Gmail has officially announced its support for Common Mark Certificates (CMCs), enabling organizations to utilize BIMI (Brand Indicators for Message Identification) in Gmail without requiring a registered trademark. This means businesses that have established use of a logo but haven’t gone through the registered trademark process can now incorporate their brand seamlessly into their email communications.
What is BIMI?
Brand Indicators for Message Identification (BIMI) is an email standard introduced in 2021 that enables businesses to show their brand logo in the avatar slot of the DMARC-authenticated emails they send. BIMI was created to help accelerate DMARC adoption and incentivize implementation, promoting email security by mandating robust authentication and logo verification before displaying avatars. Strong email authentication aids in delivering legitimate mail and identifying and preventing spoofing, while also ensuring senders can leverage their brand credibility and flexibility.
To use BIMI at the highest level of validation, organizations are required to use a Mark Certificate (MC) from an authorized Certificate Authority (CA), which works alongside an organization’s DMARC policy that is required at enforcement (either quarantine or reject). A Mark Certificate can either be a Verified Mark Certificate (VMC) with a registered trademark, Government Mark Certificate (GMC) for government agencies, or now, the newly introduced Common Mark Certificate (CMC) for established brands.
What makes a Common Mark Certificate different?
The Common Mark Certificate (CMC) opens email identification to a wider audience, particularly smaller or early stage organizations without a registered trademark, or who want to use a different logo in email than their primary choice.
Since the introduction of the VMC & GMC, organizations and email service providers have traditionally pushed for those companies and associated email domains not officially recognized with a registered trademark to obtain authorization by the BIMI standards governing body. CMC eliminates this requirement for a registered trademark, which is both a time-consuming process and expensive to acquire. Organizations can now qualify for the CMC by demonstrating historical use of their logo for at least one year, as verified by the Certificate Authority (CA).
Why the Google announcement is a game changer
Enabling thousands of organizations to protect their customer base and enhance brand awareness is a true game changer. With the introduction of CMCs, the adoption of DMARC for improved email security is expected to accelerate significantly. By ensuring that brands achieve proper email authentication, CMCs help businesses establish credibility, build trust, and increase engagement.
From a marketing perspective, CMCs empower brands to strengthen their identity across email campaigns, building a foundation of trust with customers that directly influences buyer behavior. As more inbox providers adopt BIMI, now is the perfect time for organizations to implement the correct email authentication measures with CMCs, unlocking greater visibility and engagement with their audiences.
From a security perspective, implementing BIMI through a CMC and achieving a DMARC policy of ‘p=reject’ helps reduce phishing attacks and email spoofing, ensuring better protection for both brands and customers while mitigating the risk of costly cyber incidents.
