In the world of email marketing and deliverability, visual trust indicators are becoming increasingly important. One of the most significant advancements in this area is Brand Indicators for Message Identification, or BIMI. BIMI allows brands to display their official logo next to their messages in the recipient's inbox, providing immediate brand recognition and a layer of trust. It’s a powerful tool that leverages the DMARC email authentication standard to prevent spoofing and build confidence.
To implement BIMI, you need a special digital certificate to verify your logo. This is where things can get a bit confusing. There are two types of certificates you can use: a Verified Mark Certificate (VMC) and a Common Mark Certificate (CMC). While both serve to get your logo into the inbox, they represent different levels of verification and accessibility. The question I often get is, how can you tell which one a company is using? Let's dive in and demystify the process.
A Verified Mark Certificate (VMC) is the original, high-assurance certificate for BIMI. The key requirement for obtaining a VMC is that your logo must be a registered trademark with a recognized intellectual property office. This process involves a rigorous verification check by a Certificate Authority (CA) to confirm that you are the legitimate owner of the trademark. Because of this strict validation, a VMC is considered the gold standard and is what enables the coveted blue checkmark next to your logo in providers like 
A Common Mark Certificate (CMC) is a newer, more accessible alternative. Recognizing that the trademark requirement was a significant barrier for many businesses, the industry introduced the CMC. This certificate does not require a registered trademark. Instead, the validation process is simpler, often just verifying your organization's identity and control over the domain. While a CMC allows you to display your logo via BIMI, it typically does not grant you the blue verified checkmark. It was a huge step in making BIMI accessible for more brands.
Spamhaus
0Spam
Cisco
NoSolicitado
URIBL
abuse.ro
ALPHANET
Anonmails
Ascams
BLOCKEDSERVERS
Calivent Networks
EFnet
JustSpam
Kempt.net
NordSpam
RV-SOFT Technology
Scientific Spam
Spamikaze
SpamRATS
SPFBL
Suomispam
System 5 Hosting
Team Cymru
Validity
www.blocklist.de Fail2Ban-Reporting Service
ZapBL
2stepback.dk
Fayntic Services
ORB UK
technoirc.org
TechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftGmail.The primary difference lies in the level of trust conveyed. A VMC provides a much stronger signal to mailbox providers and users because the logo has been legally trademarked and verified. This is why
The introduction of the CMC was a game-changer for accessibility. The process of registering a trademark can be long, expensive, and is not always feasible for every business. CMCs democratized BIMI, allowing a much wider range of organizations to enhance their email presence with a logo. It prioritizes brand recognition for all, even if it comes with a slightly lower tier of identity verification.
For a sender, the choice between them depends on your goals, budget, and brand status. If you have a trademarked logo and want the highest level of trust and the visual benefits that come with it, a VMC is the way to go. If you don't have a trademark or are looking for a more straightforward path to displaying your logo, a CMC is an excellent and effective option.
So, how can you check what a specific company is using? You can’t just tell by looking at the logo in your inbox (unless you see the blue checkmark in Gmail, which is a strong hint for a VMC). You need to dig into their DNS records and inspect the certificate itself. It's a two-step process.
First, you need to find the domain's BIMI record. This is a TXT record located at default._bimi.yourdomain.com. You can use a command line tool like dig to look it up.
dig default._bimi.google.com TXTThe result will contain a URL in the a= tag, which points to the certificate file (usually ending in .pem). This is the certificate you need to inspect. Once you have this URL, you can download the certificate and use a tool like OpenSSL to read its contents and find the distinguishing field.
openssl x509 -in path/to/certificate.pem -text -nooutIn the output, you are looking for an X.509v3 extension related to BIMI. If it's a VMC, you will find an entry that explicitly references a trademark. If that specific identifier is missing, but the certificate is otherwise valid for BIMI, you can conclude it's a CMC. It’s a technical distinction, but it's the definitive way to tell the two apart.
Ultimately, the distinction between a VMC and a CMC reflects the evolving nature of email identity. What started as a high-bar, trademark-only system has adapted to become more inclusive. Both certificate types contribute to a safer and more visually rich email ecosystem, which is a win for everyone. The VMC offers unparalleled trust, while the CMC provides broad accessibility.
Knowing how to check the certificate type is a handy skill for anyone deep in the email deliverability space. It allows you to understand the level of investment and verification a brand has put into its BIMI implementation. Whether it's the premium trust of a VMC or the accessible branding of a CMC, seeing a logo in your inbox is a clear sign that the sender takes authentication seriously.
Google support both, but they differentiate by providing a verified checkmark only for VMCs. Other providers like 
Yahoo also have broad support for BIMI. Always check the current documentation for each mailbox provider, as support and features can evolve.
