What are the differences between CMC and VMC certificates, including cost and requirements?

Key findings

• Verification rigor: VMCs demand a legally registered trademark for the logo, ensuring a stringent verification process. CMCs accept proof of prior usage or existence of the logo, making them easier to obtain for businesses without registered trademarks.
• Visual distinction: A key benefit of a VMC is the display of a blue verification checkmark next to the logo in supporting email clients (like Gmail), signaling higher trust. CMCs only display the logo, without this additional checkmark.
• Cost implications: CMCs are generally more affordable than VMCs, primarily because they bypass the costly and time-consuming trademark registration process. However, both still involve annual fees to certification authorities.
• Market support: Initially, CMC support was primarily limited to Gmail, while VMCs enjoyed broader adoption. The landscape is evolving, but VMC still often offers wider recognition across email clients.
• Accessibility: CMCs are designed to make BIMI more accessible to a wider range of organizations, including smaller businesses or those with less formal branding registration.

Key considerations

• Trademark status: Your existing trademark status is the primary determinant. If you have a registered trademark, a VMC is the natural choice. If not, a CMC offers a viable alternative to still display your logo.
• Budget and resources: Consider the financial investment for the certificate itself and the underlying trademark registration if pursuing a VMC. CMCs can be a more cost-effective way to get started with BIMI.
• Brand trust goals: Assess whether the added visual trust of a blue checkmark is crucial for your brand's perception and deliverability strategy. For some, the logo alone is sufficient.
• Certification authority availability: Not all certification authorities (CAs) currently offer CMCs, or they may market them under different names. For example, DigiCert offers both types of mark certificates.

Key opinions

• Cost efficiency: Many marketers view CMCs as a more accessible and cost-effective entry point into displaying logos via BIMI, especially for brands that haven't secured a registered trademark.
• Simpler acquisition: The process for obtaining a CMC is perceived as significantly less cumbersome than a VMC, as it avoids the extensive legal and financial requirements of trademark registration.
• Gmail focus: CMCs are seen as particularly relevant for those whose primary audience is on Gmail, given its early support for this certificate type.
• Brand visibility boost: Even without the blue checkmark, displaying a logo through a CMC is still considered a valuable step for brand recognition and improving engagement in the inbox.
• Trust signals: Marketers recognize that the blue checkmark from a VMC offers a stronger, more explicit trust signal to recipients, potentially leading to higher open rates and reduced spam complaints.

Key considerations

• Future adoption: The long-term widespread adoption of CMCs by other mail providers besides Gmail is a common question, influencing investment decisions.
• Validation process clarity: There's an ongoing need for clarity on the exact verification steps and requirements for CMCs, particularly concerning how closely a graphic must match existing usage to pass CA muster.
• Provider availability: Confirming which certificate authorities (CAs) actually offer CMCs (and under what names) can be challenging, as some providers like Entrust may not publicly sell them.

Key opinions

• Trademark as core difference: The fundamental distinction is the VMC's requirement for a registered trademark, which the CMC bypasses by accepting proof of existing use, making it more flexible.
• Trust signal strength: VMCs offer a stronger trust signal (the blue checkmark) due to their rigorous validation, which may lead to better deliverability and user confidence compared to CMCs.
• Market adoption: While CMCs are new and initially Gmail-centric, experts anticipate broader adoption by other mail providers over time, increasing their utility.
• CA verification diligence: Certificate Authorities (CAs) are expected to conduct thorough, albeit practical, checks for CMC issuance to ensure legitimacy without being overly burdensome to applicants.
• DigiCert's approach: DigiCert appears to be offering a CMC-like certificate under the name 'DigiCert Mark Certificate', indicating their commitment to broader BIMI adoption.

Key considerations

• Evolving process: Given the relative newness of CMCs, the exact commercial and verification processes from CAs are still developing and may require direct inquiry.
• Provider availability: Not all established VMC providers, such as Entrust, publicly offer CMCs, necessitating research into alternative options.

Key findings

• Defined processes: The verification processes for both CMCs and VMCs are explicitly outlined in the BIMI Group's 'Minimum Security Requirements for Issuance of Mark Certificates' document.
• Trademark vs. prior use: VMCs necessitate a trademark registered with an official Intellectual Property Office. CMCs require verifiable proof of the mark's prior existence and legitimate use, not necessarily a trademark.
• Visual outcome: VMCs are designed to display the logo with an authenticated checkmark, while CMCs are generally for logo display without this additional verification indicator.
• Provider implementation: Some CAs, like DigiCert, clarify their implementation of CMCs, sometimes under different product names like 'DigiCert Mark Certificates'.

Key considerations

• Compliance with specifications: Brands must ensure their logo and associated information comply with the technical specifications outlined in the BIMI requirements document, especially regarding SVG format and ownership.
• DMARC enforcement: Both CMCs and VMCs require a DMARC policy set to enforcement (quarantine or reject) for the domain. Ensure your DMARC record is properly configured.
• Certification authority details: While general requirements exist, the specific steps and portal for purchasing a CMC may vary by CA and might not be directly available on their public websites, requiring direct contact.