Gmail announces Common Mark Certificates (CMCs) support for BIMI adoption

Co-authored in partnership with Entrust.

Gmail has officially announced its support for Common Mark Certificates (CMCs), enabling organizations to utilize BIMI (Brand Indicators for Message Identification) in Gmail without requiring a registered trademark. This means businesses that have established use of a logo but haven’t gone through the registered trademark process can now incorporate their brand seamlessly into their email communications.

What is BIMI?

Brand Indicators for Message Identification (BIMI) is an email standard introduced in 2021 that enables businesses to show their brand logo in the avatar slot of the DMARC-authenticated emails they send. BIMI was created to help accelerate DMARC adoption and incentivize implementation, promoting email security by mandating robust authentication and logo verification before displaying avatars. Strong email authentication aids in delivering legitimate mail and identifying and preventing spoofing, while also ensuring senders can leverage their brand credibility and flexibility.

To use BIMI at the highest level of validation, organizations are required to use a Mark Certificate (MC) from an authorized Certificate Authority (CA), which works alongside an organization’s DMARC policy that is required at enforcement (either quarantine or reject). A Mark Certificate can either be a Verified Mark Certificate (VMC) with a registered trademark, Government Mark Certificate (GMC) for government agencies, or now, the newly introduced Common Mark Certificate (CMC) for established brands.

What makes a Common Mark Certificate different?

The Common Mark Certificate (CMC) opens email identification to a wider audience, particularly smaller or early stage organizations without a registered trademark, or who want to use a different logo in email than their primary choice. 

Since the introduction of the VMC & GMC, organizations and email service providers have traditionally pushed for those companies and associated email domains not officially recognized with a registered trademark to obtain authorization by the BIMI standards governing body. CMC eliminates this requirement for a registered trademark, which is both a time-consuming process and expensive to acquire. Organizations can now qualify for the CMC by demonstrating historical use of their logo for at least one year, as verified by the Certificate Authority (CA).

Why the Google announcement is a game changer

Enabling thousands of organizations to protect their customer base and enhance brand awareness is a true game changer. With the introduction of CMCs, the adoption of DMARC for improved email security is expected to accelerate significantly. By ensuring that brands achieve proper email authentication, CMCs help businesses establish credibility, build trust, and increase engagement.

From a marketing perspective, CMCs empower brands to strengthen their identity across email campaigns, building a foundation of trust with customers that directly influences buyer behavior. As more inbox providers adopt BIMI, now is the perfect time for organizations to implement the correct email authentication measures with CMCs, unlocking greater visibility and engagement with their audiences. From a security perspective, implementing BIMI through a CMC and achieving a DMARC policy of ‘p=reject’ helps reduce phishing attacks and email spoofing, ensuring better protection for both brands and customers while mitigating the risk of costly cyber incidents. 

If you’re looking to get started with CMCs, you can now order directly through Red Sift—get in touch today.

PUBLISHED BY

Jack Lilley

16 Oct. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
BIMI

VMC and CMC: What are the new requirements?

Jack Lilley

Executive Summary: Staying updated on Verified Mark Certificates (VMCs) and Certified Mark Certificates (CMCs) is crucial for organizations aiming to authenticate their logos and enhance brand trust in email communications. Discover the key changes in the latest security requirements and compare the differences between VMCs and CMCs.​ This article: Introduction Verified Mark Certificates (VMCs) and…

Read more
BEC

The future of email security: Innovations, challenges, and the role of DMARC

Jack Lilley

Executive summary: Email remains a critical tool for business and personal communication, but it is also a primary target for cyber threats such as phishing, spoofing, and Business Email Compromise. As attackers become more sophisticated, organizations must adopt advanced security measures like DMARC and stay informed about emerging authentication protocols. Industry collaboration and proactive…

Read more
Aviation

Why implementing DMARC is essential for Aviation

Jack Lilley

If you’re in aviation and still haven’t locked down your email security, you’re taking a serious risk. Cyberattacks on airlines, airports, and aerospace companies are up 131% in just one year. Phishing and Business Email Compromise (BEC) scams are hammering the industry, costing millions, causing chaos, and damaging customer trust. Attackers aren’t just targeting…

Read more
News

Red Sift Brand Trust joins Cisco portfolio to extend domain and brand…

Francesca Rünger-Field

Many organizations have implemented email authentication and hardened their owned domains against abuse. But a more exposed and less controlled surface remains: the brand. With the ease and efficiency of AI tools, brand impersonation has become a successful tactic for bypassing technical controls and targeting users directly. While email authentication protocols like DMARC can…

Read more