VMC vs CMC: Which BIMI certificate is right for your brand?
Executive Summary
This guide helps brands choose between VMC (Verified Mark Certificate) and CMC (Common Mark Certificate) for BIMI implementation. Both certificates display your verified logo in recipient inboxes and deliver the same core engagement benefits: 44% increased brand recall, 39% higher open rates, and 32% improved purchase likelihood.
The fundamental difference is the verification method. VMC requires a registered trademark and provides the broadest mailbox coverage including Apple Mail, plus Gmail's blue verification checkmark. CMC requires no trademark, just 12 months of documented logo use, making it accessible to brands without registered marks or those with pending applications.
Key Takeaways
- Choose VMC if you have a registered trademark and need Apple Mail coverage or want Gmail's blue checkmark. It offers maximum reach but higher cost and less logo flexibility.
- Choose CMC if you lack a trademark, need to move quickly, or want lower costs. Gmail and Yahoo support is identical to VMC, and you can upgrade later when your trademark clears.
- The checkmark distinction is often overrated. Engagement lifts come from logo visibility in the inbox list, where both certificates perform identically. The checkmark only appears after opening an email.
- Microsoft Outlook doesn't support BIMI at all, so certificate choice has no impact on Outlook-heavy audiences.
- CMC now, VMC later is a valid strategy. Capture inbox branding immediately with CMC, then upgrade once trademark registration completes.
BIMI increases brand recall by 44%, open rates by 39%, and purchase likelihood by 32%. But before you see those results, you face a decision: VMC or CMC?
Both certificates enable your logo to appear alongside authenticated emails in recipient inboxes. Both require DMARC enforcement as a foundation. Yet they serve different situations, carry different costs, and display your logo in different places.
Our complete BIMI guide covers what BIMI is and why it matters. This guide helps you choose the right certificate for your situation, whether you have a registered trademark, need maximum mailbox coverage, or want the fastest path to inbox branding.
Table of Contents
- Quick refresher: What BIMI certificates do
- The comparison table, expanded
- The decision framework
- The blue checkmark question
- Mailbox provider support: A deep dive
- Implementation requirements: Shared and different
- Can you switch? Holding multiple certificates
- TL;DR What’s the right certificate for you
- FAQs
Quick refresher: What BIMI certificates do
BIMI (Brand Indicators for Message Identification) displays your verified logo in the avatar slot of authenticated emails. The certificate you choose determines how that logo gets verified and where it appears.
Three certificate types exist:
- Verified Mark Certificate (VMC): Requires a registered trademark. Provides the broadest mailbox support and displays a blue verification checkmark in Gmail.
- Common Mark Certificate (CMC): No trademark required. Instead, you need 12 months of documented logo use. Currently supported by Gmail and Yahoo, with more providers expected.
- Government Mark Certificate (GMC): Purpose-built for government agencies and entities, verified through official government records.
For full details on how BIMI works and its business benefits, see our complete BIMI guide.
The comparison table, expanded
Understanding the differences between VMC and CMC is essential for making the right choice. This expanded comparison covers the factors that actually influence your decision.
Feature | VMC (Verified Mark Certificate) | CMC (Common Mark Certificate) |
Purpose | BIMI logo display in Gmail, Yahoo, Apple Mail | BIMI logo display in Gmail and Yahoo |
Trademark required | Yes, registered trademark in approved jurisdiction | No, 12 months of documented public logo use |
Blue checkmark | Yes (purple in Yahoo, blue for Gmail) | No |
Issuing authorities | DigiCert | DigiCert (additional CAs expected) |
Mailbox provider support | Gmail, Yahoo, Apple Mail, Fastmail | Gmail, Yahoo, Fastmail |
Typical cost | Higher (trademark verification overhead) | Lower (streamlined validation) |
Implementation timeline | 7-10 business days after DMARC enforcement | Similar timeframe, potentially faster |
Logo modification flexibility | Limited to registered trademark design | Can rearrange elements, remove up to 49% of design, customize fonts and colors |
Upgrade path | N/A | Can upgrade to VMC when trademark clears |
Verification process | CA verifies trademark with official registry | CA verifies 12-month public use via archive sources |
See if your BIMI ready with our free checker
The decision framework
The comparison table covers feature differences. This section provides a decision framework based on your specific situation.
Your situation determines the right certificate. Work through these scenarios to find your match:
Your situation | Recommend certificate | Reasoning |
Registered trademark + Apple Mail matters to your audience | VMC | Only path to Apple Mail logo display via BIMI |
Registered trademark + Gmail-primary audience | VMC | Blue checkmark adds visible verification signal |
No trademark + established brand logo (12+ months public use) | CMC | Only viable option; upgrade to VMC later if needed |
Trademark application pending (3-6 month timeline) | CMC now → VMC after | Capture inbox branding immediately, upgrade when trademark clears |
Want to use a modified version of your trademarked logo | CMC | 2025 flexibility rules allow element rearrangement and partial removal |
Government entity | GMC | Purpose-built for government use with official verification |
Cost-sensitive + Gmail-focused audience | CMC | Lower cost, still delivers core engagement benefits |
Maximum reach across all supported providers | VMC | Broadest mailbox coverage including Apple Mail |
The trademark question often decides it. If you have a registered trademark and care about Apple Mail users, VMC is the clear choice. If you don't have a trademark (or won't for several months), CMC gets you into the inbox now.
The blue checkmark question
Gmail displays a blue verification checkmark for VMC-authenticated senders. This visual indicator appears when recipients open an email, signaling that the sender's logo has been verified through trademark registration.
CMC does not include this checkmark. Your logo still appears, but without the additional verification badge.
Does it materially impact results?
The engagement data suggests the primary benefit comes from logo visibility itself. The 39% open rate lift and 44% brand recall increase that BIMI delivers stem from your logo appearing in the inbox, something both VMC and CMC accomplish.
The checkmark adds a trust signal for recipients who notice it, but most engagement happens before the email is opened (at the inbox list level, where both certificates display your logo identically in Gmail).
When the checkmark matters most:
- High-value transactional emails where authentication signals reduce friction
- Industries with elevated phishing concerns (financial services, healthcare)
- Audiences with above-average security awareness
When it matters less:
- Marketing and promotional emails where brand recognition drives opens
- Audiences primarily using Yahoo Mail (no checkmark distinction)
- Cost-sensitive implementations where CMC delivers sufficient trust signals
Mailbox provider support: A deep dive
Where your logo appears depends on which certificate you hold and which mailbox providers your audience uses.
Provider | VMC support | CMC support | Notes |
Gmail | Full support + blue checkmark | Full support, no checkmark | Logo appears in inbox list and message view |
Yahoo mail | Full support | Full support | Logo in message list and read view; no checkmark distinction |
Apple Mail (iCloud) | Supported via Apple Business Connect | Not currently supported | Requires additional Apple Business Connect enrollment |
Fastmail | Supported | Supported | Does not require VMC for logo display |
Microsoft Outlook | Not supported | Not supported | No BIMI implementation regardless of certificate type |
Take a deep dive into BIMI with our free guide
What "support" means practically:
Gmail represents the largest consumer inbox with full BIMI implementation. Both VMC and CMC display your logo in the inbox list. The checkmark difference only appears when emails are opened.
Yahoo Mail supports both certificates without distinguishing between them visually. Your logo appears the same way regardless of certificate type.
Apple Mail presents the clearest differentiation. Logo display requires VMC and enrollment in Apple Business Connect. CMC holders won't see their logo in Apple Mail, though emails still authenticate properly.
The Microsoft gap: Outlook doesn't support BIMI, meaning neither certificate affects how your emails appear to Outlook users. For B2B senders with Outlook-heavy audiences, certificate choice has no impact on their largest segment. That said, Gmail, Yahoo, and Apple Mail still cover the majority of consumer inboxes.
Implementation requirements: Shared and different
Both certificates share foundational requirements but differ in how they verify your logo's legitimacy.
Shared prerequisites
Before applying for either certificate, you need:
- DMARC at enforcement: Your domain must have a DMARC policy of p=quarantine or p=reject. A monitoring-only policy (p=none) doesn't qualify.
- Compliant SVG logo: Your logo must be in SVG Tiny PS format, meeting BIMI's technical specifications for dimensions and file structure.
- BIMI DNS record: A TXT record published in your DNS that points to your logo file and certificate.
Red Sift OnDMARC guides organizations to DMARC enforcement in 6-8 weeks on average, establishing the foundation both certificates require.
VMC requirements
- Registered trademark: Your logo must be trademarked in an approved jurisdiction (US, EU, UK, Canada, Japan, Australia, and others).
- Trademark verification: The Certificate Authority verifies your trademark directly with the relevant trademark office or via the WIPO Global Brand Database.
- License verification: If you're not the direct trademark owner, you'll need an authorization letter from the mark owner.
CMC requirements
- 12 months documented use: Your logo must have been publicly displayed for at least 12 months on a website under your control.
- Archive verification: The CA confirms this history via archive.org or equivalent approved sources.
- No conflicting trademark: The CA verifies no other organization has trademarked your logo.
Timeline expectations
Both certificates take approximately 7-10 business days to issue once you apply, assuming DMARC enforcement is already in place. The difference lies in pre-work:
- VMC: Trademark registration can take 3-12 months depending on jurisdiction. If you already have a trademark, you're ready to apply.
- CMC: If your logo has been publicly visible for 12+ months, you're ready now. The archive verification adds minimal time.
Can you switch? Holding multiple certificates
Your certificate choice isn't permanent. Several transition scenarios are common:
Upgrading from CMC to VMC
Once your trademark clears, you can apply for a VMC and update your BIMI DNS record to reference the new certificate. Red Sift OnDMARC streamlines this transition. The workflow guides you through trademark verification, CA coordination, and DNS updates.
This is the most common path: capture BIMI benefits immediately with CMC, then upgrade to VMC for broader coverage and the verification checkmark once trademark registration completes.
Holding both certificates
You can technically possess both a CMC and VMC, but only one certificate can be active for a given sending domain at any time. Your BIMI DNS record references a single certificate. Publishing a CMC-based record replaces VMC display (and removes the Gmail checkmark).
Multiple logos via BIMI selectors
BIMI selectors allow different logos for different mail streams from the same domain. However, mailbox provider support for selectors remains limited. Until selectors see broader adoption, most organizations use a single logo and certificate per domain.
TL;DR What’s the right certificate for you
Both VMC and CMC unlock BIMI's core benefits: the 44% brand recall increase, 39% open rate lift, and 32% purchase likelihood improvement that come from displaying your verified logo in recipient inboxes.
Choose VMC if:
- You have a registered trademark
- Apple Mail coverage matters to your audience
- You want the Gmail verification checkmark
- Maximum mailbox provider reach is a priority
Choose CMC if:
- You don't have a trademark (or it's pending)
- Gmail and Yahoo cover your primary audience
- Cost efficiency matters
- You want flexibility to modify logo elements
- You need inbox branding now and can upgrade later
Red Sift OnDMARC supports both certificate types through an integrated workflow. From DMARC enforcement to certificate application to DNS configuration, the platform handles each step, eliminating the complexity of coordinating between multiple systems and Certificate Authorities.
Ready to get started?
- Check if your domain is BIMI-ready with our free BIMI checker
- Start your free OnDMARC trial to reach DMARC enforcement in 6-8 weeks
- Read our complete BIMI guide for the full overview of how BIMI works
References
[1] Red Sift. "Brand Indicators for Message Identification guide". https://redsift.com/guides/bimi
[2] BIMI Group. "Minimum Security Requirements for Issuance of Mark Certificates, Version 1.7." BIMI Group, 2025. https://bimigroup.org/resources/VMC_Requirements_latest.pdf
[3] Google Workspace Updates. "Gmail allows more senders to protect their brand using BIMI." Google, September 2024. https://workspaceupdates.googleblog.com/2024/09/gmail-additional-bimi-protections.html