Summary
Setting up Brand Indicators for Message Identification (BIMI) with a Common Mark Certificate (CMC) involves several critical steps, ensuring your brand logo displays in supporting inboxes like Gmail and Yahoo. Unlike a Verified Mark Certificate (VMC), a CMC doesn't require a trademarked logo, making it more accessible for many organizations. However, it still demands strict adherence to DMARC enforcement and specific logo format requirements. The process often reveals common challenges, particularly around DMARC policy alignment and SVG logo conversion.
Key findings
- DMARC prerequisite: BIMI with CMC mandates a DMARC policy set to enforcement (p=quarantine or p=reject) for the organizational domain and any relevant subdomains.
- CMC acquisition: A CMC must be obtained from an accredited Certificate Authority (CA), which typically also provides hosting services and detailed setup instructions.
- Logo requirements: The logo needs to be in a specific SVG Tiny PS format. This often requires careful conversion and optimization, as standard graphic design tools may not produce compliant files directly.
- Logo usage history: The logo should have been in consistent public use on your website's homepage for a specified duration, often at least a year, before applying for a CMC.
Key considerations
- DMARC enforcement: Ensure your DMARC record is fully enforced at either a quarantine or reject policy for all sending domains. This is a non-negotiable prerequisite for BIMI adoption.
- Logo conversion: Anticipate potential difficulties in converting your logo to the precise SVG Tiny PS format. This may require specialized tools or graphic design expertise beyond standard software. Refer to the BIMI Group's implementation guide.
- Monitoring: Even with a single main domain, robust DMARC monitoring is crucial to ensure legitimate emails are not quarantined or rejected once the policy is enforced.
- Certificate Authority selection: Choose a reputable CA that is authorized to issue CMCs and offers comprehensive support throughout the setup process.
What email marketers say
Email marketers often approach BIMI with CMC from a practical perspective, balancing brand visibility goals with the technical challenges and resource allocation. They seek clear, actionable guides and value solutions that simplify the implementation process. Common concerns revolve around the DMARC prerequisite, the complexity of logo formatting, and the need for ongoing monitoring, especially for smaller brands with limited technical support.
Key opinions
- CMC as VMC alternative: Marketers see CMC as a viable alternative to VMC, particularly when a trademarked logo isn't feasible, recognizing the differing brand usage requirements.
- DMARC enforcement challenge: Upgrading DMARC from a 'none' policy to 'quarantine' or 'reject' is a significant hurdle for many, especially smaller organizations that may lack the technical expertise to monitor for potential email disruptions.
- Logo conversion complexity: A common sentiment is that preparing the logo in the required SVG Tiny PS format is surprisingly difficult and time-consuming, often requiring external graphic design assistance.
- Value of external assistance: Many marketers would prefer to outsource graphic design for BIMI logos due to the specialized nature and time commitment involved.
Key considerations
- Prioritize DMARC: Before considering CMC, ensure your organization has a fully enforced DMARC policy. This is a foundational step for BIMI implementation.
- Resource allocation: Be prepared to allocate resources for DMARC policy enforcement monitoring and potential graphic design work. Consider if your brand needs a VMC or a CMC.
- CMC vendor support: Look for DMARC and CMC vendors who offer end-to-end support, including assistance with certificate issuance and SVG logo optimization, as highlighted by The SSL Store.
- Visual design specifics: Understand that common graphic design elements like gradients and complex curves can complicate SVG Tiny PS conversion, necessitating simplified logo versions or specialized tools.
Marketer view
Marketer from Email Geeks notes that the CMC process is similar to VMC, but with different brand usage requirements. This implies an easier path for brands without registered trademarks.
Marketer view
Marketer from CheapSSLWeb.com Resources emphasizes that setting up BIMI is crucial for adding a verified logo to business emails, helping brands stand out in the inbox.
What the experts say
Experts emphasize the foundational role of DMARC enforcement for BIMI with CMC, going beyond a mere presence to a robust policy of quarantine or reject. They also shed light on the intricacies of logo preparation, identifying specific graphic design challenges and optimal conversion workflows. Expert advice points towards the necessity of working with accredited Certificate Authorities and considering comprehensive DMARC monitoring, especially for domains that serve as primary sending identities.
Key opinions
- DMARC enforcement is mandatory: DMARC must be set to an enforcing policy (quarantine or reject) at both the organizational domain and any subdomains used for sending.
- Logo conversion is difficult: Converting a logo to the precise SVG Tiny PS format is frequently cited as the hardest part of CMC implementation.
- Graphic design tool limitations: Traditional graphic design tools may not be ideal for creating BIMI-compliant SVG Tiny PS files, especially with complex elements like bezier curves, gradients, and transparencies.
- Importance of logo history: The logo intended for BIMI should have a demonstrable history of public use on the company's website (e.g., at least a year) before applying for the CMC.
Key considerations
- DMARC monitoring for all domains: Even for domains with a single main sending identity, comprehensive DMARC monitoring is crucial when enforcing a policy, to prevent unintended email blocking.
- Specialized SVG tools: Be prepared to use specialized SVG editing tools like Inkscape, or conversion processes, to ensure the logo meets the strict SVG Tiny PS format. This is further detailed on Spamresource.com.
- CA selection: Work with a Certificate Authority that is accredited to issue CMCs and can guide you through the process, including hosting the certificate.
- Iterative logo refinement: Expect to potentially redraw or significantly modify your logo to comply with the SVG Tiny PS specifications, particularly if it contains complex graphic elements. This directly relates to troubleshooting SVG issues.
Expert view
Expert from Email Geeks advises that DMARC must be in an enforcing mode, meaning either a quarantine or reject policy, as a fundamental requirement before proceeding with CMC setup.
Expert view
Expert from Spamresource.com details how to prepare for deliverability events, which often include discussions on advanced email authentication like BIMI and CMC, emphasizing the need for robust DMARC.
What the documentation says
Official documentation and technical guides provide the foundational requirements for BIMI with CMC. These resources outline the strict DMARC enforcement policies, specific SVG logo formatting, and the role of Certificate Authorities. They also clarify the distinctions between CMC and VMC regarding trademark requirements and the visual indicators in supporting email clients. Understanding these documented standards is crucial for successful implementation and troubleshooting.
Key findings
- DMARC enforcement: BIMI requires a DMARC policy of p=quarantine or p=reject to ensure authenticated emails are delivered and unauthenticated ones are handled as specified.
- SVG Tiny PS format: The logo must be a square SVG (Scalable Vector Graphics) file specifically in the SVG Tiny PS format, with precise sizing and styling requirements.
- Common Mark Certificate (CMC): A CMC is a digital certificate that validates ownership of a logo without requiring a registered trademark, making BIMI accessible to more organizations.
- CA role: Accredited Certificate Authorities (CAs) are responsible for verifying logo ownership, issuing the CMC, and hosting the SVG file at a public URL specified in the BIMI DNS record.
Key considerations
- DNS record accuracy: The BIMI DNS TXT record must accurately point to the hosted SVG logo and CMC. Any error will prevent logo display.
- Logo compliance: Ensure your SVG logo strictly adheres to the SVG Tiny PS profile. This involves removing unsupported elements like animations, scripts, and complex filters. The BIMI Group provides detailed FAQs.
- Domain alignment: DMARC, SPF, and DKIM must all align with the organizational domain to successfully pass authentication checks and enable BIMI.
- Email client support: While CMC enables logos, only VMC currently grants the blue checkmark in Gmail. It's important to understand which clients support BIMI and their specific requirements for displaying your logo.
Technical article
Documentation from BIMI Group emphasizes that DMARC must be fully implemented and in an enforcing policy (quarantine or reject) for BIMI to function correctly. This is the bedrock of BIMI security.
Technical article
Documentation from The SSL Store explains that a Mark Certificate (VMC or CMC) is required to display your brand avatar in email recipients' inboxes using BIMI. This certificate links your logo to your domain.
Related resources
9 resources
Related pages
What are the requirements and implementation steps for BIMI?
How to set up BIMI and Google Promotion Tab logos, and troubleshoot SVG issues?
How do I set up DMARC for BIMI and what are the key considerations?
How do I validate BIMI records and fix common errors?
What are the requirements to implement BIMI, and which providers support it?
What are the costs and steps for implementing BIMI (Brand Indicators for Message Identification)?
What are the benefits of using CMC certificates for BIMI logos?
A guide to BIMI accredited certificate providers
A guide to validating your BIMI SVG and certificate
Which email clients actually support BIMI?
