What is a Common Mark Certificate (CMC)?

A Common Mark Certificate (CMC) is a digital certificate that validates your ownership of a logo for use with BIMI. Unlike a Verified Mark Certificate (VMC), a CMC does not require your logo to be a registered trademark, making it a more accessible option for many businesses to display their brand logo in supporting email inboxes.

Is an enforced DMARC policy required for BIMI with a CMC?

Yes, a DMARC policy with an enforcing action (either p=quarantine or p=reject ) is a strict requirement for BIMI to work. If your DMARC policy is set to p=none , your BIMI logo will not be displayed. You should transition your DMARC policy to an enforcing mode after thorough monitoring and addressing any authentication issues.

What are the common issues with SVG logo files for BIMI?

The SVG logo file must adhere to the SVG Tiny Portable/Secure (PS) 1.2 format. Common issues include using unsupported features like gradients, transparency, or complex bezier curves from standard graphic design software. It's often necessary to simplify the logo or use a specialized tool or service to convert it to the correct format.

Does a CMC guarantee my logo will show up in all email clients?

While CMCs allow your logo to be displayed in inboxes that support BIMI (like Gmail and Yahoo) without a trademark, not all email clients support CMCs equally. For instance, Apple Mail currently requires a Verified Mark Certificate (VMC) for BIMI logo display, which does necessitate a registered trademark. You can review which email clients support BIMI .

My BIMI logo is not showing, what should I do?

You can troubleshoot by checking your DMARC policy, validating your SVG file with the BIMI Group's validator, using an online BIMI record checker to verify your DNS TXT record, ensuring your CMC is valid, and confirming that both your SVG and PEM files are hosted securely via HTTPS and are publicly accessible. DNS propagation can also cause delays, so allow up to 48 hours for changes to take effect.

How do I set up BIMI with a CMC, and what are common issues? - Technical - Email deliverability - Knowledge base

Brand Indicators for Message Identification, or BIMI, is an email specification that allows your brand's logo to appear next to your emails in a recipient's inbox. This visual verification significantly boosts brand recognition and trust, making your emails stand out. For a long time, implementing BIMI often required a Verified Mark Certificate (VMC), which mandated a registered trademark.

However, with the introduction of the Common Mark Certificate (CMC), BIMI has become much more accessible, especially for brands that may not have a registered trademark. Google's support for CMC has opened the door for more businesses to adopt this powerful email authentication standard. Setting up BIMI with a CMC involves a few key steps, and knowing the potential pitfalls can save you a lot of time and frustration.

Prerequisites for BIMI with a CMC

Before you can even think about getting a Common Mark Certificate or publishing a BIMI record, your domain needs to have a solid foundation of email authentication. This means ensuring your SPF, DKIM, and DMARC records are correctly configured and actively working. These protocols are crucial because BIMI relies on them to verify that the emails are legitimately from your domain.

The most critical prerequisite is having a DMARC policy that is in an enforcing mode, specifically at p=quarantine or p=reject. A p=none policy, while useful for initial monitoring, will not allow BIMI to activate. You also need to ensure your DMARC policy is applied to both your organizational domain and any subdomains you use for sending. This comprehensive coverage is essential for email security and deliverability.

Important: DMARC enforcement

For BIMI to display your logo, your DMARC policy must be set to p=quarantine or p=reject. If your policy is currently p=none, you will need to transition it carefully. We offer resources on how to safely transition your DMARC policy to an enforcing mode. Be sure to address any DMARC failures and ensure domain alignment for your emails.

Additionally, the logo you intend to use for BIMI must already be publicly visible and in consistent use on your brand's official website or other public-facing platforms for a reasonable period, often around a year. This helps Certificate Authorities (CAs) verify the legitimate association between your brand and the logo, a key step in the CMC issuance process.

Obtaining your common mark certificate

Once your email authentication is solid, the next step is to acquire your Common Mark Certificate. CMCs are issued by trusted Certificate Authorities (CAs) such as DigiCert. Unlike Verified Mark Certificates (VMCs), CMCs do not require your logo to be a registered trademark, which significantly lowers the barrier to entry for many organizations, making BIMI accessible to a wider range of businesses. You can find a guide to BIMI accredited certificate providers to help you choose.

The process typically involves submitting your logo and domain information to a CA for verification. The CA will perform checks to confirm your ownership of the domain and the public usage of your logo. Once verified, they will issue the CMC, which is essentially a digital certificate that cryptographically binds your logo to your domain.

Many CAs that issue CMCs also offer hosting services for your BIMI assets (the SVG logo and the CMC file). This simplifies the setup, as you won't need to configure your own hosting. They provide the necessary URLs for your BIMI DNS record.

Feature	Common Mark Certificate (CMC)	Verified Mark Certificate (VMC)
Trademark Requirement	No trademark required, only public use of logo. Ideal for Gmail and Yahoo.	Requires a registered trademark. Supports more email clients, including Apple Mail.
Verification Process	Domain ownership and public logo usage verified by CA.	Rigorously verifies trademark ownership and domain control.
Cost	Generally less expensive than VMCs.	Typically more expensive due to trademark verification.
Blue Checkmark (Gmail)	Displays logo, but not a blue checkmark (yet).	Displays logo and a blue checkmark in Gmail.

Preparing your BIMI SVG logo

The logo file itself is a critical component of your BIMI setup. It must be in the SVG Tiny Portable/Secure (PS) format. This isn't just any SVG file, as many design tools (like

Adobe Illustrator) can create complex SVG features (like gradients, transparency, or certain bezier curves) that are not supported by the strict SVG Tiny PS standard. This is often the trickiest part of the entire BIMI implementation.

To ensure compliance, you'll likely need to simplify your logo design significantly. Sometimes, it's easier to redraw the logo from scratch using a vector graphics editor like Inkscape, which offers better control over the SVG output for BIMI. The BIMI Group also provides a specific tool for converting SVGs to the required Tiny PS format, which helps validate the file. After conversion, your CA will usually host this SVG file for you, providing a direct URL to include in your DNS record.

SVG Tiny PS guidelines

Format: Must be SVG Tiny Portable/Secure (PS) version 1.2.
Square Aspect Ratio: The logo should be square or fit within a square canvas.
HTTPS Hosting: The SVG file must be hosted on a secure, HTTPS-enabled server.
No External References: The SVG file cannot contain external links or scripts.
Small File Size: Keep the file size minimal for faster loading.

Here's a simplified example of what the raw SVG code might look like, adhering to the BIMI requirements. Note that this is a very basic example and actual logos will be more complex, but they must still conform to the SVG Tiny PS specification.

Example SVG Tiny PS logoxml

<svg width="100" height="100" xmlns="http://www.w3.org/2000/svg" version="1.2" baseProfile="tiny-ps">
  <rect x="0" y="0" width="100" height="100" fill="#0056b3"/>
  <text x="50" y="60" font-family="Arial" font-size="40" fill="white" text-anchor="middle">S</text>
</svg>

Publishing your BIMI DNS record

The final step in setting up BIMI with a CMC is to publish a BIMI TXT record in your domain's DNS. This record tells email providers where to find your SVG logo and your CMC file. The record typically includes the BIMI version, a selector (often default or bimi), and the HTTPS URLs for your SVG logo and CMC. Your Certificate Authority will provide the exact URLs for your specific certificate.

Example BIMI DNS TXT Recorddns

default._bimi.yourdomain.com IN TXT "v=BIMI1;l=https://yourca.com/yourlogo.svg;a=https://yourca.com/yourcert.pem;"

After adding the record, remember that DNS changes can take time to propagate across the internet, typically up to 48 hours. Use a BIMI checker to validate your BIMI record and ensure everything is configured correctly. A validated record means your logo is ready to display in supporting inboxes.

Common BIMI issues and troubleshooting

Even with careful setup, you might encounter issues that prevent your BIMI logo from displaying. These can range from authentication failures to problems with your logo file or DNS record. It's important to approach troubleshooting systematically.

One common problem is DMARC not being in an enforced policy. If your DMARC record is still at p=none, your BIMI logo won't appear. Another frequent issue is an incorrectly formatted SVG logo. Despite appearing correct in a standard image viewer, the SVG Tiny PS requirements are very strict. Check your SVG file for common issues that can cause display problems.

Common issues

DMARC policy: Not set to p=quarantine or p=reject.
SVG format: Logo file is not in SVG Tiny PS format or contains unsupported elements (gradients, transparency, complex curves).
DNS record: Incorrectly published BIMI TXT record, typos, or DNS propagation delays.
Certificate issues: CMC expired, revoked, or not properly linked in the BIMI record.
Hosting: SVG or PEM file not accessible via HTTPS or incorrect URL.

Troubleshooting steps

Verify DMARC: Confirm your DMARC policy is at p=quarantine or p=reject, and that emails pass DMARC alignment.
Check SVG: Use the BIMI Group SVG Validator to ensure strict compliance. Re-export or redraw if necessary.
Inspect DNS: Use an online BIMI record checker to confirm the TXT record is correctly published and propagated.
Certificate status: Confirm your CMC is valid and not expired with your Certificate Authority.
HTTPS verification: Ensure both SVG and PEM URLs are accessible and use HTTPS.

If, after all these checks, your logo still isn't showing, consult specific provider documentation. While

Gmail and Yahoo support CMCs, other clients like

Apple Mail may still require a VMC. For more general troubleshooting, refer to our guide on how to troubleshoot BIMI logo not showing.

Views from the trenches

Best practices

Ensure DMARC is enforced with a p=quarantine or p=reject policy.

Use the official BIMI Group SVG Tiny PS validator for your logo file.

Choose a reputable Certificate Authority that offers CMC hosting services.

Common pitfalls

Forgetting to update DMARC from p=none, which prevents BIMI from working.

Using an SVG file that contains unsupported elements like gradients or transparency.

Typos in the BIMI DNS TXT record, particularly in the URLs for the logo or certificate.

Expert tips

If your logo has complex elements, consider simplifying it or redrawing it in a tool like Inkscape for better SVG Tiny PS compliance.

Leverage your Certificate Authority's support team, as they are experts in certificate issuance and BIMI asset hosting.

Set up alerts for DMARC reporting to proactively address any authentication failures that might impact your BIMI display.

Expert view

Expert from Email Geeks says the process for CMC is very similar to VMC, with the main difference being the brand usage requirements.

2024-10-10 - Email Geeks

Expert view

Expert from Email Geeks says the hardest part of their first CMC implementation was converting the logo properly, as drawing tools can create elements that break in Tiny SVG.

2024-10-29 - Email Geeks

Enhancing brand trust with BIMI and CMC

Implementing BIMI with a Common Mark Certificate is a significant step towards enhancing your email deliverability and strengthening your brand's presence in the inbox. By following the outlined steps, from ensuring robust email authentication to preparing your logo and publishing the DNS record, you can successfully display your brand's logo.

While common issues like DMARC policy not being enforced or incorrect SVG formats can arise, a systematic approach to troubleshooting will help resolve them quickly. Leveraging the accessibility of CMCs, particularly with platforms like