What are the differences between CMC and VMC certificates, including cost and requirements?
Matthew Whittaker
Co-founder & CTO, Suped
Published 28 Jul 2025
Updated 17 Aug 2025
8 min read
For years, achieving brand recognition in email inboxes has been a goal for many businesses. Brand Indicators for Message Identification (BIMI) made this possible by allowing logos to be displayed next to sender information. Initially, this required a Verified Mark Certificate (VMC), a digital certificate that verified trademark ownership.
The VMC process, however, came with significant requirements, particularly the need for a registered trademark and a somewhat complex validation procedure. This created a barrier for many organizations, especially smaller businesses or those with logos that weren't officially trademarked.
More recently, the introduction of the Common Mark Certificate (CMC) by Google for BIMI adoption has provided a more accessible pathway. While both VMC and CMC enable logo display in inboxes, they differ significantly in their requirements, validation processes, and associated costs. Understanding these distinctions is crucial for determining which certificate is the right fit for your brand's email strategy.
Understanding verified mark certificates (VMC)
A Verified Mark Certificate (VMC) serves as a robust digital credential, signifying that your brand's logo is not only authentic but also legally protected by a registered trademark. This is the gold standard for email brand display, offering the highest level of trust and visual authentication for recipients. When an email client supports BIMI and a VMC is in place, your logo appears next to your sender name, often accompanied by a blue verified checkmark. This visual cue reassures recipients that the email genuinely originates from your brand, significantly enhancing trust and reducing the likelihood of phishing attacks.
The primary requirement for a VMC is a globally registered trademark for the logo you intend to display. This means the logo must be actively registered with a recognized intellectual property office, such as the United States Patent and Trademark Office (USPTO) or a similar international body. The validation process for a VMC is rigorous and conducted by a Certificate Authority (CA).
CAs will verify your organization's legal identity, confirm the validity and ownership of your trademark, and ensure your logo meets the technical specifications for BIMI. This meticulous process ensures that only legitimate brands can display their verified logos, providing a strong signal of authenticity to email recipients. Due to these stringent checks, the cost of acquiring a VMC is typically higher, reflecting the extensive verification involved and the premium trust signal it provides. You can learn more about VMC pricing details in our other resources.
Introducing common mark certificates (CMC)
The Common Mark Certificate (CMC) represents a significant step towards broadening BIMI adoption. Unlike VMCs, CMCs enable brands to display their logo in supporting email clients without the mandatory requirement of a registered trademark. This opens up BIMI to a wider array of businesses, including startups, small and medium-sized enterprises (SMEs), and organizations with logos that may be established through common law use rather than formal registration.
While a CMC does not provide the blue verified checkmark seen with VMCs, it still allows your brand's logo to appear in the inbox, offering a valuable visual identifier. This helps recipients quickly recognize your emails and can improve engagement. The validation process for a CMC is less stringent than for a VMC, focusing on verifying that the applicant legally owns and uses the logo in commerce, even without a formal trademark registration.
As CMCs do not require the costly and time-consuming trademark registration process, they are generally more affordable and quicker to obtain than VMCs. This makes them an attractive option for businesses looking to implement BIMI and enhance their email branding without the higher barrier to entry. Currently, Gmail is the primary email client supporting CMCs, though this support is expected to expand over time.
For more information about the advantages of these certificates, refer to our guide on the benefits of using CMC certificates for BIMI logos.
Key differences at a glance
To provide a clearer picture, here's a side-by-side comparison of the key characteristics that differentiate Common Mark Certificates (CMC) and Verified Mark Certificates (VMC). This table highlights the core distinctions that influence a brand's decision in choosing the right certificate for their email authentication and branding goals.
Feature
Common Mark Certificate (CMC)
Verified Mark Certificate (VMC)
Trademark requirement
Not required, validates existing use of a logo in commerce.
Required, logo must be a registered trademark.
Visual indicator
Displays logo only, no blue checkmark.
Displays logo with a blue verified checkmark.
Cost
Generally more affordable. For example, DigiCert CMC costs around 1,100 EUR/year.
Typically higher. For example, DigiCert VMC costs around 1,400 EUR/year.
Accessibility
Easier to obtain for brands without trademarks.
Requires existing trademark, higher barrier to entry.
Validation process
Verifies legal entity and commercial use of logo.
Extensive validation of legal entity and trademark ownership.
Mailbox provider support
Primarily Google Gmail at this time.
Supported by multiple mailbox providers like Gmail and Yahoo Mail.
It is important to note that the costs provided above are indicative and can vary between Certificate Authorities and based on market conditions. For the most up-to-date pricing, it is always best to consult directly with the certificate providers.
The application process and cost considerations
The application process for both CMC and VMC certificates involves working with a Certificate Authority (CA) that is accredited to issue Mark Certificates. For VMCs, this process is significantly more complex and time-consuming, primarily due to the stringent trademark verification requirements. Brands must provide proof of their registered trademark, which often involves legal documentation and a thorough review by the CA to ensure the logo precisely matches the trademarked asset.
In contrast, the CMC application process is designed to be more streamlined. While CAs still perform due diligence to verify the legal entity and ensure the logo is legitimately used in commerce, they do not require a formal trademark registration. This typically translates into a faster and less administratively burdensome application, which is a major advantage for smaller organizations or those who simply do not have a registered trademark.
Important note on availability
It is worth noting that while some Certificate Authorities like DigiCert offer both VMC and CMC, others, such as Entrust, currently do not publicly sell CMCs. This landscape may continue to evolve, so it is always advisable to check directly with accredited BIMI Certificate Authorities for their latest offerings and specific requirements.
When considering the financial aspect, the cost difference between CMCs and VMCs can be substantial. A significant portion of the VMC cost is attributed to the extensive verification of trademark ownership and compliance with the stringent BIMI requirements. CMCs, by bypassing the trademark registration requirement, inherently reduce these associated fees, making them a more budget-friendly option for many businesses looking to implement BIMI to display their logo.
Strategic choice for your brand
Choosing between a VMC and a CMC ultimately depends on your brand's specific circumstances, budget, and strategic goals. If your brand has a globally registered trademark and prioritizes the highest level of visual trust, including the verified blue checkmark, a VMC is the ideal choice. It offers maximum brand protection and recognition across all supporting email clients.
However, if trademark registration is not feasible, either due to cost, time, or the nature of your brand's intellectual property, a CMC provides a valuable and more accessible alternative. It allows you to still leverage the benefits of BIMI for logo display in supporting inboxes, boosting brand visibility and improving email engagement, even without the stringent trademark requirement.
Both certificates contribute to a stronger email authentication posture, complementing other standards like DMARC, SPF, and DKIM. By implementing either a VMC or CMC, you are taking a proactive step in enhancing your email security, protecting your brand from impersonation, and building greater trust with your recipients. To ensure a smooth setup, consider reviewing our guide on how to set up BIMI for your domain.
Views from the trenches
Best practices
Ensure a strong DMARC policy (p=quarantine or p=reject) is in place, as it's a prerequisite for both VMC and CMC.
Prepare all necessary company documentation, including legal registration and proof of logo use, before applying to a CA.
Prioritize securing your email authentication with SPF, DKIM, and DMARC before investing in mark certificates.
Common pitfalls
Expecting a free VMC or CMC. Manual validation means there will always be a cost involved.
Not verifying current support for CMC with your primary mailbox providers, as adoption is still evolving.
Underestimating the complexity and time required for VMC trademark verification, even if trademarked.
Expert tips
Actively monitor the BIMI Group's resources for updates on CMC adoption and evolving standards, as the ecosystem is dynamic.
If budget is a concern or trademarking is not yet complete, start with a CMC to gain logo visibility and then consider upgrading to VMC later.
Directly contact Certificate Authorities' sales teams for the most current information on CMC and VMC availability and pricing, as website information may not be fully up-to-date.
Marketer view
Marketer from Email Geeks says the CMC process is likely much quicker and cheaper if you don't already have trademark or servicemark paperwork. They also mentioned it's currently Gmail-only, though that might change.
2024-09-25 - Email Geeks
Marketer view
Marketer from Email Geeks mentioned they assume the process will involve paying a CA, submitting corporate paperwork, and that CAs likely check websites in-depth. They also noted CAs generally don't want to reject legitimate applicants.
2024-09-25 - Email Geeks
Choosing the right mark certificate
The choice between a CMC and a VMC certificate depends heavily on your brand's unique needs, its trademark status, and budget. While VMCs offer the highest level of verified trust with a visible blue checkmark, requiring a registered trademark, CMCs provide a more accessible pathway to display your brand logo without this prerequisite.
Both certificate types reinforce email authentication and enhance brand visibility, contributing to better deliverability and a stronger defense against phishing. By carefully evaluating your organization's specific situation against the distinct requirements and benefits of each, you can make an informed decision that best supports your email marketing and security objectives.
Gmail is the primary email client supporting CMCs, though this support is expected to expand over time.
DigiCert CMC costs around 1,100 EUR/year.
and Yahoo Mail.
