Gmail announces Common Mark Certificates (CMCs) support for BIMI adoption

Co-authored in partnership with Entrust.

Gmail has officially announced its support for Common Mark Certificates (CMCs), enabling organizations to utilize BIMI (Brand Indicators for Message Identification) in Gmail without requiring a registered trademark. This means businesses that have established use of a logo but haven’t gone through the registered trademark process can now incorporate their brand seamlessly into their email communications.

What is BIMI?

Brand Indicators for Message Identification (BIMI) is an email standard introduced in 2021 that enables businesses to show their brand logo in the avatar slot of the DMARC-authenticated emails they send. BIMI was created to help accelerate DMARC adoption and incentivize implementation, promoting email security by mandating robust authentication and logo verification before displaying avatars. Strong email authentication aids in delivering legitimate mail and identifying and preventing spoofing, while also ensuring senders can leverage their brand credibility and flexibility.

To use BIMI at the highest level of validation, organizations are required to use a Mark Certificate (MC) from an authorized Certificate Authority (CA), which works alongside an organization’s DMARC policy that is required at enforcement (either quarantine or reject). A Mark Certificate can either be a Verified Mark Certificate (VMC) with a registered trademark, Government Mark Certificate (GMC) for government agencies, or now, the newly introduced Common Mark Certificate (CMC) for established brands.

What makes a Common Mark Certificate different?

The Common Mark Certificate (CMC) opens email identification to a wider audience, particularly smaller or early stage organizations without a registered trademark, or who want to use a different logo in email than their primary choice. 

Since the introduction of the VMC & GMC, organizations and email service providers have traditionally pushed for those companies and associated email domains not officially recognized with a registered trademark to obtain authorization by the BIMI standards governing body. CMC eliminates this requirement for a registered trademark, which is both a time-consuming process and expensive to acquire. Organizations can now qualify for the CMC by demonstrating historical use of their logo for at least one year, as verified by the Certificate Authority (CA).

Why the Google announcement is a game changer

Enabling thousands of organizations to protect their customer base and enhance brand awareness is a true game changer. With the introduction of CMCs, the adoption of DMARC for improved email security is expected to accelerate significantly. By ensuring that brands achieve proper email authentication, CMCs help businesses establish credibility, build trust, and increase engagement.

From a marketing perspective, CMCs empower brands to strengthen their identity across email campaigns, building a foundation of trust with customers that directly influences buyer behavior. As more inbox providers adopt BIMI, now is the perfect time for organizations to implement the correct email authentication measures with CMCs, unlocking greater visibility and engagement with their audiences. From a security perspective, implementing BIMI through a CMC and achieving a DMARC policy of ‘p=reject’ helps reduce phishing attacks and email spoofing, ensuring better protection for both brands and customers while mitigating the risk of costly cyber incidents. 

If you’re looking to get started with CMCs, you can now order directly through Red Sift—get in touch today.

PUBLISHED BY

Red Sift

16 Oct. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more
DMARC

The Mail Check deadline has passed: Is your organisation at risk? 

Jack Lilley

The National Cyber Security Centre (NCSC) proposed changes to Mail Check services came into effect on 24 March 2025, including the ending of DMARC aggregate reporting. Organisations who are yet to comply must now seek an alternative provider or risk exposure to harmful cybersecurity incidents. This change comes as a measure to expand the…

Read more
Awards

Red Sift named a Top 50 company in 2025 Emerging Stars Awards

Jack Lilley

We’re pleased to share that Red Sift has been named Best Performing Company – Security & Infrastructure in the 2025 Emerging Stars Awards. These awards, part of the Megabuyte100 series, recognise the UK’s 50 best-performing scale-up technology companies based on solid financial performance, from over 800 entries.  Being recognised in this category reflects the…

Read more