What is the primary difference between a VMC and a CMC?

A VMC requires a logo to be a registered trademark , offering higher assurance and often a blue checkmark. A CMC is for logos protected by prior use or modified registered marks and typically does not provide extra trust indicators.

How can I technically check if a BIMI certificate is a VMC or CMC?

You can examine the certificate's X.509 fields for the _subject:markType field (OID: 1.3.6.1.4.1.53087.1.13 ). Values like 'Registered Mark' or 'Government Mark' indicate a VMC, while 'Prior Use Mark' or 'Modified Registered Mark' indicate a CMC.

Do I always need a VMC certificate for my BIMI logo to appear?

No, a VMC is not always strictly required for a BIMI logo to appear, as CMCs can also enable logo display. However, VMCs provide enhanced trust indicators and broader support from major email clients like Gmail .

Are CMCs a cost-effective alternative to VMCs?

While CMCs might appear to be a more affordable alternative, the verification process and associated costs are often comparable to VMCs. Additionally, the strict modification limits can make them less practical for many organizations.

What is the importance of a registered trademark for BIMI?

A registered trademark is crucial for obtaining a VMC, which signals the highest level of brand authenticity. This ensures your logo is officially protected, reducing brand impersonation risks and securing optimal display and trust indicators in supporting email clients.

How can you tell if a BIMI certificate is a VMC or CMC? - DMARC - Email authentication - Knowledge base

Understanding the nuances of Brand Indicators for Message Identification (BIMI) certificates can feel like navigating a complex maze. When you're working with BIMI, you'll encounter two primary types of certificates: Verified Mark Certificates (VMC) and Common Mark Certificates (CMC). Both serve to display your brand's logo in email clients, but their underlying validation requirements and market adoption differ significantly.

It's essential to know which type of certificate a domain is using, not just for technical validation but also to understand the level of brand authenticity and protection it represents. The process involves inspecting specific fields within the digital certificate itself. While this might sound intimidating, with the right information, it's quite straightforward.

I often see questions about how to set up BIMI, and a common point of confusion revolves around whether a VMC is always required. Knowing the difference between VMCs and CMCs will help clarify this and guide you in making informed decisions about your email authentication strategy.

The difference between VMC and CMC

VMCs and CMCs are both types of digital certificates used with BIMI, but they validate different kinds of brand marks. A Verified Mark Certificate (VMC) requires your brand's logo to be a registered trademark with an approved intellectual property office. This high level of validation provides strong assurance of brand ownership and authenticity, often leading to a visible trust indicator (like a blue checkmark) in supporting email clients such as Gmail.

Conversely, a Common Mark Certificate (CMC) is designed for logos that might not be registered trademarks but are protected by prior use or as modified registered marks. While CMCs still offer brand logo display, they do not carry the same level of legal backing as a registered trademark, which can affect their universal acceptance and the display of additional trust indicators in some email environments. You can learn more about these BIMI certificate types.

The distinction is crucial for understanding the requirements and alternatives for BIMI, particularly concerning trademark jurisdiction and costs. Generally, VMCs are seen as the gold standard for BIMI implementation due to their robust validation process, which is why most major mailbox providers prioritize them for displaying brand logos and additional trust signals.

How to identify the certificate type

To determine whether a BIMI certificate is a VMC or a CMC, you need to examine its X.509 certificate fields. The key differentiator lies in the markType field, which is specifically designed to indicate the type of mark being validated. This field is identified by a unique Object Identifier (OID).

BIMI Mark Type OIDtext

OID: 1.3.6.1.4.1.53087.1.13
Field Name: _subject:markType

You can typically view certificate details using various online SSL/TLS certificate checkers or directly through your web browser's security information panel. Once you access the certificate, look for the field identified by the OID 1.3.6.1.4.1.53087.1.13 or the common name _subject:markType. The value of this field will explicitly tell you the certificate type. For a comprehensive understanding of the allowed modifications for CMCs, refer to Section 3.2.16.2 of the VMC Requirements document.

markType Value	Certificate Type	Trademark Requirement
Registered Mark	VMC	Valid, registered trademark
Government Mark	VMC	Registered by government entity
Prior Use Mark	CMC	Protected by prior use, not registered
Modified Registered Mark	CMC	Registered mark with specific allowed modifications

By checking the markType value, you can definitively identify whether a given BIMI certificate is a VMC or a CMC. This technical detail is key to diagnosing any issues with why your BIMI logo might not be showing up, particularly if you're expecting a VMC-level trust indicator.

Implications and considerations

The choice between a VMC and a CMC, or even whether a VMC is required for BIMI logo display, significantly impacts your brand's presence in the inbox. VMCs offer the highest level of assurance, directly correlating with a registered trademark. This translates to broader support from email clients, including the potential for those coveted blue checkmarks in Gmail and other supporting providers.

Validation: Requires a logo that is a registered trademark with a recognized IP office. The validation process is stringent and thorough.

Cost: Generally higher due to the extensive validation required and the legal protections it offers.

Trust Indicators: Enables enhanced trust signals like blue checkmarks in email clients that support VMCs (e.g.,

Gmail). This adds a strong visual cue of authenticity for recipients.

Validation: For logos protected by prior use or as specific allowed modifications to a registered mark. Validation is less stringent than for VMCs.

Cost: While often marketed as a more affordable option, the practical cost and verification efforts can be similar to VMCs.

Trust Indicators: Typically does not offer the same enhanced trust signals as VMCs. While it displays the logo, it lacks the blue checkmark.

Despite CMCs being a viable option for some, their strict modification limits and comparable costs to VMCs mean they haven't seen widespread adoption. Many Certificate Authorities (CAs) tend to be cautious when issuing CMCs to ensure compliance with the precise definitions of 'modified registered mark' or 'prior use mark.' This often leads to organizations opting for VMCs to leverage the highest level of brand assurance and email client support.

Always ensure your DMARC policy is at quarantine or reject before implementing BIMI. This foundational step is critical for demonstrating email authentication maturity to mailbox providers. Regularly monitor your DMARC reports to ensure proper alignment and prevent deliverability issues, whether you use a VMC or CMC. Suped offers robust DMARC monitoring with AI-powered recommendations and real-time alerts to simplify this process.

Views from the trenches

Best practices

Validate your trademark registration carefully before pursuing a VMC to avoid delays.

Ensure your BIMI SVG logo meets all specifications for consistent display across email clients.

Maintain a DMARC policy at 'quarantine' or 'reject' for at least 90 days before seeking a BIMI certificate.

Regularly monitor your DMARC reports for any authentication failures after BIMI implementation.

Common pitfalls

Assuming a CMC offers the same benefits as a VMC, especially regarding trust indicators.

Underestimating the cost and verification efforts for CMC, which can be similar to VMCs.

Failing to meet strict modification limits for CMC, leading to certification rejections.

Not having a registered trademark, making VMC acquisition impossible and limiting BIMI impact.

Expert tips

The markType field in the X.509 certificate is the definitive way to distinguish VMC from CMC.

VMCs provide superior brand trust and broader email client support compared to CMCs.

The BIMI Group’s VMC Requirements document details specific allowed modifications for CMCs.

Issuers are typically cautious with CMCs due to stringent modification rules.

Expert view

Expert from Email Geeks says that one of the fields in the certificate directly identifies whether it's a VMC or CMC. Specifically, the markType field is the key indicator.

2025-07-16 - Email Geeks

Expert view

Expert from Email Geeks explains that you can infer the certificate type from the markType field. 'Registered Mark' or 'Government Mark' indicates a VMC, while 'Prior Use Mark' or 'Modified Registered Mark' indicates a CMC.

2025-07-16 - Email Geeks

Final thoughts on BIMI certificate types

Distinguishing between a VMC and a CMC is fundamental to a successful BIMI implementation. By checking the markType field within the BIMI certificate, you gain clarity on the level of brand validation and the expected behavior of your logo in supporting email clients. Remember that while CMCs exist, VMCs offer the most robust authentication and visibility benefits for your brand.

For organizations serious about email security and brand recognition, pursuing a VMC remains the recommended path. It aligns with the highest standards of email authentication, including DMARC, SPF, and DKIM, by providing verifiable proof of trademark ownership. This not only enhances your email deliverability but also protects your brand from impersonation and phishing attacks.

As email security standards evolve, tools that simplify DMARC, SPF, and DKIM management are invaluable. Suped provides an intuitive platform to monitor your email authentication, offering actionable insights that help you maintain strong email deliverability and ensure your BIMI logo displays correctly.