Authenticate Your Brand in Every Inbox with a BIMI Certificate
A Verified Mark Certificate (VMC) is a digital certificate issued by DigiCert that authenticates your organization’s registered trademark logo, enabling it to display next to your sender name in Gmail, Yahoo Mail, Apple Mail, and other BIMI-supported inboxes.
Combined with a DMARC enforcement policy, a VMC gives every email you send an instant visual trust signal, including the Gmail blue authenticated checkmark, a feature available exclusively to VMC holders. For organizations without a registered trademark, the DigiCert Common Mark Certificate (CMC) offers the same BIMI logo display without the trademark requirement.
VMC & BIMI Certificate Pricing
DigiCert Verified Mark Certificate (VMC)
DigiCert Common Mark Certificate (CMC)
What Is a BIMI Certificate (VMC)?
A Verified Mark Certificate (VMC) is a special type of digital certificate that proves your organization owns and is authorized to display a specific trademarked logo in email inboxes. VMCs are issued by a Mark Verifying Authority (MVA), a digital trust provider that has received formal accreditation under the BIMI standard. DigiCert was the first provider in the world to earn that accreditation, and remains one of the few MVAs recognized by every major BIMI-supporting inbox provider.
When an email is received, the inbox provider checks your DMARC record, your BIMI DNS TXT record, and your VMC to confirm the brand logo is legitimate. If all checks pass, your logo appears next to your sender name, even before the recipient opens the email. For VMCs specifically, Gmail also displays a blue authenticated checkmark, a trust signal not available with any other certificate type, including CMCs.
VMCs require your logo to be a legally registered trademark with a recognized intellectual property office such as the USPTO, EUIPO, or WIPO. This trademark requirement is what differentiates a VMC from a Common Mark Certificate (CMC), and what makes the Gmail blue authenticated checkmark available to VMC holders only.
VMCs are available to both private organizations and government agencies. Government marks granted by statute or regulation, such as official government seals, qualify in place of a registered trademark, making a VMC accessible to government entities that have not completed commercial trademark registration. Government agencies seeking BIMI logo display for their official seal should select the VMC; the Common Mark Certificate does not cover government seals.
VMC or CMC — Which Certificate Do You Need?
The choice between a Verified Mark Certificate (VMC) and a Common Mark Certificate (CMC) comes down to one question: Is your logo a registered trademark?
The single functional difference is that VMCs unlock the Gmail blue authenticated checkmark; CMCs do not. Both certificates display your logo in BIMI-supporting inboxes, and both require DMARC enforcement, DKIM, SPF, and an SVG Tiny P/S logo file. The key distinctions are trademark status and the Gmail checkmark.
Choose a VMC if:
- Your logo is registered with a recognized IP office (USPTO, EUIPO, WIPO, or another recognized jurisdiction)
- You want the Gmail blue authenticated checkmark next to your sender name
- You represent a large or established brand that has completed trademark registration
- You are a government agency displaying an official government seal
Choose a CMC if:
- Your logo is not yet trademarked, but has been in documented prior use for 12+ months
- You want to display your logo in BIMI-supporting inboxes without the trademark process
- You are an SMB or startup moving toward BIMI compliance now, while trademark registration is pending
Google announced support for Common Mark Certificates in September 2024, extending BIMI logo display to organizations without a registered trademark for the first time. This makes BIMI more accessible to growing brands that previously could not meet VMC requirements.
Both VMC and CMC certificates are issued by DigiCert and carry a maximum validity period of 397 days, identical to TLS/SSL certificates. You can purchase either as a multi-year subscription to lock in a lower annual rate.
Why DigiCert? The First MVA Accredited for VMC Issuance
Not all digital trust providers can issue Verified Mark Certificates. VMCs are only valid when issued by a Mark Verifying Authority (MVA), an entity formally accredited under the BIMI standard maintained by the AuthIndicators Working Group (BIMI Group). DigiCert was the first MVA in the world to receive that accreditation, and their VMCs are recognized by every major email provider that supports BIMI: Gmail, Yahoo Mail, Apple Mail, Fastmail, Zoho Mail, and more.
DigiCert’s validation team conducts EV-level identity verification for both VMC and CMC issuance, including trademark confirmation with recognized IP offices and identity verification via video call or notarized ID, the same rigorous process used for Extended Validation (EV) SSL certificates.
Buying your DigiCert VMC or CMC through SSL Dragon gives you the same genuine DigiCert certificate at a competitive price point, with the same DigiCert validation process and issuance quality.
How BIMI Certificates Work
When a recipient’s email server receives your message, it:
- Checks your SPF and DKIM authentication
- Verifies your DMARC policy is set to “quarantine” or “reject”
- Reads your BIMI DNS TXT record
- Retrieves your SVG logo file from the specified HTTPS URL
- Validates your Mark Certificate (PEM file) via the a= tag in your BIMI record to confirm logo ownership
- Displays your verified brand logo, and, for VMC holders, the Gmail blue authenticated checkmark, in the inbox
Once issued, DigiCert delivers your certificate as a PEM file, which you host at a public HTTPS URL and reference in the a= tag of your BIMI DNS TXT record. Without a valid Mark Certificate in that record, most inbox providers, including Gmail, will not display your logo, even if your BIMI record is otherwise correctly configured.
With the rise of phishing and email spoofing, VMCs and CMCs provide a visual indicator that your emails are legitimate, boosting customer confidence and brand consistency across all BIMI-participating mailbox providers: Gmail, Yahoo Mail, Apple Mail, Fastmail, Zoho Mail, and other BIMI-participating inbox providers.
5 Powerful Reasons to Get a Mark Certificate Today
Boost Your Brand’s Visibility
When recipients receive your emails, they will see your verified logo instead of a default initial or blank space, making your emails stand out in crowded inboxes. Studies show that VMC certificates can increase email open rates by 10% or more.
Enhance Email Security & Prevent Phishing
With a CMC or VMC certificate, your logo will only appear if the email is authenticated through the DMARC (Domain-based Message Authentication, Reporting, and Conformance) protocol. This helps prevent phishing attacks and ensures only authorized emails are sent under your domain.
Gain Customer Trust with Verification
A blue checkmark (for VMCs) or a validated logo (for CMCs) signals to your recipients that your email is legitimate, secure, and not a scam.
Improve Email Deliverability
By enforcing DMARC policies (quarantine or reject), your emails are less likely to be marked as spam, ensuring better email deliverability rates.
Future-Proof Your Email Marketing
Google, Apple, Yahoo, and other major email providers are increasingly supporting BIMI (Brand Indicators for Message Identification), the protocol that powers VMCs and CMCs. Early adopters gain a competitive advantage by adopting this technology now.
How Verified Mark Certificates and CMCs Work
Your business applies for a VMC or CMC certificate
DigiCert verifies your domain and logo ownership
For VMCs, DigiCert checks if your logo is trademarked
For CMCs, DigiCert ensures your logo has been in prior use
Once validated, your Mark Certificate is issued
You upload your Mark Certificate and logo to your BIMI DNS record
Your verified logo appears in Gmail, Apple Mail, and other supported inboxes
Do You Qualify? Requirements for VMCs and CMCs
Verified Mark Certificates Requirements
- Trademarked logo registered with a recognized intellectual property office (USPTO, EUIPO, WIPO, and other recognized jurisdictions), or a government seal granted by statute or regulation
- DMARC policy enforced with p=quarantine or p=reject (applied to 100% of email traffic at the organizational domain level)
- SPF and DKIM email authentication properly configured
- Logo in SVG Tiny P/S (SVG Tiny 1.2) format, see SVG format specifications in the FAQ below
- Organization validation equivalent to EV SSL verification, including identity verification via video call or notarized ID, and trademark confirmation
- Logo hosted at a public HTTPS URL
- BIMI DNS TXT record configured on your domain
Common Mark Certificates Requirements
- Logo in documented prior use for at least 12 months (no trademark registration required)
- DMARC policy enforced with p=quarantine or p=reject at the organizational domain level
- SPF and DKIM email authentication properly configured
- Logo in SVG Tiny P/S (SVG Tiny 1.2) format
- Organization validation to verify business identity, including identity verification via video call or notarized ID
- Logo hosted at a public HTTPS URL
- BIMI DNS TXT record configured on your domain
Step-by-Step: Get Your Mark Certificate Set Up
Check if your domain is DMARC-compliant. If not, set up SPF, DKIM, and DMARC
Determine if you need a VMC or a CMC. If you don’t have a trademarked logo, go with CMC
Gather your business documents. Similar to EV SSL validation
Purchase your Mark Certificate from SSL Dragon
Submit your logo and pass validation with DigiCert
Set up your BIMI record and install the certificate
VIDEO
No More Generic Initials. It’s Time to Take Back the Inbox
Learn how a VMC helps you increase user trust, expand your brand visibility, improve customer experience, and amplify engagement.
Frequently Asked Questions
BIMI (Brand Indicators for Message Identification) is an email authentication standard that allows organizations to display their logo in recipients’ inboxes. Mark Certificates (VMC or CMC) are required to prove you legally own the logo you want to display. BIMI won’t work without proper email authentication (SPF, DKIM, DMARC) and a valid Mark Certificate.
Copy Link
A DigiCert Verified Mark Certificate through SSL Dragon starts at $1,249/year for a 1-year term, dropping to $1,049/year on a 3-year subscription. A DigiCert Common Mark Certificate starts at $949/year (1 year) or $799/year (3 years).
Compared to buying directly from DigiCert, purchasing through an authorized partner like SSL Dragon offers competitive pricing on the same genuine certificate with the same DigiCert validation and issuance.
One VMC is required per unique logo and per unique base domain. If your organization sends email from multiple domains using the same trademarked logo, you’ll need a separate VMC for each domain. Both VMC and CMC certificates have a maximum validity period of 397 days, identical to TLS/SSL certificates. You can buy VMC as multi-year subscriptions to lock in a lower annual rate.
Copy Link
- VMC: 7–14 days (due to trademark verification).
- CMC: 5–10 days (prior use verification).
Copy Link
Yes. DMARC enforcement is mandatory for both VMCs and CMCs before a certificate can be issued. Your domain’s DMARC policy must be set to p=quarantine or p=reject with pct=100 (applied to 100% of email traffic). A p=none policy does not qualify. DMARC must also be configured at the organizational domain level, not just a subdomain. If you’re unsure whether your domain is DMARC-compliant, tools like Valimail’s domain checker can confirm your current status.
Copy Link
No, VMCs require a trademarked logo or a qualifying government seal. If you don’t have either, the CMC is the alternative.
Copy Link
The validation process is similar to EV SSL certificates and includes:
- Verification of business registration documents
- Confirmation of legal entity status
- Identity verification via video call or notarized ID
- Domain ownership verification
- For VMC: Trademark verification with recognized IP offices (USPTO, EUIPO, WIPO)
- For CMC: Proof of logo use for 12+ months
The entire process typically takes 7-14 days for VMC or 5-10 days for CMC.
Copy Link
BIMI and Verified Mark Certificates are supported by all major email clients. The following inbox providers currently display logos for senders with a valid VMC or CMC and BIMI record:
- Gmail — displays logo + blue authenticated checkmark (VMC only for blue checkmark)
- Yahoo Mail — displays logo for authenticated senders
- Apple Mail — displays logo for authenticated senders
- Fastmail — displays logo for authenticated senders
- Zoho Mail — requires VMC for logo display
- La Poste — BIMI-participating provider
- au.com — BIMI-participating provider
The list of participating providers continues to grow as BIMI adoption increases. Gmail’s requirement for a VMC to show the blue checkmark has been a key driver of VMC adoption among enterprise senders.
Copy Link
Your logo must be in SVG Tiny PS (SVG Tiny 1.2 Portable/Secure) format with:
- Square aspect ratio (e.g., 600×600 pixels)
- File size under 24KB
- Solid background color
- No external links, scripts, or embedded fonts
- Centered logo within the square
You may need a designer or SVG conversion tool to meet these BIMI specifications.
Copy Link
A Verified Mark Certificate (VMC) requires a registered trademark (or qualifying government seal) and enables the Gmail blue authenticated checkmark in addition to logo display. A Common Mark Certificate (CMC) does not require a registered trademark; your logo must only be in documented prior use for 12+ months, but it does not unlock the Gmail blue checkmark. Both certificates require DMARC enforcement, DKIM, and SPF, and both display your logo in BIMI-supporting inboxes.
Copy Link
These are email authentication protocols that work together:
- SPF (Sender Policy Framework): Specifies which mail servers can send emails from your domain
- DKIM (DomainKeys Identified Mail): Adds a digital signature to verify emails haven’t been tampered with
- DMARC (Domain-based Message Authentication, Reporting & Conformance): Enforces policies on how to handle emails that fail SPF or DKIM checks
All three are required for BIMI and Mark Certificates to function.
Copy Link
You need one VMC per unique base domain and one VMC per unique logo. If you send an email from three domains (example.com, example.net, example.co.uk) using the same trademarked logo, you need three VMCs. If you use two different logos across two domains, you also need two VMCs. Sub-brands or seasonal logo variants may require separate certificates depending on your BIMI configuration.
Copy Link
DigiCert was the first digital trust provider ever accredited under the BIMI standard and is recognized by every major email client that supports BIMI. Their validation process follows Extended Validation (EV) standards, giving your VMC the highest level of identity assurance. DigiCert VMCs are supported by Gmail, Yahoo Mail, Apple Mail, Fastmail, Zoho Mail, and more.
Copy Link
