FAQs

Frequently Asked Questions About Mark Certificates

Get answers to common questions about Verified Mark Certificates and Common Mark Certificates. Learn their functionality, requirements, how to start, and how to maintain compliance with BIMI, DMARC, and logo requirements.

Getting Started: Basics of VMC and CMC

What is a Verified Mark Certificate?

A Verified Mark Certificate is a digital certificate issued by a trusted certificate authority (CA) that allows an organization to display its registered trademark logo next to email messages in supporting email clients, using the Brand Indicators for Message Identification (BIMI) standard.

How does a Verified Mark Certificate work to display a brand logo?

A VMC works by linking your verified organizational identity and trademarked logo to your domain. Once the certificate has been issued after validation, it works with email authentication protocols such as DMARC and BIMI. When an email is received, the protocol verifies the originator and recipient using supported email clients like Gmail or Yahoo Mail and displays the registered logo in the inbox to confirm the email is genuine.

What is a Common Mark Certificate (CMC)?

A Common Mark Certificate is a type of digital certificate used in the context of BIMI (Brand Indicators for Message Identification) that allows an organization to display a brand logo in email clients without requiring a registered trademark.

What’s the difference between a VMC and a CMC?

Feature Verified Mark Certificate (VMC) Common Mark Certificate (CMC)
Logo Display in Email Displays your official, trademarked brand logo next to emails Displays just brand logo next to emails
Trademark Requirement Mandatory – must own a registered trademark for your logo Not required – any verified organization can qualify
Brand Recognition Full brand exposure – recipients see your logo + blue tick in Gmail Basic trust indicator – verifies sender authenticity with BIMI logo
Phishing Protection Strong visual brand identity deters impersonation and BEC (Business Email Compromise) Prevents spoofing, but less brand-specific protection
Setup Requirements BIMI + DMARC compliance + trademark verification BIMI + DMARC compliance only + logo active for 1+ year
Impact on Email Marketing Higher open & click-through rates due to recognizable brand visuals Moderate engagement boost – relies on trust symbol rather than logo
Cost & Investment Higher initial cost but long-term brand ROI Lower cost – quick path to verified sender status
Ideal For Established businesses, global brands, enterprises with trademarked logos SMBs, NGOs, startups, or organizations without trademark rights

Why should I use a Mark Certificate – VMC or CMC?

Mark Certificates build trust and visibility. When your logo appears in the inbox, it grabs attention of users and increases open rates and also confirms to recipients that your email is legitimate, while cutting down on phishing risk and brand spoofing.

Logo, Trademark & Eligibility

How can I verify if my logo is a registered trademark?

The simplest method is to find out with your legal or brand team they will tell you whether your logo has been registered with an approved trademark from known trademark offices such as the USPTO or EUIPO. In case you don’t have internal legal assistance, you can do that yourself by checking the WIPO Global Brand Database. If your logo is registered and active with approved authorities, then it qualifies as a legitimate trademark within that country.

Can I get a Mark Certificate without a trademarked logo?

To get a Mark Certificate, your logo has to be a registered trademark from a recognized trademark office like USPTO, EUIPO, or JPO.

In case it is not trademarked, you will first have to file a trademark registration with the appropriate authority and wait for approval before requesting the VMC order. During this time you can implement SPF, DKIM and DMARC as measures of email verification without the VMC.

Which trademark offices are accepted for VMC Certificate?

To qualify for a VMC, your logo must be registered as a trademark with an approved intellectual property office. Currently recognized offices include:

Other trademark offices can be added in future as adoption of BIMI and VMC expands.

Do I require individual VMCs for each distinct logo?

VMC is required for every individual logo, each distinct logo must be associated with a separate VMC. Therefore, if your organization has more than one logo, you will need a separate certificate for each logo.

Can I switch from CMC to VMC later?

Once your logo is officially trademarked, you can upgrade from a CMC to a VMC. You’ll need to go through the logo verification and certificate reissuance process.

Requirements & Technical Setup

What are the requirements to get a VMC?

The following requirements need to be fulfilled to get a Verified Mark Certificate:

  1. A registered trademark logo in SVG Tiny 1.2 (Tiny PS) format.
  2. DMARC policy set to p=quarantine or p=reject on your domain.
  3. A BIMI record that points your logo and VMC certificate to your domain.

If all these requirements are in place, you can buy Verified Mark Certificate and complete DigiCert’s validation process.

What format should the logo be uploaded in?

The logo must be uploaded in SVG Tiny 1.2 (Tiny PS) format for it to be verified.

How long does it typically take to have a VMC (Verified Mark Certificate) issued?

It normally requires 5 to 7 business days to issue a VMC certificate. The faster the following steps are done, the quicker it can be issued:

  1. Domain and organization validation
  2. Trademark checking (because a registered trademark is necessary)
  3. BIMI Alignment of email logo
  4. Faster response to any CA (Certificate Authority) documentation requests

Delays can arise when extra documentation or corrections are required in the process of validation.

Do I need to include all my domains when applying for a Mark Certificate?

No. A Mark Certificate is linked to your registered logo, organization details, and the primary domain used for email authentication (BIMI/DMARC). You only need to include the domain that will display the logo in recipients’ inboxes, not every domain or subdomain you own.

Can a single VMC work for several domains or subdomains?

Every organization is unique in its email and domain structure. If your company has a single email domain and logo, one VMC may be all you need. If you have multiple email domains and a single logo, one VMC may still work. But if you have multiple logos, you’ll need a VMC for each no matter how many email domains you’re using.

What should I do after receiving my VMC or CMC?

After you buy the VMC and send your brand logo, we will send you a PEM file. You have to make sure that the SVG logo and the PEM file are located on a publicly accessible server. Also, change your BIMI record accordingly. Successful implementation requires that the hosted files match the BIMI record.

Email Authentication

What is BIMI? Why is it Important?

BIMI (Brand Indicators for Message Identification) is an email specification that enables organizations to display their verified brand logo alongside authenticated messages in recipients’ inboxes. It works in conjunction with DMARC, SPF, and DKIM and is used along with VMCs. BIMI also contributes to the increased brand recognition and builds trust, as your logo can be only displayed in verified emails.

How does SPF help authenticate senders and prevent spoofing?

SPF is an email authentication protocol which enables the domain user to define which mail servers have permission to send email messages on behalf of the domain user. When a user receives an email, the recipient server looks up the SPF record in your DNS to ensure the IP address of the sending server. It helps reduce spoofing and unauthorized use.

How does DKIM work in email authentication?

DKIM (DomainKeys Identified Mail) is a protocol used to authenticate email messages, it adds a digital signature to the message headers to indicate whether the message has been modified in transit and that the mail is coming from an authorized user. It functions via the signing of outgoing emails with a private key and the publishing of a public key in DNS to allow the recipient servers to verify the signature.

What is DMARC, and Why is it Important?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps prevent others from sending fake emails using your domain. It protects against phishing, spoofing, and other email-based attacks, improving email security and trust with your recipients.

Why is DMARC required for a VMC or CMC?

DMARC is strictly required for VMCs and CMCs because it serves as a foundational security and authentication layer that enables trusted logo. To get a certificate, your domain should have a properly configured DMARC (Domain-based Message Authentication, Reporting, and Conformance) record and a policy of either “p=quarantine” or “p=reject”. It is essential for conforming domain ownership and showcasing brand logo in your supported inboxes.

How much time does it take to get DMARC enforcement?

DMARC enforcement can differ by environment. If the organization has one sending domain, where both SPF and DKIM have already been configured, it is possible to progress the enforcement policy (p=quarantine or p=reject) within days or weeks.

In larger orgs that have multiple domains, subdomains and more third-party senders, it might take months. This is because every legitimate source of emails should be identified, authenticated, and aligned prior to enforcement. Consulting with an expert or trusted provider when working with DMARC can help simplify and prevent delivery issues.

What happens if my domain fails DMARC after VMC is issued?

Your VMC remains valid, but your logo won’t display in supported inboxes until DMARC alignment is restored.

Compatibility, Security, and Maintenance

Which email clients support VMCs or CMC Logos?

VMCs and CMCs work with most email clients that follow the BIMI standard. Email service providers like Cloudmark, La Poste, Apple, Gmail, Yahoo, Fastmail and Zohomail display verified logos.

Is Mark Certificate same as TLS Certificate?

A Mark certificate is not the same as a TLS certificate. A TLS/SSL certificate is used to secure your website and encrypt data during transmission. A Mark Certificate is used for email authentication to verify your brand identity and display the logo in supported email clients via BIMI.

Can I use a VMC for internal emails?

VMC and BIMI are only supported on public-facing email domains and inboxes. Internal systems are not compatible.

Will a VMC improve email deliverability?

VMCs cannot change how mail servers decide whether to accept or reject your messages. But having strong authentication (SPF, DKIM, DMARC) does help. And with a trusted, verified logo, your emails are more likely to be opened and less likely to be flagged as suspicious.

Where should I host my SVG and PEM files?

Host them on a publicly-accessible, secure server using HTTPS. Ensure URLs are permanent, well accessible and match to the locations indicated in your BIMI record.

Validity, Renewal, and Support

What is the validity period of a VMC or CMC Certificate?

DigiCert verified mark and common mark certificates are valid for 397 days, from the day of issuance. We offer multi-year subscription options at discounted prices, these certificates need to be renewed annually to get continuous logo display and compliance with verification requirements.

Can I revoke or cancel my certificate?

If you purchased your VMC or CMC through us, you can request a revocation at any time by reaching out to our support team. Revocations can also occur automatically if the underlying trademark (for VMC) becomes invalid or if persistent email authentication failures are detected. In case you want to reissue, we’ll guide you through the process and help you maintain the compliance requirements.

Who issues VMCs and CMCs?

We are a global distributor issuing Verified Mark Certificates and Common Mark Certificates from leading Certificate Authorities (CAs) like DigiCert, Sectigo & GLobalSign. Anyone can order directly through our site at competitive pricing and get end-to-end assistance from DMARC setup to final BIMI integration without having to navigate CA procedures alone.