Common Mark Certificates (CMCs) are now supported by Google, providing a new way for companies to implement BIMI (Brand Indicators for Message Identification) in Gmail and Google Workspace. This will simplify the process of logo display in the inbox and allow businesses without a registered trademark to use BIMI, a critical email security and branding tool. With this change, organizations can bolster brand visibility and trust without the complexities of traditional Verified Mark Certificates (VMCs).
What Is BIMI and Why Is It Important?
BIMI is an email standard that allows businesses to display their logos next to authenticated emails in recipients’ inboxes. BIMI is important because it is more than an aesthetic upgrade; it enhances brand recognition, offers phishing protection, and builds trust between companies and their customers.
To use BIMI, organizations must authenticate their domains via DMARC (Domain-based Message Authentication, Reporting & Conformance). This ensures that only legitimate emails carry the brand’s logo, which helps to filter out phishing attempts and spam.
Previously, implementing BIMI required a VMC, which involves a registered trademark and a considerable investment of time and resources. For many smaller businesses, the BIMI trademark requirement was a barrier to entry. This is where the introduction of CMCs, with digital trust providers like DigiCert, comes into play.
What Are Common Mark Certificates (CMCs)?
Common Mark Certificates (CMCs) offer a simplified alternative to VMCs. With CMC certificates, businesses no longer need a registered trademark to participate in BIMI. Instead, companies can use a logo that has been in public use for at least 12 months. This provides an excellent opportunity for brands to showcase their logos in Gmail without the legal complexities of securing a trademark.
The key requirements for CMCs are:
- DMARC Policy Enforcement: The domain must have a DMARC policy set to p=quarantine or p=reject.
- Logo Use: The logo must be publicly displayed on your company’s website
- Logo Color Consistency: The logo’s colors must be consistent with the logo on your website.
- Historical Use of Logo: The logo must have been publicly displayed on your website for at least 12 months before applying for the CMC. This can be verified using an approved archival source like archive.org.
These requirements make BIMI implementation easier for a wider range of businesses, including those that previously couldn’t participate due to the BIMI trademark hurdle.
Google’s Support for CMC: A Game-Changer for Businesses
Google’s support for CMC certificates in Gmail will enable more organizations to use BIMI’s brand-building and security benefits. Historically, only businesses with VMC-compliant, trademarked logos could display them in Gmail inboxes. Now, with CMC, businesses of all sizes, including startups and small businesses, can adopt BIMI for Gmail without needing a registered trademark.
This change allows email marketers to boost brand visibility directly within Gmail, while IT departments will appreciate the streamlined authentication process.
Google highlighted the importance of DMARC in April 2024 when it introduced mandatory authentication for bulk email senders, which required SPF, DKIM, and DMARC authentication to prevent spoofing and phishing attacks. This restriction resulted in a 65% reduction in unauthenticated messages and 265 billion fewer unauthenticated messages being sent in 2024. By enforcing these changes, Google email security has significantly improved the trustworthiness of emails, particularly for Gmail users, making strong authentication an essential part of email security strategies.
BIMI’s Role in Email Security and Brand Protection
The primary advantage of BIMI is its ability to provide a visual layer of trust for recipients. By ensuring that emails come from legitimate senders and displaying a logo, brands reinforce their credibility. This is crucial in the battle against phishing, the most prevalent type of cyberattack.
BIMI is a significant line of defense for email security. It requires strong email authentication, making it harder for malicious actors to impersonate brands. The logo’s presence in an inbox signals that the email is genuine, allowing users to click with confidence.
VMC vs. CMC: What’s the Difference?
There are three main differences between VMCs and CMCs:
- Registered Trademark: VMC requires a trademarked logo, whereas CMC does not. With CMC, businesses can use logos without going through the lengthy trademark process.
- Verified Checkmark: Gmail displays a blue checkmark next to the logo when using a VMC. CMC, on the other hand, shows the logo but does not include this checkmark.
- Requirements: VMC and CMC require the sender to have an enforced DMARC policy, but CMC removes the trademark requirement, making it more accessible.
Ultimately, for businesses that already have a registered trademark, a VMC may be the better option, especially for the added credibility of the blue checkmark. However, for companies without a trademark, CMC is an ideal solution to access the benefits of BIMI without the legal burden.
Read our Ultimate Guide to Getting a VMC
The Future of Email Authentication and BIMI
Google’s support for CMCs makes BIMI adoption more accessible to small and medium-sized businesses. By lowering the barriers to entry, more companies can leverage the power of logo display in email clients, increasing brand recognition and trust.
Strong email authentication practices like DMARC and BIMI will become even more critical as the email ecosystem evolves. Organizations that invest in these technologies protect their customers from phishing and create more meaningful and trusted interactions.
With Google’s new CMC support, the path to BIMI for small businesses has never been more straightforward. And with partners like DigiCert offering CMC certificates, companies can move quickly to take advantage of this new opportunity.
How EasyDMARC Can Help
At EasyDMARC, we specialize in simplifying your email authentication journey. Our in DMARC and email security means your business can smoothly transition to BIMI while ensuring your domain remains protected. Now is the perfect time to enhance your email security and strengthen your brand’s presence in the inbox with BIMI. Whether you’re a small business or a large organization, EasyDMARC can help you navigate this new requirement and implement the best solution for your needs. Get in touch today for any questions you have on BIMI.
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us