The DMARC Foundation: How Close Are We to Universal Coverage?
BIMI requires DMARC at enforcement – meaning p=quarantine or p=reject with no partial percentage rollout. This is the first gate most brands fail.
As of early 2026, 7.2 million domains publish a DMARC record – but publishing a record is not the same as enforcing one. A significant portion remain at p=none, which provides reporting visibility but no protection and does not qualify a domain for BIMI.
Valimail Reports
The practical implication: the addressable BIMI market – domains that have DMARC at enforcement – is approximately 3 million as of early 2026. VMC and CMC adoption exist within that pool. The gap between 3 million eligible domains and actual BIMI adoption is enormous, which means competitive advantage for brands that move now.
Which Industries Are Closest to BIMI-Ready?
BIMI adoption is not evenly distributed. Some industries adopted early because DMARC enforcement was driven by regulation. Others are only now reaching the enforcement threshold that makes BIMI possible.
Valimail 2026 State of DMARC Report
High DMARC enforcement does not automatically translate to high VMC adoption. It is the necessary first step, not the full journey. Financial services lead enforcement primarily because regulators in major markets – FCA, SEC, DORA – explicitly reference DMARC in email security guidance. Enforcement was a compliance decision before it was a branding decision.
The VMC adoption gap within these high-enforcement industries is significant. A bank can have DMARC at p=reject for three years and still have no BIMI record, because no one connected the authentication infrastructure to the brand team.
Where Does Your Brand Stand in BIMI Adoption?
See how your domain compares — and what’s missing.
CMC vs VMC: Market Expansion, Not Cannibalization
September 2024 was a significant moment for the BIMI ecosystem. Gmail announced support for Common Mark Certificates – meaning brands without a registered trademark could, for the first time, display their logo in Gmail inboxes.
The concern in the market was straightforward: would CMC reduce VMC adoption by offering an easier path? The data says no.
VMCcerts deployment data + CA published figures
| VMC (Verified Mark Certificate) | CMC (Common Mark Certificate) |
|---|---|
| Steady growth VMC adoption continued growing at pre-CMC rate. Organizations with registered trademarks chose VMC for the Gmail blue checkmark benefit. No measurable cannibalization. | New market entrants CMC adoption came primarily from SMBs and organizations without existing trademarks — a segment that was blocked from VMC entirely before September 2024. |
| Average deal size VMC customers tend to be larger brands in regulated industries. Average domain count per customer is higher. | Faster time to go-live CMC validation completes in 3–5 days. This speed advantage attracts time-sensitive launches. |
The correct frame is not “VMC vs CMC” but “BIMI adoption with certificate vs without.” CMC brought previously excluded brands into the ecosystem, growing the total addressable market for verified email branding. VMC retained its position as the premium option – the only route to the Gmail blue checkmark.
BIMI Record Errors: Why is My BIMI Logo Not Showing?
53.6% of all active BIMI records contain a configuration error that prevents logo display. This is the most practically important number in this report.
The errors are not random. They cluster into identifiable categories, and the distribution reveals a clear pattern: most failures are not DNS errors or logo format errors — they are certificate errors.
URIports BIMI analysis, 2025
| Error type | Frequency | Severity | What it means |
|---|---|---|---|
| Expired Certificate | 31% | Critical | VMC/CMC has expired or failed validation. Logo stops displaying without warning. |
| Certificate URL unreachable | 24% | Critical | Certificate file is missing or served over HTTP instead of HTTPS. |
| DMARC not at enforcement | 18% | Critical | DMARC must be p=quarantine or p=reject for your logo to display. |
| SVG logo format non-compliant | 14% | Blocking | Logo doesn’t meet SVG Tiny PS standard. Common causes: transparency, external links. |
| BIMI record syntax error | 9% | Blocking | A typo, wrong tag order, or broken URL in your BIMI record. |
| Logo URL unreachable | 4% | Fixable | Logo file URL is returning an error — moved, renamed, or server issue. |
SVG non-compliance is the single most common error – affecting more than one in four BIMI-enabled domains – yet it receives the least attention in most implementation guides. Certificate issues collectively follow close behind, and critically, these are maintenance failures not setup failures. The organization successfully implemented BIMI at some point. Then something expired or moved, and the logo silently stopped showing.
VMC Certificate Market Share by Certificate Authority
Five Certificate Authorities currently issue BIMI-compliant mark certificates: DigiCert, Entrust (through Sectigo since acquisition), GlobalSign, Sectigo, and other providers. Market share is not evenly distributed.
Note: Entrust’s share dropped significantly following Apple’s distrust of Entrust roots in late 2024. Many Entrust VMC holders have since migrated to DigiCert or Sectigo.
DigiCert’s dominant position reflects its first-mover advantage — it was the first CA to issue VMCs, in 2020. It built the largest validation team and documentation base, and its relationship with large enterprise customers (97 of the top 100 global banks) gives it structural advantages in the VMC market.
Sectigo’s position is growing. As the most price-competitive option, it attracts SMBs and brands entering BIMI for the first time. Its acquisition of Entrust’s public certificate business in 2024 added further market share.
Get Your VMC Certificate from a Trusted Certificate Authority
Issued through DigiCert, Sectigo, and GlobalSign — the most trusted CAs in the VMC market.
Regional VMC Adoption in 2026
VMC adoption is not globally uniform. It follows the distribution of both trademark registration activity and DMARC enforcement culture.
VMCcerts deployment data, 2026
North America’s dominance reflects the USPTO’s role as the world’s most active trademark office, the US financial regulator’s explicit DMARC guidance, and early adoption by US-headquartered technology companies. Europe’s share reflects strong DMARC enforcement in Germany and the UK, where NCSC guidance has driven enterprise adoption.
Asia-Pacific adoption is growing from a low base. Japan’s IP office (JPO) is on the recognized list for VMC. China’s CNIPA was added in 2025. As more regional trademark offices join the recognized list, APAC adoption will accelerate.
What to Expect in 2026 and 2027
What This Means for Your Brand
The numbers tell a consistent story: BIMI adoption is growing, but it is concentrated in the brands that moved earliest and those with the strongest compliance infrastructure. The gap between “eligible to have BIMI” (4.5M domains) and “actually having BIMI working correctly” is still large.
For organizations that have not yet implemented VMC or CMC, this is a competitive advantage window. The brands in your industry that have a verified logo in Gmail are being perceived as more trustworthy by your shared customers. That gap will close as awareness grows — which is exactly when it becomes table stakes rather than differentiation.
For organizations that have BIMI deployed, the error data is the priority. If your certificate has expired silently, your logo is not showing and you may not know it. Check your domain status here