Email does more than deliver messages. It carries our brand identity in a heavily crowded inbox these days. Yet, even a carefully crafted email could feel anonymous, as it fails to grab trust or recognition instantly.
Addressing this critical challenge, the AuthIndicators Working Group introduced the Common Mark Certificate (CMC). This makes email branding simple and easily accessible for any scale of business.
This detailed article will explore CMC’s function, affordability and the actionable steps. You can leverage this for a greater impact in your email marketing.
What Is a Common Mark Certificate (CMC)?
A Common Mark Certificate (CMC) is a type of digital certificate that validates the association between an organization and its logo using cryptographic methods. The purpose of CMC is to enable the display of an authenticated brand logo in the inbox for supported email providers.
CMC is a type of mark certificate under the BIMI (Brand Indicators for Message Identification) standard. This standard is built upon an email authentication protocol known as DMARC (Domain-based Message Authentication, Reporting, and Conformance). A combination of both serves as foundational security to protect from email phishing attacks.
One major advantage of CMC is that it does not require a registered trademark, unlike the Verified Mark Certificate (VMC). It was the deliberate goal of the BIMI Group to keep CMC accessible to brands of all sizes. Also, major Certificate Authorities (CA) issuers like DigiCert and Sectigo support CMC.
How the CMC Certificate Works in Practice
Implementing CMC involves multiple steps, including security practices, identity validation and DNS configuration. Here is a step-by-step process of the CMC workflow.
Step 1. Validation and Identity Verification
This process is similar to Organization Validation (OV) checks for the SSL certificates.
- Legal Existence: To confirm the legal name and recognition of the entity in its jurisdiction.
- Physical Existence: A verifiable physical location of the business.
- Operational Existence: To confirm operations, proven by a history or active bank account.
- Applicant Identity: The identity of the individual requesting the CMC gets verified. It is often done via a secure video call or a notarized document.
Step 2. Logo Requirements: SVG Tiny P/S
The file containing the logo should adhere to specific standards to avoid malicious elements. BIMI has also released free tools to create compliant files.
- Format: The logo must be in a specific SVG Tiny Portable/Secure (SVG P/S) format.
- Specifications: It must be square, have a solid background, and without any transparency.
- Size: It should be 32 KB or less in file size and contain no animation or scripts.
- Hosting: The final SVG file is hosted on a publicly accessible web server that uses HTTPS.
Step 3. BIMI Record: DNS TXT Entry
Publish a BIMI Assertion Record to link the logo and certificate with the domain using a DNS TXT entry.
default._bimi.<yourdomain.com>
This record will contain three key tags:
- v=BIMI1 Required BIMI version tag and value format.
- l= Public HTTPS URL pointing to the SVG logo file.
- a= Public HTTPS URL pointing to the CMC file in the (.pem) extension.
Step 4. DMARC Enforcement: Security Prerequisite
The sender’s domain must have strict DMARC (Domain-based Message Authentication, Reporting & Conformance) implemented at an enforcement level. DMARC ensures that the domain is free from impersonation or phishing.
- DMARC policy should be set to either p=quarantine or p=reject.
- Policy of p=none is insufficient.
This is to ensure only legitimately sent, authenticated emails are eligible for logo display.
Step 5. Outcome: Verified Logo Displayed
When a user sends an email, the receiver’s email server performs these checks:
- DMARC: It authenticates the email to pass the enforcement level.
- DNS Lookup: Retrieves the BIMI TXT record, including the URLs for the SVG logo and the CMC.
- Verification: Validates that the CMC is valid and issued by a trusted CA.
If these checks are successful, then the email client displays the brand logo next to the sender’s name.
Why Common Mark Certificate Is Affordable
CMC is more affordable than its counterpart, the Verified Mark Certificate (VMC), since it removes the need for a legally registered trademark. Legal registration of a trademark is expensive and time-consuming, particularly for small companies.
The VMC process gets delayed since it requires a lengthy 12–18 months for trademark approval. Bypassing this significant legal and financial hurdle, CMC is more accessible and faster.
It relies on a simple evidence-based requirement that the logo has been in public use. Certificate Authorities can thereby quickly verify the logo. This faster turnaround levels the playing field, critical for small or time-sensitive organizations.
Practical Benefits of the Common Mark Certificate
The real strength of a Common Mark Certificate lies in its balance of branding, security and accessibility. It doesn’t force companies to go through the long and costly process of securing a trademark before they can display their logo in emails. That alone makes it practical for small and mid-sized businesses that want faster results.
Another advantage is speed. Because CMCs rely on proof of prior logo use instead of trademark paperwork, the certificate can be issued much more quickly. This means marketing teams don’t have to wait months to start showing a verified logo in inboxes.
CMC also delivers measurable returns. Displaying a trusted logo helps emails stand out, raising open rates and brand recall. Research has shown higher engagement can translate into stronger sales.
And the benefit isn’t just visual. With DMARC enforcement required for CMC, organizations also strengthen their email security. That stops phishing attempts from slipping through and reassures recipients that the message really comes from the brand.
Taken together, these advantages make CMC a practical choice: it’s affordable, fast to deploy, boosts marketing results and reinforces security without the legal burden of a trademark.
Who Should Use CMC Certificates
A Common Mark Certificate is a good fit if your organization:
- Doesn’t have a registered trademark but still wants branded emails
- Is a small or mid-sized business looking for affordable email branding
- Runs frequent marketing or customer communication campaigns
- Wants faster logo display without waiting for lengthy trademark approvals
- Operates in industries where brand recognition drives engagement (e-commerce, SaaS, fintech, healthcare, etc.)
Final Note
Beyond accessibility, the usage of CMC represents a strategic shift in the email ecosystem. It transforms visual branding features into a reward of security, increased sales, trust and engagement. While the core function remains to display the logo in the email inbox, the unique features of this lie in why and how it achieves this. So this creates distinct advantages worth considering for any organization.
