their messages in the recipient's inbox, providing immediate brand recognition and a layer of trust. It’s a powerful tool that leverages the DMARC email authentication standard to prevent spoofing and build confidence.
To implement BIMI, you need a special digital certificate to verify your logo. This is where things can get a bit confusing. There are two types of certificates you can use: a Verified Mark Certificate (VMC) and a Common Mark Certificate (CMC). While both serve to get your logo into the inbox, they represent different levels of verification and accessibility. The question I often get is, how can you tell which one a company is using? Let's dive in and demystify the process.
A Verified Mark Certificate (VMC) is the original, high-assurance certificate for BIMI. The key requirement for obtaining a VMC is that your logo must be a registered trademark with a recognized intellectual property office. This process involves a rigorous verification check by a Certificate Authority (CA) to confirm that you are the legitimate owner of the trademark. Because of this strict validation, a VMC is considered the gold standard and is what enables the coveted blue checkmark next to your logo in providers like Gmail.
A Common Mark Certificate (CMC) is a newer, more accessible alternative. Recognizing that the trademark requirement was a significant barrier for many businesses, the industry introduced the CMC. This certificate does not require a registered trademark. Instead, the validation process is simpler, often just verifying your organization's identity and control over the domain. While a CMC allows you to display your logo via BIMI, it typically does not grant you the blue verified checkmark. It was a huge step in making BIMI accessible for more brands.
Requirement
Validation
Visual trust signal
Cost
Requirement
Validation
Visual trust signal
Cost
The primary difference lies in the level of trust conveyed. A VMC provides a much stronger signal to mailbox providers and users because the logo has been legally trademarked and verified. This is why Google rewards it with a visible checkmark, similar to verified accounts on social media. It tells the world that not only is the email authenticated via DMARC, but the brand identity itself has been validated to a high standard.
The introduction of the CMC was a game-changer for accessibility. The process of registering a trademark can be long, expensive, and is not always feasible for every business. CMCs democratized BIMI, allowing a much wider range of organizations to enhance their email presence with a logo. It prioritizes brand recognition for all, even if it comes with a slightly lower tier of identity verification.
For a sender, the choice between them depends on your goals, budget, and brand status. If you have a trademarked logo and want the highest level of trust and the visual benefits that come with it, a VMC is the way to go. If you don't have a trademark or are looking for a more straightforward path to displaying your logo, a CMC is an excellent and effective option.
So, how can you check what a specific company is using? You can’t just tell by looking at the logo in your inbox (unless you see the blue checkmark in Gmail, which is a strong hint for a VMC). You need to dig into their DNS records and inspect the certificate itself. It's a two-step process.
First, you need to find the domain's BIMI record. This is a TXT record located at default._bimi.yourdomain.com. You can use a command line tool like dig to look it up.
Check BIMI Record
bash
dig default._bimi.google.com TXT
This command queries the DNS for the BIMI TXT record for google.com.
The result will contain a URL in the a= tag, which points to the certificate file (usually ending in .pem). This is the certificate you need to inspect. Once you have this URL, you can download the certificate and use a tool like OpenSSL to read its contents and find the distinguishing field.
Finding the OID
The command
Inspect Certificate with OpenSSL
bash
openssl x509 -in path/to/certificate.pem -text -noout
This command prints the contents of the certificate file in human-readable text.
In the output, you are looking for an X.509v3 extension related to BIMI. If it's a VMC, you will find an entry that explicitly references a trademark. If that specific identifier is missing, but the certificate is otherwise valid for BIMI, you can conclude it's a CMC. It’s a technical distinction, but it's the definitive way to tell the two apart.
Ultimately, the distinction between a VMC and a CMC reflects the evolving nature of email identity. What started as a high-bar, trademark-only system has adapted to become more inclusive. Both certificate types contribute to a safer and more visually rich email ecosystem, which is a win for everyone. The VMC offers unparalleled trust, while the CMC provides broad accessibility.
Knowing how to check the certificate type is a handy skill for anyone deep in the email deliverability space. It allows you to understand the level of investment and verification a brand has put into its BIMI implementation. Whether it's the premium trust of a VMC or the accessible branding of a CMC, seeing a logo in your inbox is a clear sign that the sender takes authentication seriously.
What is BIMI?
Should I get a VMC or a CMC?
Is a VMC better than a CMC?
Do all email clients support both VMC and CMC?
Michael Ko
11 Jul 2025
Unlock the full potential of BIMI by understanding Verified Mark Certificates (VMCs). This guide covers what a VMC is, the prerequisites like DMARC and a trademarked logo, and how to choose from the accredited certificate providers like DigiCert and Entrust. Learn about the importance of VMCs for displaying your logo in major inboxes and navigate the current landscape to make the best choice for your brand.
Matthew Whittaker
11 Jul 2025
Learn how to ensure your BIMI implementation is successful by properly validating your SVG logo and VMC certificate. This guide covers the strict technical requirements for SVG files, how to verify them against the official schema, and how to confirm your DNS records are correctly configured for compliance.
Matthew Whittaker
11 Jul 2025
Discover the tangible business value and ROI of implementing BIMI. Learn how this email standard goes beyond just displaying a logo to boost open rates, enhance brand trust, and improve security, delivering a measurable return on your investment.
Matthew Whittaker
11 Jul 2025
Discover the key differences between Apple Business Connect's Branded Email feature and the BIMI standard. This guide compares their requirements, implementation processes, and scope to help you understand that they are not the same, but rather complementary tools for enhancing brand presence in the inbox. Learn why using both is the ideal strategy for maximum email visibility.
Michael Ko
13 Jul 2025
Curious which email clients support BIMI? This post breaks down the current landscape of BIMI adoption, highlighting major providers like Gmail, Apple Mail, and Yahoo. We'll cover the essential prerequisites, such as DMARC enforcement, and provide a clear table showing who supports BIMI and whether a Verified Mark Certificate (VMC) is required. Learn which key player is still holding out and what that means for your email strategy.