BIMI Certificate Help Center
BIMI, VMC & CMC: Frequently Asked Questions
Get clear answers to the practical questions that arise before, during, and after BIMI implementation — from trademark eligibility and DMARC readiness to logo validation and certificate lifecycle.
- Getting Started
- Logo & Trademark
- Requirements & Setup
- Email Authentication
- Compatibility & Security
- Validity & Renewal

Need Help Choosing the Right BIMI Solution?
Not sure which one fits your setup? Check BIMI Eligibility – It’s Free
Getting Started: Basics of VMC and CMC
What is a Verified Mark Certificate?
A Verified Mark Certificate (VMC) is a digital certificate issued by a trusted Certificate Authority (CA) that lets organizations display their registered trademark logo next to emails in supported inboxes, using the BIMI standard. It serves as proof that a brand's email identity has been independently verified.
How does a Verified Mark Certificate work to display a brand logo?
A VMC ties your verified organization identity and trademarked logo to your sending domain. After the CA completes validation, the certificate works alongside DMARC and BIMI to confirm email legitimacy. When a recipient's inbox — Gmail or Yahoo Mail, for example — receives your email, it checks authentication and pulls the verified logo from your BIMI record to display next to the message.
What is a Common Mark Certificate (CMC)?
A Common Mark Certificate (CMC) is an extension of the BIMI standard designed for organizations that do not hold a registered trademark. It allows verified entities to display their brand logo in supported email clients by proving active, long-term use of the logo.
What’s the difference between a VMC and a CMC?
| Feature | Verified Mark Certificate (VMC) | Common Mark Certificate (CMC) |
|---|---|---|
| Logo Display in Email | Displays your official, trademarked brand logo next to emails | Displays brand logo next to emails |
| Trademark Requirement | Mandatory – must own a registered trademark for your logo | Not required – any verified organization can qualify |
| Brand Recognition | Full brand exposure – recipients see your logo + blue tick in Gmail | Basic trust indicator – verifies sender authenticity with BIMI logo |
| Phishing Protection | Strong visual brand identity deters impersonation and BEC | Prevents spoofing, but less brand-specific protection |
| Setup Requirements | BIMI + DMARC compliance + trademark verification | BIMI + DMARC compliance only + logo active for 1+ year |
| Impact on Email Marketing | Higher open & click-through rates due to recognizable brand visuals | Moderate engagement boost – relies on trust symbol rather than logo |
| Cost & Investment | Higher initial cost but long-term brand ROI | Lower cost – quick path to verified sender status |
| Ideal For | Established businesses, global brands, enterprises with trademarked logos | SMBs, NGOs, startups, or organizations without trademark rights |
Why should I use a BIMI Certificate – VMC or CMC?
A BIMI Certificate puts your verified logo in the inbox before a recipient even opens your email. This builds immediate trust, increases open rates, and reduces the risk of your domain being impersonated. For any organization sending authenticated email, it's the most visible signal that the message is genuinely from you. See BIMI Certificate options — VMC and CMC
Logo, Trademark & Eligibility
How can I verify if my logo is a registered trademark?
Check with your legal or brand team first — they'll confirm whether your logo is registered with an approved authority such as the USPTO or EUIPO. If you don't have internal support, search the WIPO Global Brand Database directly. An active registration with a recognized trademark office is what qualifies your logo for VMC issuance.
Can I get a BIMI Certificate without a trademarked logo?
Yes. You can get a BIMI Certificate without a registered trademark by choosing a Common Mark Certificate (CMC). Instead of trademark registration, a CMC requires proof that your logo has been actively used for at least 12 consecutive months. Your domain must also have DMARC set to p=quarantine or p=reject before a CMC can be issued.
Which trademark offices are accepted for VMC?
VMC eligibility requires trademark registration with one of 17 recognized intellectual property offices. These include the USPTO (United States), EUIPO (European Union), UKIPO (United Kingdom), CIPO (Canada), IP Australia, IP India, JPO (Japan), and others. See the full list of accepted trademark offices
Do I require individual VMCs for each distinct logo?
Yes. Each VMC is issued for one specific trademarked logo. If your organization uses more than one logo, each requires its own certificate. The same applies if you rebrand — a new or modified logo would need a new VMC.
Can I switch from CMC to VMC later?
Once your logo is officially trademarked, you can upgrade from a CMC to a VMC. You’ll need to go through the logo verification and certificate reissuance process.
Requirements & Technical Setup
What are the requirements to get a VMC?
Three things must be in place before a VMC can be issued:
- A registered trademark logo in SVG Tiny PS (SVG Tiny 1.2) format
- A DMARC policy set to p=quarantine or p=reject
- A published BIMI DNS record pointing to your logo and certificate
If all these requirements are in place, you can buy Verified Mark Certificate and complete the CA’s validation process.
What format should the logo be uploaded in?
Your logo must be in SVG Tiny PS format (SVG Tiny 1.2 with Tiny PS constraints). Standard SVG files are not accepted. The format is required by the BIMI specification to ensure consistent rendering across all supported email clients.
How long does it typically take to have a VMC issued?
It normally requires 5 to 7 business days to issue a VMC certificate. The faster the following steps are done, the quicker it can be issued:
- Domain and organization validation
- Trademark checking (because a registered trademark is necessary)
- BIMI Alignment of email logo
- Faster response to any CA (Certificate Authority) documentation requests
Delays can arise when extra documentation or corrections are required in the process of validation.
Do I need to include all my domains when applying for a BIMI Certificate?
No. You only need to include the domain actively used for sending authenticated email — the one where your BIMI and DMARC records are configured. You don't need to list every domain or subdomain your organization owns.
Can a single VMC work for several domains or subdomains?
It depends on your setup. If you send email from one domain with one logo, a single VMC is sufficient. Multiple email domains using the same logo may require separate certificates depending on how each domain's BIMI record is configured. Subdomains don't automatically inherit BIMI settings from a parent domain.
What should I do after receiving my VMC or CMC?
Once your certificate is issued, you'll receive a PEM file. You must host both the SVG logo and the PEM file are located on a publicly accessible server. Also, change your BIMI record accordingly. Successful implementation requires that the hosted files match the BIMI record.
Email Authentication
What is BIMI? Why is it Important?
BIMI (Brand Indicators for Message Identification) is an email standard that lets organizations display a verified brand logo in recipients' inboxes alongside authenticated messages. It sits on top of DMARC, SPF, and DKIM, and requires a VMC or CMC to activate logo display in most major mailbox providers. BIMI turns email authentication into something recipients can actually.
Can I use a VMC or CMC certificate without BIMI?
Both VMC and CMC require BIMI to function. BIMI provides the DNS-based mechanism for logo display, while the certificate validates logo ownership. Without BIMI, email providers will not display your logo.
Is BIMI required by Google?
BIMI isn't mandatory, but it is required if you want your brand logo to appear in Gmail. Google also requires DMARC enforcement and a valid VMC or CMC certificate. Meeting all three conditions is what triggers logo display in Gmail inboxes.
How does SPF help authenticate senders and prevent spoofing?
SPF (Sender Policy Framework) lets you define which mail servers are authorized to send email on behalf of your domain. When a receiving server checks an incoming email, it looks up your SPF record in DNS and verifies whether the sending IP is on the approved list. Unauthorized senders fail the check, which helps prevent domain spoofing.
How does DKIM work in email authentication?
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails. When a recipient's server receives the message, it retrieves your public key from DNS and uses it to verify the signature — confirming the email came from an authorized source and wasn't modified in transit. DKIM works alongside SPF and DMARC as part of a complete authentication setup.
What is DMARC, and why is it Important?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that tells receiving servers what to do when an email fails SPF or DKIM checks. It prevents unauthorized senders from using your domain, protects against phishing and spoofing, and is a prerequisite for both VMC and CMC certificates.
Why is DMARC required for a VMC or CMC?
DMARC is strictly required for VMCs and CMCs because it serves as a foundational security and authentication layer that enables trusted logo. To get a certificate, your domain should have a properly configured DMARC (Domain-based Message Authentication, Reporting, and Conformance) record and a policy of either “p=quarantine” or “p=reject”. It is essential for conforming domain ownership and showcasing brand logo in your supported inboxes.
How long does it take to get DMARC enforcement?
For organizations with a single sending domain and existing SPF and DKIM setup, moving to p=quarantine or p=reject can take a few days to a few weeks. Larger organizations with multiple domains, subdomains, and third-party senders may take several months — every legitimate email source needs to be identified and authenticated before enforcement is safe to apply. Working with a DMARC specialist can significantly shorten that timeline.
What happens if my domain fails DMARC after a VMC is issued?
Your VMC certificate remains valid, but your logo will stop appearing in supported inboxes until DMARC alignment is restored. The certificate itself isn't revoked — it's a live authentication failure causing the display to drop. Fix the DMARC issue and logo display resumes.
Compatibility, Security, and Maintenance
Which email clients support VMC or CMC Logos?
VMC and CMC certificates enable BIMI logo display in Gmail, Yahoo Mail, Apple Mail, Fastmail, Zoho Mail, La Poste, and other BIMI-supporting providers. Microsoft 365 (Outlook) does not currently support BIMI for inbound display.
Is a BIMI Certificate the same as a TLS certificate?
No. A TLS/SSL certificate secures your website by encrypting data in transit between a browser and server. A BIMI Certificate (VMC or CMC) is an email identity certificate — it verifies your brand and enables logo display in recipients' inboxes via BIMI. They serve entirely different purposes.
Can I use a VMC for internal emails?
No. VMC and BIMI operate on public-facing email infrastructure. Internal mail systems — corporate intranets, private mail servers — are not supported environments for BIMI logo display.
Will a VMC improve email deliverability?
A VMC itself doesn't influence whether a mail server accepts or rejects your messages — deliverability is driven by your SPF, DKIM, and DMARC configuration. What a VMC does is increase recipient trust and open rates by displaying a verified logo in the inbox, which reduces the likelihood of your emails being ignored or reported.
Where should I host my SVG and PEM files?
Host them on a publicly-accessible, secure server using HTTPS. Ensure URLs are permanent, well accessible and match to the locations indicated in your BIMI record.
Validity, Renewal, and Support
What is the validity period for a VMC or CMC Certificate?
VMC and CMC certificates are valid for 1 year from the date of issuance. Annual renewal is required to maintain uninterrupted logo display and stay compliant with CA validation requirements. Multi-year subscription plans are available at discounted rates.
Can I revoke or cancel my certificate?
If you purchased your VMC or CMC through us, you can request a revocation at any time by reaching out to our support team. Revocations can also occur automatically if the underlying trademark (for VMC) becomes invalid or if persistent email authentication failures are detected. In case you want to reissue, we’ll guide you through the process and help you maintain the compliance requirements.
Who issues VMCs and CMCs?
VMCcerts is a direct channel partner of DigiCert, GlobalSign, and Sectigo — the CAs authorized to issue VMC and CMC certificates. Ordering through VMCcerts gives you direct CA-tier pricing with end-to-end support from DMARC setup through final BIMI deployment, without navigating CA processes on your own.
How do VMC and CMC certificate renewals work?
VMC and CMC renewals require validation checks before a new certificate can be issued. Requirements vary depending on certificate type, trademark status, and certificate authority policies. Starting the renewal process before expiry avoids any gap in logo display.