- BIMI now supports two certificate types: the Verified Mark Certificate (VMC), which requires a registered trademark, and the Common Mark Certificate (CMC), which Gmail began accepting in late 2024 and does not require a trademark.
- Only a VMC produces the Gmail blue verified checkmark. A CMC displays your logo but without the checkmark, which is a meaningful trust-signal difference.
- Certificate pricing in 2026 ranges roughly from $749 to $1,688 per year depending on the certificate authority and type, with CMCs generally cheaper than VMCs.
- Both certificate types require DMARC at enforcement (p=quarantine or p=reject), a trademark or 12-month prior-use proof, and a logo in the specific SVG Tiny P/S format that standard design tools do not export.
- Microsoft does not support BIMI as of 2026, Apple Mail requires a VMC (CMC is not accepted), and Yahoo displays logos even without any certificate, so your certificate choice depends heavily on which mailbox providers your audience uses.
BIMI (Brand Indicators for Message Identification) lets your brand logo appear next to your emails in supported inboxes. For years, displaying that logo in Gmail required a Verified Mark Certificate, which in turn required a registered trademark, which put BIMI out of reach for many smaller senders. That changed in late 2024 when Gmail began accepting Common Mark Certificates, a lower-barrier alternative that does not require a trademark.
The result is that senders now face a genuine decision: VMC or CMC? The two certificates cost different amounts, require different proof, display differently in the inbox, and are supported by different mailbox providers. Choosing wrong means either overpaying for assurance you do not need or buying a certificate that does not display where your audience actually reads email.
This guide is the complete decision framework. It covers what each certificate proves, what each costs, where each displays, and how to decide which one fits your brand. It assumes you already understand BIMI fundamentals; if you need the basics of BIMI DNS setup first, start with the foundational concepts before making the certificate decision.
Why BIMI Needs a Certificate at All
BIMI on its own is just a DNS record pointing to a logo file. Without verification, anyone could publish a BIMI record pointing to Coca-Cola's logo and display it next to their phishing emails. The certificate exists to prevent exactly this: it cryptographically binds the right to display a specific logo to a verified organizational identity.
When a mailbox provider sees your BIMI record, it does not just fetch the logo and display it. It also fetches the certificate referenced in your BIMI record, validates that the certificate was issued by a trusted authority, and confirms the certificate authorizes your domain to display that specific logo. Only then does the logo appear.
This is why BIMI requires DMARC at enforcement as a prerequisite. The entire trust chain depends on the email being verifiably from your domain. A logo next to an unauthenticated email would defeat the purpose, so providers require p=quarantine or p=reject before they will display any BIMI logo at all.
The Verified Mark Certificate (VMC)
The VMC is the original BIMI certificate and remains the gold standard. It requires a registered trademark for your logo, which means the logo must be filed and approved with an accepted trademark office (USPTO in the United States, EUIPO in the European Union, and a specific list of others).
What a VMC Gets You
- The Gmail blue checkmark. Only a VMC produces the verified checkmark badge next to your logo in Gmail. This is the strongest visual trust signal available in the inbox.
- Apple Mail support. Apple Mail displays BIMI logos only with a VMC. CMC is not accepted by Apple.
- Broad provider coverage. Gmail, Yahoo, Apple Mail, Fastmail, and other BIMI-supporting providers all honor VMCs.
VMC Requirements
To obtain a VMC, you need:
- A registered trademark for the logo, filed with an accepted trademark office.
- The logo in SVG Tiny Portable/Secure (SVG P/S) format.
- DMARC at enforcement (p=quarantine or p=reject) on the sending domain.
- Properly configured SPF or DKIM with alignment.
- Organizational verification by the certificate authority (similar to an Extended Validation SSL process).
The trademark requirement is the biggest barrier. Trademark registration takes months to years and costs money independent of the certificate. If you already hold a registered trademark for your logo, a VMC is straightforward. If you do not, the trademark process is a multi-month prerequisite before you can even apply.
Trademark office matters: Not all trademark offices are accepted for VMC issuance. Your trademark must be registered with an office on the accepted list. A trademark from a non-accepted jurisdiction will pass the certificate authority's validation but Gmail may not display your logo. Always verify your trademark office is on the current accepted list before starting the VMC process.
The Common Mark Certificate (CMC)
Gmail introduced CMC support in late 2024 to broaden BIMI adoption. A CMC does not require a registered trademark. Instead, it requires proof that your logo has been in public use, verified through web archive history.
What a CMC Gets You
- Logo display in Gmail, Yahoo, and Fastmail. Your logo appears next to your emails in these providers.
- No trademark required. This is the key advantage. Brands without a registered trademark can still display a BIMI logo.
- Lower cost. CMCs skip the trademark validation step, which makes them cheaper than VMCs.
CMC Limitations
- No Gmail blue checkmark. A CMC displays your logo but does not produce the verified checkmark badge. The checkmark is VMC-exclusive.
- No Apple Mail support. Apple Mail requires a VMC and does not display CMC-backed logos.
- Prior-use proof requirement. You must demonstrate the logo has been publicly displayed on your domain for at least 12 months, verified through archive.org history.
The prior-use proof is harder than it sounds. The certificate authority verifies that your logo appeared on your public website continuously for the required period, typically by checking archived snapshots. A logo that was only recently added, or a domain that was not consistently archived, can fail this check even if you have genuinely used the logo for years.
VMC vs CMC: Side-by-Side
| Aspect | VMC | CMC |
|---|---|---|
| Trademark required | Yes | No |
| Alternative proof | N/A | 12-month public-use history |
| Gmail logo display | Yes | Yes |
| Gmail blue checkmark | Yes | No |
| Apple Mail support | Yes | No |
| Yahoo support | Yes | Yes |
| Typical annual cost | $1,000-$1,688 | $650-$999 |
| Time to issue | 2-8 weeks (plus trademark time) | 2-6 weeks |
The Real Cost Picture
Certificate authority pricing for BIMI certificates is often opaque, with several CAs pushing buyers into a sales process rather than publishing rates. Based on publicly available reseller pricing in 2026, the general ranges are:
- VMC: roughly $749 to $1,688 per year. Sectigo tends to be at the lower end through resellers; DigiCert and Entrust are typically around $1,499 and up.
- CMC: roughly $650 to $999 per year, reflecting the absence of trademark validation work.
These are per-certificate, per-year costs, and the multi-domain math adds up fast. Each sending domain needs its own certificate, and each unique logo variant needs its own certificate. A company with five sending domains and two logo variants could need up to ten certificates. Multi-year plans often offer savings over annual renewal, and some CAs allow Subject Alternative Names (SANs) to cover multiple subdomains under one certificate if they share the same logo.
Before buying any certificate, consolidate your sending domains. Many organizations send from more sending domains and subdomains than they need. Reducing from five sending subdomains to two before purchasing BIMI certificates can cut your certificate costs by 60% and simplifies ongoing certificate management. Audit your actual sending footprint with a DMARC checker first.
The SVG Tiny P/S Format Trap
Both certificate types require your logo in SVG Tiny Portable/Secure (SVG Tiny P/S) format. This is not the same as a standard SVG, and it catches nearly every design team off guard.
SVG Tiny P/S is a restricted profile of SVG with specific requirements: it must be a square aspect ratio, must have a solid background color (no transparency), must not include external references, scripts, or animation, and must include specific metadata elements. A logo exported as a standard SVG from Illustrator, Figma, or Sketch will not validate as SVG Tiny P/S without conversion.
The conversion process typically involves stripping disallowed elements, adding required metadata, ensuring the square viewBox, and validating against the BIMI Group's requirements. Budget time and possibly external help for this step; many BIMI deployments stall here because the logo file fails validation repeatedly.
Provider Support Determines Your Choice
The single most important factor in the VMC vs CMC decision is which mailbox providers your audience uses, because the certificate types are supported differently.
Gmail
Gmail supports both VMC and CMC. With a VMC, your logo displays with the blue verified checkmark. With a CMC, your logo displays without the checkmark. If a large share of your audience is on Gmail and the checkmark matters to your brand trust strategy, lean VMC. If you just want the logo and the checkmark is not critical, CMC is sufficient and cheaper.
Apple Mail
Apple Mail requires a VMC. A CMC will not display your logo in Apple Mail at all. If a significant portion of your audience reads email in Apple Mail (common for B2C brands with iPhone-heavy demographics), you need a VMC to reach them with a logo.
Yahoo
Yahoo is the most permissive. It displays BIMI logos even in self-declared mode without any certificate at all. If your audience is primarily Yahoo, you may not need a certificate to display a logo, though a certificate adds assurance.
Microsoft
Microsoft does not support BIMI as of 2026 across Outlook.com, Hotmail, or Microsoft 365. There is no certificate that will display your logo in Microsoft inboxes. If your audience is predominantly Microsoft, BIMI provides no inbox display benefit regardless of which certificate you buy, though the underlying DMARC enforcement requirement still benefits your deliverability and security.
The Decision Framework
Putting it together, here is how to decide:
- Do you have a registered trademark for your logo? If yes, VMC is straightforward and gets you the full feature set. If no, you either pursue trademark registration (months of lead time) or choose CMC.
- Does a meaningful share of your audience use Apple Mail? If yes, you need a VMC because Apple does not support CMC. If no, CMC may suffice.
- Does the Gmail blue checkmark matter to your brand? If the verified checkmark is a meaningful trust differentiator for you (financial services, healthcare, high-value B2C), invest in a VMC. If you just want logo presence, CMC delivers that in Gmail and Yahoo.
- What is your budget across all sending domains? If certificate cost across multiple domains is a constraint, CMC reduces the per-certificate cost and may make broader BIMI deployment feasible.
The common outcome: large enterprises with trademarks and Apple-heavy audiences buy VMCs; smaller brands and those without trademarks adopt CMCs to get logo presence in Gmail and Yahoo at lower cost and lower barrier.
Prerequisite reminder: Neither certificate displays anything until your DMARC policy is at p=quarantine or p=reject. If you are still at p=none, getting to DMARC enforcement is the real first step and often the longest part of the timeline. The certificate is the last mile, not the first.
Frequently Asked Questions
A VMC (Verified Mark Certificate) requires a registered trademark and produces the Gmail blue verified checkmark plus Apple Mail support. A CMC (Common Mark Certificate) does not require a trademark, only 12 months of public logo use, but it does not produce the checkmark and is not supported by Apple Mail. Both display your logo in Gmail and Yahoo.
You need a trademark only for a VMC. Since Gmail began accepting CMCs in late 2024, you can display a BIMI logo in Gmail and Yahoo without a trademark by obtaining a CMC, which instead requires proof your logo has been publicly used for at least 12 months. However, the Gmail blue checkmark and Apple Mail display still require a VMC with a trademark.
In 2026, VMCs typically cost between $749 and $1,688 per year depending on the certificate authority, and CMCs generally run a few hundred dollars less because they skip trademark validation. Each sending domain and each unique logo needs its own certificate, so multi-domain deployments multiply the cost. Multi-year plans often offer savings over annual renewal.
No. As of 2026, Microsoft does not support BIMI across Outlook.com, Hotmail, or Microsoft 365. No certificate will display your logo in Microsoft inboxes. If your audience is predominantly on Microsoft, BIMI provides no logo display benefit, though the DMARC enforcement it requires still improves your deliverability and protects against spoofing.
This almost always means a certificate problem. Yahoo displays BIMI logos in self-declared mode without any certificate, but Gmail requires a valid VMC or CMC. If your logo appears in Yahoo but not Gmail, your DNS record and logo file are likely correct, and the issue is a missing, invalid, or improperly referenced certificate. Verify the certificate is valid and correctly linked in your BIMI record.