top of page
Search

VMC vs CMC: Understanding the New Trust Certificates for Brands

You’ve likely encountered the terms VMC and CMC in your email authentication journey. Both are intimately tied to BIMI (Brand Indicators for Message Identification) — the standard that enables brands to display their logos in email inboxes. But they differ in validation, accessibility, and trust signals.


This article dives into the nuances of these two certificate types, what each brings to your brand’s inbox identity, and how to decide which is right for you.


ree

1. What are VMC and CMC?




Verified Mark Certificate (VMC)



A VMC is a certificate issued to brands whose logo is a registered trademark. It establishes that your logo is legally yours and that your organisation is who it claims to be. Many inbox providers require a VMC (or equivalent) for your logo to appear alongside your emails under the BIMI framework.

With a proper VMC, Gmail can display a blue checkmark next to your logo, reinforcing your authenticity. 



Common Mark Certificate (CMC)



A CMC is a more accessible alternative introduced to broaden BIMI adoption. It doesn’t require a registered trademark. Instead, it usually demands that your logo has been in public use for at least 12 months. With CMC, you can show your logo in many inboxes, though you sacrifice some of the heightened signals (like the blue checkmark on Gmail) tied to VMC. 


Google began to officially support CMCs in October 2024, allowing brands without trademarked logos to participate in BIMI. 



2. Key Differences: Validation, Visibility & Trust


Feature

VMC

CMC

Trademark requirement

Yes (logo must be registered/trademarked) 

No. Requires proof of prior use (at least 12 months) 

Blue checkmark in Gmail

Yes, when using VMC 

No — you get the logo, but not the Gmail verification badge 

Logo flexibility / modifications

Strict: the logo must match exactly the registered version 

Permits minor modifications for display / “logo fit” 

Ease / speed of issuance

Slower, more demanding (legal & trademark checks)

Faster and more accessible to many brands without onerous trademark steps 

Trust signal strength

Higher — trademark + visual indicator adds weight

Good, but lacks badge / explicit trust mark in some inboxes

Inbox provider support

Broad support, especially for Gmail & providers using blue-check logic 

Some inboxes support; Google’s move to accept CMC broadens support 

Because of these differences, brands with strong legal and IP infrastructure may prefer VMC for maximum trust and signal. Meanwhile, CMC opens the door for many others to adopt BIMI sooner.



. Why the introduction of CMC matters (and why now)



For many years, BIMI implementation was gatekept by the requirement of a VMC — which meant that brands without registered trademarks were excluded from displaying logos. This reinforced a barrier to entry for smaller companies or those with partial trademark portfolios. 


Google’s adoption of CMCs changed the landscape. Now, brands that have used their logo publicly for at least 12 months can qualify, provided they meet authentication standards. This shift democratizes access to BIMI, bringing more visibility and trust signals to a broader set of senders. 


From a marketing standpoint, that’s huge: more brands can now put the logo stamp of authenticity in inboxes — without waiting for the lengthy trademark process.




4. What changes when you adopt VMC or CMC?




Enhanced Brand Visibility & Credibility



Even without the blue checkmark, simply having your logo appear next to your email increases brand salience. Recipients see “this is from your company” before they even glance at the subject line.



Better Deliverability & Reputation



Because getting a VMC or CMC requires fully enforced DMARC, robust SPF/DKIM, and correct domain alignment, brands adopting them typically improve their email authentication posture. That leads to fewer spam blocks and better placement in primary inboxes. 



Anti-Phishing Signal



A verified visual logo serves as a defensive barrier. Phishers and spoofers cannot display your logo unless they satisfy strict verification. So users become conditioned to trust emails that do display your logo, and distrust those that don’t.



Legal & IP Assurance



With a VMC, because it requires a trademark, you add a layer of legal proof of brand ownership. Even with CMC, the prior-use requirement + domain control helps protect your visual identity. 



Signal for Innovation



Adopting BIMI (via VMC or CMC) marks you as a brand that adopts new trust technologies early — a signal to clients, competitors, and regulators that you prioritise both branding and security.




5. Case use, data & market context



  • Gmail’s CMC adoption: In October 2024, Gmail officially announced that it would support CMC-based BIMI display, enabling brands without trademarked logos to participate. This was a pivotal moment in expanding inclusivity for BIMI. 

  • DigiCert’s Mark Certificates: DigiCert now offers both VMC and CMC options, marketing CMC as a way to display logos without mandatory trademark registration. 

  • Adoption growth: According to The SSL Store, domain-level BIMI adoption increased 53.45% between September 2023 and September 2024, showing accelerating interest in these trust marks. 

  • Cost difference: In 2025, a typical VMC via SSL2Buy is listed around $1,099.67/year, while a CMC is listed at $810.67. That gap reflects the additional legal and validation burden required for VMC. 

  • Logo recognition precedence: The SSL Store cites an email marketing insight: 3 in 5 email recipients say brand recognition is a top factor in deciding whether to open an email — making that logo space even more precious. 



While real-world comparative studies (e.g., “brand X with VMC vs brand Y with CMC”) are still limited (this is early tech), the guiding logic is strong: every authenticated visual signal helps.




6. How to choose between VMC and CMC: roadmap



  1. Assess your trademark status

    If your logo is already a registered trademark in your jurisdiction, VMC is fully available — and gives you stronger trust signals.

    If not, consider whether you can or want to go through trademark registration.

  2. Evaluate timeline and cost

    VMC involves legal checks, brand audits, and potentially higher fees. CMC offers a faster route without those burdens.

    In many cases, CMC is an ideal entry path to BIMI.

  3. Consider target audiences & inbox behaviour

    If your audience primarily uses Gmail or platforms that recognize the checkmark, VMC may provide added visual trust. But for many inboxes, the logo itself is strong enough.

  4. Plan for upgrade paths

    Nothing prevents you from starting with CMC and migrating to VMC later once your trademark is settled. Many certificate providers allow that progression. 

  5. Ensure technical foundation first

    Neither certificate works unless SPF, DKIM, DMARC are properly implemented and aligned. Fix those first — then certificate choice becomes strategic, not tactical.





7. Conclusion: Aligning brand, security & growth



The emergence of CMC represents a watershed moment in email branding. It lowers the barrier to entry so more organisations can benefit from the visual trust that BIMI brings. For marketing teams, it opens new creative space inside the inbox. For domain / IP / security teams, it creates incentive to raise authentication standards.


VMC remains the gold standard, especially for brands with trademarked logos and advanced brand protection needs. But CMC bridges the gap and accelerates adoption — allowing more brands to anchor their identity visually within email.


At Bimimi.io, we assist brands through both paths — managing trademark validation, domain setup, certificate issuance, and inbox support — so your logo can shine where it matters most: your customers’ inboxes, fully verified.


 
 
 

Comments

bottom of page