Do I need a VMC for BIMI to work with Google and Gmail?

Key findings

• Initial requirement: Gmail historically mandated a VMC for BIMI logo display, setting a high bar for brand verification.
• Evolving support: Google has recently expanded its support to include Common Mark Certificates (CMCs), providing a less stringent pathway for some senders to implement BIMI.
• DMARC prerequisite: Regardless of the certificate type, a strong DMARC policy (at quarantine or reject) remains a fundamental requirement for BIMI to function with Gmail and other participating mailbox providers.
• Distinction from workarounds: Displaying a logo through Google Profile images is not equivalent to BIMI and does not offer the same level of verified brand trust or security benefits derived from DMARC enforcement.
• Industry movement: The BIMI working group and other industry bodies are continually exploring ways to simplify the VMC acquisition process, recognizing the challenges many organizations face.

Key considerations

• VMC versus CMC: Determine whether your brand requires the heightened trust and broader display potential of a VMC (often for trademarked logos) or if a CMC suffices for current Gmail requirements.
• DMARC policy: Ensure your domain's DMARC policy is set to quarantine or reject to meet the foundational requirements for BIMI implementation. You can learn more about how to set up DMARC for BIMI.
• Logo display consistency: Understand that while BIMI offers standardized logo display, certain interfaces within Gmail might still rely on other mechanisms, such as Google Profile images. For more details on displaying logos in inboxes, including Gmail, check our guide on how to display your logo in email inboxes.
• Future-proofing: While workarounds might offer immediate visual branding, investing in BIMI with a recognized certificate is generally considered the future-proof approach for consistent and verified brand display.
• Certification process: Be aware of the process and requirements for obtaining either a VMC or CMC from accredited Certificate Authorities. The BIMI Group website provides further information on VMCs and their role in BIMI.

Key opinions

• VMC complexity: Many marketers find the process of acquiring a VMC to be overly complex or cost-prohibitive, especially for smaller businesses or those without registered trademarks.
• Workaround reliance: There's a common reliance on non-BIMI methods, such as setting up a Google Workspace profile image, to display a logo in Gmail due to their simplicity, even if these are not standardized.
• Temporary solutions: Some marketers acknowledge that while these workarounds function today, they are likely temporary and may not be supported indefinitely by mailbox providers like Google.
• BIMI as a branding tool: The primary appeal of BIMI for marketers is often its branding and trust-building capabilities, rather than a direct security enhancement, which is more squarely attributed to DMARC.
• Gradual adoption strategy: A phased approach, starting with DMARC and then exploring BIMI without a VMC (for providers like Yahoo!) before committing to a VMC, is a common strategy.

Key considerations

• Cost-benefit analysis: Evaluate the investment required for a VMC against the marketing and brand trust benefits it provides for your specific audience and email volume.
• Brand consistency: Consider how your logo will appear across different email clients, as non-BIMI methods may not offer universal support. For details on which email clients support BIMI, see our guide on BIMI client support.
• Future landscape: While current workarounds exist, prepare for a future where BIMI with a verified certificate becomes the sole or preferred method for displaying authenticated brand logos.
• Promotions tab visibility: Note that Gmail's promotions tab can display logos through annotations, which is a separate mechanism from BIMI.
• Alternative paths: Explore alternative, simpler paths for achieving a BIMI-like effect, such as using a Common Mark Certificate, if it aligns with your brand's verification needs. You can read more about the pricing and approach behind VMC and BIMI.

Key opinions

• VMC for Gmail: Experts consistently stated that a VMC was historically and typically required for a brand's logo to appear via BIMI in Gmail inboxes.
• Workaround vs. standard: They differentiate clearly between BIMI, which is a standardized protocol tied to DMARC, and non-standard workarounds like Google Profile images, which do not offer the same security guarantees.
• Security benefits: While BIMI itself is a branding mechanism, its requirement of DMARC with an enforcement policy (quarantine or reject) provides the underlying security benefit by ensuring only authenticated emails display the logo.
• Future of workarounds: Experts predict that non-BIMI logo display methods will likely be deprecated over time as mailbox providers move towards more standardized and verifiable solutions.
• BIMI working group efforts: There are ongoing efforts within the BIMI working group to simplify the VMC certification process to encourage broader adoption.

Key considerations

• Standard adoption: Prioritize adopting standardized protocols like BIMI for long-term brand presence and email authentication.
• DMARC enforcement: Ensure that DMARC is properly implemented at an enforcement policy (p=quarantine or p=reject) as it is the critical security component underlying BIMI. For more on DMARC policies, refer to our guide on DMARC record and policy examples.
• Trust and legitimacy: Understand that BIMI, particularly with a VMC, signals a higher level of trust and brand legitimacy to mailbox providers and recipients, which workarounds cannot replicate.
• Evolution of standards: Stay informed about updates from organizations like the BIMI Group and Google regarding changes to BIMI requirements and supported certificate types (e.g., CMCs).
• Comprehensive strategy: Consider BIMI as part of a broader email authentication strategy that includes SPF, DKIM, and DMARC to maximize deliverability and brand protection. You can also explore whether BIMI improves email deliverability.

Key findings

• VMC as initial requirement: Google's original documentation for bringing BIMI to Gmail in Google Workspace explicitly stated the need for a VMC to take advantage of BIMI, alongside DMARC adoption.
• Common Mark Certificates (CMCs): More recent announcements from the BIMI Group and Google indicate that Google has expanded its support to include Common Mark Certificates, which do not require a registered trademark.
• DMARC enforcement: Regardless of the certificate type (VMC or CMC), DMARC must be implemented with an enforcement policy (p=quarantine or p=reject) for BIMI to be recognized by Gmail.
• Verified checkmark: Gmail's web interface displays a verified checkmark for senders who have adopted BIMI with a registered trademark and VMC, signaling a higher level of trust.
• Standardization goal: BIMI is a standard designed to provide a secure and consistent way for organizations to display their brand logos in email clients, aiming for broader adoption across the email ecosystem.

Key considerations

• Staying updated: Always refer to the latest official documentation from Google Workspace and the BIMI Group for the most current requirements and supported certificate types.
• Trademark status: Determine if your brand's logo is registered with a trademark office, as this dictates whether you can obtain a VMC (for enhanced verification) or if a CMC is suitable.
• DNS configuration: Ensure your DNS records are correctly configured for DMARC, SPF, DKIM, and the BIMI record itself, as per the technical specifications. For more, see our page on the requirements and implementation steps for BIMI.
• SVG logo format: Adhere to the strict SVG file requirements for BIMI logos, including security features like Tiny P/S. You can find more information on BIMI SVG requirements here.
• Provider-specific nuances: While BIMI is a standard, individual mailbox providers may have slight variations or preferences in their implementation, making it essential to consult their specific guidelines.