What Are Common Mark Certificates? CMCs Explained

Understanding Common Mark Certificates (CMCs) for Email Branding and Security

Email outreach offers a cost-effective path to connecting with customers and building trust. Unfortunately, spam emails and phishing scams leave recipients feeling distrustful, resulting in low open rates, even when emails come from reputable businesses.

Common Mark Certificates (CMCs) are digital certificates that allow organizations to display logos in email inboxes, even without a registered trademark. Logos can offset these concerns, delivering a visual trust indicator and the chance to stand out within packed email inboxes. Major brands use Verified Mark Certificates (VMCs) to display trademarked logos, but CMCs are especially valuable for smaller organizations and non-trademarked brands that want to participate in visual email branding. They provide a practical, accessible path to boosting recipient trust and email engagement.

The relevance of CMCs has grown significantly due to several factors: the rising adoption of Brand Indicators for Message Identification (BIMI), increased phishing threats that erode user trust, and the growing demand for brand authenticity in digital communications. Trusted providers such as Gmail, Apple Mail, and Yahoo now support BIMI. By displaying logos via BIMI, senders formalize their identities, thereby sending a valuable and highly visible trust signal.

Why visual identity in email matters

Today's email boxes are crowded; most people receive dozens or even hundreds of messages per day. They implicitly understand that many of these messages are irrelevant, and that some could even pose security risks.

A visual indicator like a logo adds legitimacy to the email, helping recipients distinguish trusted messages from suspicious or malicious ones. By focusing on branded, recognizable emails, recipients can limit their exposure to phishing schemes. This helps them interact confidently with trusted brands.

CMCs make this branding opportunity more accessible, especially for organizations without registered trademarks, enabling them to display their logo and reinforce visual identity alongside larger, trademarked brands. This levels the playing field and allows smaller businesses to benefit from the same trust signals.

Visual identity also supports strong email security. When recipients see verified logos in their inboxes, they can take confidence in knowing those emails are safe to open — and they can avoid emails that lack visual verification. This helps recipients avoid impersonated emails. In this way, mark certificates provide a critical defense against phishing and spoofing attacks.

What is a Common Mark Certificate?

Common Mark Certificates (CMCs) are specialized digital certificates issued by trusted certificate authorities (CAs) that allow organizations to display their logo alongside outbound emails in supported inboxes. Its primary purpose is to strengthen email authentication and build brand trust.

Operating within the BIMI (Brand Indicators for Message Identification) framework, CMCs enable organizations to display a non-trademarked logo alongside their email messages, so long as DMARC (Domain-based Message Authentication, Reporting & Conformance) policies are in place. They function similarly to Verified Mark Certificates (VMCs), but with one key distinction: CMCs do not require a registered trademark, whereas VMCs do.

Instead, CMCs use CA verifications to confirm that displayed common marks are legitimate and have been in use for at least one year. This makes CMCs a more accessible option, offering a broader opportunity for logo display in BIMI-compatible inboxes.

How do Common Mark Certificates work?

Common Mark Certificates (CMCs) enable organizations to display their verified brand logos in supported email inboxes, without needing a registered trademark. They operate within the BIMI (Brand Indicators for Message Identification) framework to improve trust and visibility in email communications.

By binding a verified logo to a domain — and relying on enforced DMARC policies — CMCs ensure the legitimacy of email senders. These certificates form the critical link between your domain, your logo, and compatible email clients like Gmail.

Core technical requirements

In order for the logo to display in inboxes, your email authentication protocols need to be configured correctly. 

• The Sender Policy Framework (SPF) lists all servers authorized to send emails for your domain. 
• The DomainKeys Identified Mail (DKIM) setting adds a cryptographic signature confirming sender identity and message integrity. 
• A final authentication protocol known as Domain-based Message Authentication, Reporting & Conformance (DMARC) must be set to "quarantine" or "reject" to ensure that spoofed emails do not reach the intended recipient.

Once the email authentication protocols have been established, organizations will publish a BIMI TXT record in DNS. These records should point to logo files, and the files must meet stringent standards for clarity and scalability by using the SVG Tiny PS format.

Logos only qualify if they have been in public use for over twelve months. Once verified, the certificate links the logo to the authenticated domain. Mailbox providers can then display logos within email inboxes when emails are sent from domains that fulfill DMARC requirements.

Issuance and validation

Certificate authorities (CAs) enable CMCs by validating domain ownership. This validation process may involve DNS record verifications along with evidence of a logo's consistent commercial use. With CMCs, the CA does not need to verify legal trademarks. Following validation, the CA can move forward with issuing the certificate, which is then added to the BIMI record.

Logo display in supported inboxes

Mailbox providers such as Gmail check for consistent alignment between BIMI, CMC, and DMARC settings. Once verification steps are fulfilled, and all requirements are met, email platforms can display logos alongside the sender's name in the inbox. This visible trust indicator enhances brand recognition, boosts engagement, and helps reassure recipients that the message is legitimate.

How do CMCs enable logo display without a trademark?

Common Mark Certificates enable BIMI logo display for organizations that don’t hold registered trademarks by validating consistent commercial use of a logo instead. Instead of verifying trademark ownership like a VMC, the certificate authority checks that the logo has been used publicly and continuously by the organization for at least one year. 

This involves reviewing evidence such as website usage, marketing materials, or other official channels to confirm authenticity and brand association. Once this validation is complete, and BIMI and DMARC requirements are met, supported inboxes can display the logo in recipients’ inboxes just like they would for trademarked logos.

Advantages of using a Common Mark Certificate

Common Mark Certificates provide a structured, standards-based path for organizations to participate in BIMI without a registered trademark. They focus on verifying consistent logo use and ensuring alignment with required email authentication protocols. Benefits include:

• Expedited verification processes enable quick deployments.
• Modest price points provide a lower barrier to entry compared to VMCs.
• Reduced risk of your brand being used in a phishing attack. 
• Higher email open rates upon bringing a visible element to email-based brand recognition.
• Accessibility for more brands by removing trademark requirements, opening BIMI logo display to startups, SMBs, and nonprofits.
• A practical bridge to future VMC adoption by building logo visibility and trust in the interim.
• Stronger long-term brand credibility by establishing a verifiable history of consistent logo use.

How to obtain a CMC

Ready to secure branding and cybersecurity advantages through a Common Mark Certificate? Take these simple steps to secure a CMC — and to use it to display verified logos.

1. Implement DMARC policy enforcement. First, configure SPF and DKIM. Next, enforce DMARC policy at p=quarantine or p=reject.
2. Prepare a BIMI-compliant SVG logo file. Create a self-contained SVG logo with no scripts or external records. This should be hosted on a publicly accessible HTTPS URL.
3. Host logo file and publish BIMI DNS record. Enable the BIMI-compliant logo by adding a BIMI TXT record to the domain's DNS. Confirm that the record is properly formatted.
4. Once you have completed steps 1-3, order your CMC through a reputable Certificate Authority. The CA will verify domain ownership and confirm that the logo meets strict BIMI requirements.
5. Add the issued CMC to the BIMI DNS record. Update the DNS to include the CMC. This step delivers proof of verification, confirming that the logo is ready to display.
6. Test logo visibility. Send test emails to confirm that logos display in supported inboxes. Keep in mind that Google blue checkmark feature will not display if using CMCs instead of VMCs.
7. Monitor DMARC compliance. Ensure ongoing logo display by maintaining DMARC compliance. Use monitoring tools to identify and address SPF or DKIM issues.

Who should use a Common Mark Certificate?

Common Mark Certificates offer a viable workaround to Verified Mark Certificates, specifically for organizations that do not yet possess trademarked logos. Through CMCs, organizations can gain the visual branding benefits of VMCs, but without undergoing the process of securing a trademark.

Ideal use cases

Trademarked logos offer many advantages, including exclusive rights via trademark protection. This strengthens branding and may help prevent imitation. Obtaining a trademark can prove expensive and time-consuming, however, and, during the wait for trademark protection, businesses could miss out on email-focused visual branding opportunities.

Businesses may seek CMCs if they have not yet pursued trademark registration. This includes startups, fast-moving digital-first brands, and ecommerce companies that are still building brand equity. CMCs provide the chance to pilot BIMI before proceeding with VMC rollouts. In this way, a CMC acts as a bridge, bringing the advantages of BIMI participation to startups.

Beyond this, resource-constrained nonprofits, community organizations, or regional brands may favor CMCs, especially if they lack the resources required to gain full trademark protection.

Strategic benefits

CMCs can provide a transitional step towards trademark registration and VMC issuance, but some organizations may seek CMCs in lieu of VMCs. This cost-effective solution offers visual branding advantages at a significantly lower price point. Quick to implement, CMCs bypass complex verification processes, with issuance timelines as short as 5–10 business days.

Following a fast and affordable deployment, businesses can use CMCs to improve their brand presence within digital communications. This, in turn, improves confidence among recipients, leading to higher open rates. As brands mature, they can use CMC as a stepping stone to full VMC adoption, driving additional advantages such as Gmail's blue checkmark.

CMC vs. VMC vs. BIMI

While all three, CMC, VMC, and BIMI, are involved in displaying brand logos in email inboxes, they each serve a different role in the process:

• BIMI is the technical protocol that enables inbox logo display by using DNS records and requiring DMARC enforcement.
• VMC is a type of digital certificate used with BIMI that verifies trademark ownership of a logo before it can be displayed.
• CMC is an alternative certificate that also enables BIMI logo display but does not require a registered trademark. Instead, it validates that the logo has been in consistent commercial use and is properly associated with the sending domain.

Together, these components allow businesses to authenticate their email identity and improve visual trust with recipients, but the path you choose depends on whether your logo is trademarked or not.

Sectigo is one of very few certificate authorities currently supporting CMC issuance. We help organizations meet diverse email branding and security needs with Verified Mark Certificates and Common Mark Certificates. Get started today and build lasting inbox credibility with Sectigo. 

Sources:

• https://www.sectigo.com/resource-library/root-causes-529-what-is-a-common-mark-certificate
• https://www.sectigo.com/resource-library/root-causes-98-dmarc-and-verified-mark-certificates-for-email