To get your brand's logo to appear in your recipients' inboxes using BIMI (Brand Indicators for Message Identification), you need more than just a DMARC record and an SVG file. The core component that verifies your logo belongs to you is a special type of digital certificate. Without it, mailbox providers have no trusted way to confirm the authenticity of your logo.
There are primarily two types of certificates used for BIMI, each serving a different purpose depending on the status of your logo.
Verified Mark Certificates (VMC)
The most established and widely supported certificate for BIMI is the Verified Mark Certificate, or VMC. This is the certificate you'll need if your logo is a registered trademark. A VMC is a digital certificate that proves your organization has the legal right to use the logo you’re associating with your emails. Think of it as an official, verifiable link between your trademarked logo and your domain.
Certificate Authorities (CAs), also referred to as Mark Verifying Authorities (MVAs) in this context, perform a rigorous validation process before issuing a VMC. They verify that your organization is legitimate and that your logo has been registered with a recognized trademark office. As the BIMI Group states, these authorities are responsible for verifying the association of logos with domains and then issuing the VMC.
Common Mark Certificates (CMC)
What if your logo isn't a registered trademark? For a long time, this was a major barrier to BIMI adoption for many brands. To address this, the Common Mark Certificate (CMC) was introduced. A CMC is designed for organizations with unregistered logos.
A CMC still serves to prove that a specific organization owns its logo, but the verification process doesn't rely on a trademark database. The validation process for a CMC is still robust, just different, ensuring that the organization applying for the certificate is legitimate and has established use of the logo.
Which certificate do you need?
Choosing the right certificate is straightforward. Your choice depends entirely on the legal status of your logo:
- Use a VMC if your logo is a registered trademark with an intellectual property office. This is the most widely recognized path for BIMI.
- Use a CMC if your logo is not a registered trademark. This provides a path to BIMI adoption for businesses without trademarked assets.
A quick note on logo format
Regardless of which certificate you use, your logo must be in a specific file format. BIMI requires the logo to be a Scalable Vector Graphics (SVG) file, but not just any SVG will do.
As Mailgun points out, it must specifically be in the SVG Tiny 1.2 format. This is a restricted profile of SVG designed for security and simplicity, ensuring that no malicious code can be embedded within the logo file. You will need to convert your standard logo into this specific format before you can use it for BIMI.
What DNS record type is used for BIMI?
What image format is required for BIMI logos?
Is a VMC (Verified Mark Certificate) required for BIMI to display a logo?
Does BIMI authenticate the logo itself?
What kind of organization issues Verified Mark Certificates for BIMI?
What is the purpose of the 'cert=' parameter in a BIMI record?
