Suped

VMC vs CMC: How to tell which BIMI certificate a domain is using

Michael Ko profile picture

Michael Ko

20 Jul 2025

A stylized illustration of a digital certificate being inspected, symbolizing the difference between VMC and CMC for BIMI.

In the world of email marketing and deliverability, visual trust indicators are becoming increasingly important. One of the most significant advancements in this area is Brand Indicators for Message Identification, or BIMI. BIMI allows brands to display their official logo next to their messages in the recipient's inbox, providing immediate brand recognition and a layer of trust. It’s a powerful tool that leverages the DMARC email authentication standard to prevent spoofing and build confidence.

To implement BIMI, you need a special digital certificate to verify your logo. This is where things can get a bit confusing. There are two types of certificates you can use: a Verified Mark Certificate (VMC) and a Common Mark Certificate (CMC). While both serve to get your logo into the inbox, they represent different levels of verification and accessibility. The question I often get is, how can you tell which one a company is using? Let's dive in and demystify the process.

Understanding VMC and CMC

A Verified Mark Certificate (VMC) is the original, high-assurance certificate for BIMI. The key requirement for obtaining a VMC is that your logo must be a registered trademark with a recognized intellectual property office. This process involves a rigorous verification check by a Certificate Authority (CA) to confirm that you are the legitimate owner of the trademark. Because of this strict validation, a VMC is considered the gold standard and is what enables the coveted blue checkmark next to your logo in providers like google.com logoGmail.

A Common Mark Certificate (CMC) is a newer, more accessible alternative. Recognizing that the trademark requirement was a significant barrier for many businesses, the industry introduced the CMC. This certificate does not require a registered trademark. Instead, the validation process is simpler, often just verifying your organization's identity and control over the domain. While a CMC allows you to display your logo via BIMI, it typically does not grant you the blue verified checkmark. It was a huge step in making BIMI accessible for more brands.

Blocklist checker
Check your domain or IP against 144 blocklists.
www.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
Blocklist icon
RedHawk
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UKdnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
Blocklist icon
RedHawk
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UKdnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
Blocklist icon
RedHawk
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UKdnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
Blocklist icon
RedHawk
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UKdnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheftwww.spamhaus.org logoSpamhaus0spam.org logo0Spam
Blocklist icon
Abusix
Blocklist icon
Barracuda Networks
www.spamcop.net logoCisco
Blocklist icon
Mailspike
www.nosolicitado.org logoNoSolicitado
Blocklist icon
SURBL
Blocklist icon
UCEPROTECT
uribl.com logoURIBL
Blocklist icon
8086 Consultancy
abuse.ro logoabuse.rowiki.alphanet.ch logoALPHANETanonmails.de logoAnonmailsascams.com logoAscamswww.blockedservers.com logoBLOCKEDSERVERS
Blocklist icon
Brukalai.lt
dnsbl.calivent.com.pe logoCalivent Networks
Blocklist icon
dan.me.uk
Blocklist icon
DrMx
Blocklist icon
DroneBL
rbl.efnetrbl.org logoEFnet
Blocklist icon
Fabel
Blocklist icon
GBUdb
Blocklist icon
ImproWare
Blocklist icon
JIPPG Technologies
Blocklist icon
Junk Email Filter
www.justspam.org logoJustSpamwww.kempt.net logoKempt.net
Blocklist icon
Mail Baby
www.nordspam.com logoNordSpam
Blocklist icon
nsZones
Blocklist icon
Polspam
Blocklist icon
RedHawk
rv-soft.info logoRV-SOFT Technology
Blocklist icon
Schulte
www.scientificspam.net logoScientific Spam
Blocklist icon
Spam Eating Monkey
psbl.org logoSpamikazewww.spamrats.com logoSpamRATSspfbl.net logoSPFBLsuomispam.net logoSuomispamwww.usenix.org.uk logoSystem 5 Hosting
Blocklist icon
Taughannock Networks
www.team-cymru.com logoTeam Cymru
Blocklist icon
Tornevall Networks
senderscore.org logoValiditywww.blocklist.de logowww.blocklist.de Fail2Ban-Reporting Servicezapbl.net logoZapBL2stepback.dk logo2stepback.dkfaynticrbl.org logoFayntic Servicesorbz.gst-group.co.uk logoORB UKdnsbl.technoirc.org logotechnoirc.orgwww.techtheft.info logoTechTheft

Verified Mark Certificate (VMC)

Requirement

  • Trademark Required: Yes, the logo must be a registered trademark.

Validation

Rigorous verification of trademark ownership and organization identity.

Visual trust signal

Displays logo and often a blue verified checkmark in supported clients like google.com logoGmail.

Cost

Generally higher, often starting around $1,500 per year plus trademark registration costs.

Common Mark Certificate (CMC)

Requirement

  • Trademark Not Required: No trademark is needed for the logo.

Validation

Simpler validation of organization identity and domain control.

Visual trust signal

Displays the logo but typically without any additional verified mark.

Cost

Generally lower, making BIMI more accessible to smaller businesses.

Why the distinction matters

The primary difference lies in the level of trust conveyed. A VMC provides a much stronger signal to mailbox providers and users because the logo has been legally trademarked and verified. This is why google.com logoGoogle rewards it with a visible checkmark, similar to verified accounts on social media. It tells the world that not only is the email authenticated via DMARC, but the brand identity itself has been validated to a high standard.

The introduction of the CMC was a game-changer for accessibility. The process of registering a trademark can be long, expensive, and is not always feasible for every business. CMCs democratized BIMI, allowing a much wider range of organizations to enhance their email presence with a logo. It prioritizes brand recognition for all, even if it comes with a slightly lower tier of identity verification.

A minimalist illustration of two shields, one with a checkmark and one without, representing VMC and CMC certificates. The style of the images should be A minimalist retro illustration in the style of Malika Favre. Dominant colors are bright poppy red and deep royal blue. Vector art, high contrast. Do not put any words in the image or alphanumeric characters.

For a sender, the choice between them depends on your goals, budget, and brand status. If you have a trademarked logo and want the highest level of trust and the visual benefits that come with it, a VMC is the way to go. If you don't have a trademark or are looking for a more straightforward path to displaying your logo, a CMC is an excellent and effective option.

How to technically identify the certificate type

So, how can you check what a specific company is using? You can’t just tell by looking at the logo in your inbox (unless you see the blue checkmark in Gmail, which is a strong hint for a VMC). You need to dig into their DNS records and inspect the certificate itself. It's a two-step process.

First, you need to find the domain's BIMI record. This is a TXT record located at default._bimi.yourdomain.com. You can use a command line tool like dig to look it up.

Check BIMI Record

bash

dig default._bimi.google.com TXT

This command queries the DNS for the BIMI TXT record for google.com.

The result will contain a URL in the a= tag, which points to the certificate file (usually ending in .pem). This is the certificate you need to inspect. Once you have this URL, you can download the certificate and use a tool like OpenSSL to read its contents and find the distinguishing field.

Checking the certificate details

Finding the OID

The key is to look for a specific Object Identifier (OID) within the certificate's extensions. VMCs are required to include a 'trademark' extension. While CMCs follow the same base BIMI structure, they will lack this specific trademark OID.

The command

You can inspect the certificate using the following OpenSSL command:

Inspect Certificate with OpenSSL

bash

openssl x509 -in path/to/certificate.pem -text -noout

This command prints the contents of the certificate file in human-readable text.

In the output, you are looking for an X.509v3 extension related to BIMI. If it's a VMC, you will find an entry that explicitly references a trademark. If that specific identifier is missing, but the certificate is otherwise valid for BIMI, you can conclude it's a CMC. It’s a technical distinction, but it's the definitive way to tell the two apart.

Ultimately, the distinction between a VMC and a CMC reflects the evolving nature of email identity. What started as a high-bar, trademark-only system has adapted to become more inclusive. Both certificate types contribute to a safer and more visually rich email ecosystem, which is a win for everyone. The VMC offers unparalleled trust, while the CMC provides broad accessibility.

Knowing how to check the certificate type is a handy skill for anyone deep in the email deliverability space. It allows you to understand the level of investment and verification a brand has put into its BIMI implementation. Whether it's the premium trust of a VMC or the accessible branding of a CMC, seeing a logo in your inbox is a clear sign that the sender takes authentication seriously.

Frequently asked questions

What is BIMI?

BIMI stands for Brand Indicators for Message Identification. It's an email standard that allows companies to display their official, verified brand logo next to authenticated emails in the user's inbox, increasing brand recognition and trust.

Should I get a VMC or a CMC?

If you have a registered trademark for your logo and want the highest level of trust (including a potential blue checkmark in Gmail), a VMC is the best choice. If you do not have a trademark or want a more accessible and affordable option, a CMC is the right path.

Is a VMC better than a CMC?

In terms of trust and verification, a VMC is 'better' because it requires a legally registered trademark, offering a stronger guarantee of the brand's identity. However, a CMC is 'better' for accessibility, as it allows brands without trademarks to participate in BIMI. The best choice depends on your organization's specific needs and resources.

Do all email clients support both VMC and CMC?

Support varies. Major providers like google.com logoGoogle support both, but they differentiate by providing a verified checkmark only for VMCs. Other providers like yahoo.com logoYahoo also have broad support for BIMI. Always check the current documentation for each mailbox provider, as support and features can evolve.
An illustration of a certificate and an email icon, representing a Verified Mark Certificate for BIMI.

A guide to BIMI accredited certificate providers

Michael Ko profile picture

Michael Ko

11 Jul 2025

Unlock the full potential of BIMI by understanding Verified Mark Certificates (VMCs). This guide covers what a VMC is, the prerequisites like DMARC and a trademarked logo, and how to choose from the accredited certificate providers like DigiCert and Entrust. Learn about the importance of VMCs for displaying your logo in major inboxes and navigate the current landscape to make the best choice for your brand.

A person inspecting a document with a magnifying glass to validate it for BIMI compliance.

A guide to validating your BIMI SVG and certificate

Matthew Whittaker profile picture

Matthew Whittaker

11 Jul 2025

Learn how to ensure your BIMI implementation is successful by properly validating your SVG logo and VMC certificate. This guide covers the strict technical requirements for SVG files, how to verify them against the official schema, and how to confirm your DNS records are correctly configured for compliance.

A chart showing a line graph trending upwards, with the arrow at the end shaped like a brand logo, symbolizing the ROI of BIMI.

Understanding the business value and ROI of implementing BIMI

Matthew Whittaker profile picture

Matthew Whittaker

11 Jul 2025

Discover the tangible business value and ROI of implementing BIMI. Learn how this email standard goes beyond just displaying a logo to boost open rates, enhance brand trust, and improve security, delivering a measurable return on your investment.

A comparative illustration showing the BIMI standard and Apple Business Connect. Both are depicted as leading to an email with a brand logo, highlighting their shared goal but different paths.

Is Apple Business Connect the same as BIMI? a comparative guide

Matthew Whittaker profile picture

Matthew Whittaker

11 Jul 2025

Discover the key differences between Apple Business Connect's Branded Email feature and the BIMI standard. This guide compares their requirements, implementation processes, and scope to help you understand that they are not the same, but rather complementary tools for enhancing brand presence in the inbox. Learn why using both is the ideal strategy for maximum email visibility.

A minimalist illustration showing brand logos appearing in an email inbox, demonstrating BIMI.

Which email clients actually support BIMI?

Michael Ko profile picture

Michael Ko

13 Jul 2025

Curious which email clients support BIMI? This post breaks down the current landscape of BIMI adoption, highlighting major providers like Gmail, Apple Mail, and Yahoo. We'll cover the essential prerequisites, such as DMARC enforcement, and provide a clear table showing who supports BIMI and whether a Verified Mark Certificate (VMC) is required. Learn which key player is still holding out and what that means for your email strategy.

Start improving your email deliverability today

Get started