Gmail announces Common Mark Certificates (CMCs) support for BIMI adoption

Co-authored in partnership with Entrust.

Gmail has officially announced its support for Common Mark Certificates (CMCs), enabling organizations to utilize BIMI (Brand Indicators for Message Identification) in Gmail without requiring a registered trademark. This means businesses that have established use of a logo but haven’t gone through the registered trademark process can now incorporate their brand seamlessly into their email communications.

What is BIMI?

Brand Indicators for Message Identification (BIMI) is an email standard introduced in 2021 that enables businesses to show their brand logo in the avatar slot of the DMARC-authenticated emails they send. BIMI was created to help accelerate DMARC adoption and incentivize implementation, promoting email security by mandating robust authentication and logo verification before displaying avatars. Strong email authentication aids in delivering legitimate mail and identifying and preventing spoofing, while also ensuring senders can leverage their brand credibility and flexibility.

To use BIMI at the highest level of validation, organizations are required to use a Mark Certificate (MC) from an authorized Certificate Authority (CA), which works alongside an organization’s DMARC policy that is required at enforcement (either quarantine or reject). A Mark Certificate can either be a Verified Mark Certificate (VMC) with a registered trademark, Government Mark Certificate (GMC) for government agencies, or now, the newly introduced Common Mark Certificate (CMC) for established brands.

What makes a Common Mark Certificate different?

The Common Mark Certificate (CMC) opens email identification to a wider audience, particularly smaller or early stage organizations without a registered trademark, or who want to use a different logo in email than their primary choice. 

Since the introduction of the VMC & GMC, organizations and email service providers have traditionally pushed for those companies and associated email domains not officially recognized with a registered trademark to obtain authorization by the BIMI standards governing body. CMC eliminates this requirement for a registered trademark, which is both a time-consuming process and expensive to acquire. Organizations can now qualify for the CMC by demonstrating historical use of their logo for at least one year, as verified by the Certificate Authority (CA).

Why the Google announcement is a game changer

Enabling thousands of organizations to protect their customer base and enhance brand awareness is a true game changer. With the introduction of CMCs, the adoption of DMARC for improved email security is expected to accelerate significantly. By ensuring that brands achieve proper email authentication, CMCs help businesses establish credibility, build trust, and increase engagement.

From a marketing perspective, CMCs empower brands to strengthen their identity across email campaigns, building a foundation of trust with customers that directly influences buyer behavior. As more inbox providers adopt BIMI, now is the perfect time for organizations to implement the correct email authentication measures with CMCs, unlocking greater visibility and engagement with their audiences. From a security perspective, implementing BIMI through a CMC and achieving a DMARC policy of ‘p=reject’ helps reduce phishing attacks and email spoofing, ensuring better protection for both brands and customers while mitigating the risk of costly cyber incidents. 

If you’re looking to get started with CMCs, you can now order directly through Red Sift—get in touch today.

PUBLISHED BY

Red Sift

16 Oct. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DKIM

First look at DKIM2: The next generation of DKIM

Red Sift

In 2011, the original DomainKeys Identified Mail (DKIM1) standard was published. It outlined a method allowing a domain to sign emails, enabling recipients to verify that the email originated from an entity holding a private key that matches the public key published in the domain’s DNS records. Now in 2024, DKIM is ready for…

Read more
Security

Securing our world: For a safer internet

Jack Lilley

October is Cybersecurity Awareness Month, a time for industries to unite in promoting digital security within today’s complex landscape. Bad actors are leveraging increasingly sophisticated methods—such as email phishing and Business Email Compromise (BEC)—to exploit vulnerabilities, impersonate legitimate contacts, and access sensitive information. CISA Director Jen Easterly advises us to “always think before you…

Read more
Cybersecurity

Boosting email security amid recent Coinbase phishing attempts

Jack Lilley

In recent weeks, there have been reports of sophisticated phishing attacks disguised as official communication from the cryptocurrency platform, Coinbase. These phishing emails closely mimic Coinbase’s branding and language to build recipient trust and prompt clicks on malicious links. The subject lines of these emails generally follow a format: the sender’s address starts with…

Read more
Product Release

Red Sift’s Fall 2024 Quarterly Product Release

Francesca Rünger-Field

Building on the momentum of our Summer Release, we’ve taken another big step forward in AI-driven security with our Fall 2024 updates.  Over the last few months, we’ve been focused on developing our skilled up large language model (LLM), Red Sift Radar – now fully integrated with OnDMARC – making it the first LLM…

Read more