What’s the difference between CMC and VMC certification?

RSS Feed

Common Mark Certificates (CMC) and Verified Mark Certificates (VMC) both enable brand logos in email inboxes via BIMI, boosting trust, security, and deliverability. The key difference? VMCs require trademark validation and show a blue checkmark in Gmail, while CMCs are faster and more affordable but have limited support. Learn which option fits your email security and branding goals.

By Sectigo Team, Delivering Digital Trust

August 28, 20258 min read

What is a VMC?
What is a CMC?
Key differences between CMC and VMC
BIMI, email authentication, and certificate compatibility
Which certificate is right for your domain?
How to get a VMC certificate
How to get a CMC certificate
Why email authentication matters for cybersecurity and brand trust
Get started with VMC or CMC certificates through Sectigo

Brand logos shape digital trust. These simple but powerful images are instantly recognizable. Increasingly, they're being integrated into email communication to help recipients identify legitimate senders at a glance.

This visual branding is made possible through digital certificates that support the Brand Indicators for Message Identification (BIMI) standard. The two main types are Common Mark Certificates (CMC) and Verified Mark Certificates (VMC).

Both enhance visual trust by displaying logos while also boosting email security and brand visibility. However, the distinction between trademark requirements can cause confusion.

VMCs require trademark validation and, in supported email platforms like Gmail, they also display a blue checkmark next to your logo, signaling that the sender has been fully verified.

CMCs are easier to obtain and more affordable because they don’t require trademark validation.

Not sure which digital certificates are best suited to safeguard email communication? Your decision should depend on your brand’s goals, whether you have a registered trademark, and the level of email security you need. In this article, we’ll break down the differences between CMC and VMC certificates and explain how each contributes to building trust and visibility in the inbox.

What is a VMC?

Verified mark certificates (VMCs) use brand logos to signal trust in email communication. Trademark registration is a core element of the VMC, promising enhanced credibility and security. These certificates are only available to those who submit trademarks registered through official channels such as intellectual property offices.

VMCs must also be validated by a trusted certificate authority and work alongside email security protocols such as BIMI, DMARC, SPF, DKIM, and DNS to verify sender identity, prevent spoofing, and enable the display of trademarked brand logos in supported email clients.

One of the key benefits of a VMC is the visual trust signal it provides: in Gmail and other supported platforms, your logo is displayed, helping recipients instantly recognize legitimate messages. They also improve email engagement and deliverability.

VMCs offer strong protection against phishing attempts and generally have broader platform support compared to CMCs, making them a preferred option for brands with registered trademarks seeking maximum visibility and trust.

What is a CMC?

A common mark certificate (CMC) is a specialized digital certificate, designed to confirm organizational identity by displaying logos within email inboxes. Unlike VMCs, CMCs do not require a registered trademark. Instead, they rely on other forms of verification such as logo usage history and domain ownership to authenticate the sender’s identity and establish visual trust.

CMC certificates also work alongside established email authentication protocols such as BIMI, DMARC, SPF, DKIM, and DNS to help ensure that emails are legitimate and have not been spoofed or altered.

Key advantages of CMCs include the fact that no trademark registration is required, they can be issued quickly, and they are generally more affordable than verified mark certificates.

However, CMC support remains limited and is currently available in select platforms like Gmail, Yahoo, and Apple Mail, meaning your brand logo may not appear in all inboxes.

Key differences between CMC and VMC

CMCs and VMCs may seem similar, but their underlying mechanisms look a bit different, and these core differences carry ripple effects that impact pricing, issuance, brand visibility, and more.

Trademark registration and validation process

All differences surrounding CMC and VMC come down to one main distinction: VMCs require trademarked logos, which call for a more vigorous validation process. This process includes additional checks by a certificate authority to verify trademark ownership before approval. With CMCs, verification by a CA is still required, but it does not require a registered trademark logo. Instead, the CMC validation process centers around logo use history and domain ownership verifications.

Logo display and visual indicators

Both CMCs and VMCs make it possible to display brand logos in email inboxes. This drives instant recognition among email recipients. However, VMCs have an extra advantage in Gmail because the logo appears with a blue verified checkmark, signaling a fully validated sender. Organizations obtain these trademarks through intellectual property offices such as the United States Patent and Trademark Office (USPTO).

Platform support and deliverability

The advantages of logo-based visual trust matter little if compatibility issues stand in the way of logo rendering or limit badges that signal trust. VMCs offer broader compatibility with BIMI-supported email clients while CMC support is more limited and currently works with a smaller subset of providers.

Pricing and issuance complexity

The key advantages that elevate VMCs—validation processes that support a higher level of trust—also contribute to their main drawback: these certificates will take longer to issue and are more expensive.

With VMCs, issuance cannot be completed without trademark ownership confirmation. This calls for documentation above and beyond what is required for a CMC.

BIMI, email authentication, and certificate compatibility

The success of both VMCs and CMCs relies on a key standard: Brand Indicators for Message Identification (BIMI). This is what today's top email clients use to verify and display brand logos via inboxes.

BIMI draws on enforcement from DMARC (Domain-based Message Authentication, Reporting, and Conformance) protocols, which safeguard domains from unauthorized use. DMARC policies use DNS records to indicate how servers should handle any messages that fail strict authentication checks.

Authentication mechanisms such as SPF (Sender Policy Framework) confirm that emails come from authorized IP addresses, while DKIM (DomainKeys Identified Mail) adds cryptographic signatures for additional verification. When these standards are properly configured, they establish a strong foundation for BIMI to function.

While VMCs are typically used to enforce BIMI's strictest requirements, CMCs have a powerful role to play: they can eliminate some of the greatest roadblocks that stand in the way of BIMI, all while helping organizations display verified logos.

Which certificate is right for your domain?

Choosing between a VMC and a CMC depends on several key factors, including your brand’s trademark status, email security goals, budget, and the level of inbox visibility you want to achieve.

Start by reviewing your email authentication setup. Both CMCs and VMCs require DMARC, SPF, DKIM, and DNS records to be properly configured, so ensuring these basics are in place will narrow your choices.

Trademark ownership. In most cases, the VMC vs CMC debate comes down to one key factor: if your organization already has a registered trademark, VMC is the best option. This approach is even more important when navigating strict trademark governance. For businesses that lack trademarks, however, CMC can provide a valuable bridge, offering a similar form of protection along with a much-needed signal of digital trust.
Budget. Businesses need to strike a delicate balance between safeguarding email communications and maximizing their digital certificate ROI. CMCs influence this equation because they generally cost less than VMCs. These savings stem from less intensive validation; both certificates undergo verification processes, but CMCs are freed from the added burden of trademark verification. If cost is a key barrier, CMCs may be the better choice, promising similar protection at a lower price point.
Email client compatibility. If broad compatibility is a priority, it's important to note that while CMCs are supported in major platforms like Gmail, Yahoo, and Apple Mail, VMCs are better suited for organizations seeking the widest and most reliable reach across BIMI-supported email clients.
Security and brand marketing goals. VMCs and CMCs support similar goals, but their impact can vary. VMCs provide stronger trust signals through trademark validation and more visible branding. CMCs offer flexibility but may not deliver the same level of identity assurance or brand credibility.

How to get a VMC certificate

It can take up to six weeks to secure a VMC certificate, so be prepared for a lengthy process that includes verifications and documentation. To obtain a VMC certificate you need to:

Secure a registered trademark. A mark certificate does not qualify as a verified mark certificate until it is accompanied by a registered trademark. Take steps to secure this through USPTO or, if needed, similar recognized offices from other jurisdictions.
Create an SVG version of the logo. Trademarked logos should be saved as SVG square format to meet BIMI (Brand Indicators for Message Identification) requirements. These vector graphics are uniquely scalable and promise sharp image quality.
Ensure DMARC enforcement is active. DMARC policies should be set to quarantine or reject (p=quarantine or p=reject).
Purchase from a trusted certificate authority. Vet certificate authorities carefully to ensure that strict standards are followed through every step of the issuance process. This strengthens credibility and overall peace of mind. Look for a CA with a strong reputation and robust support services, such as Sectigo.

How to get a CMC certificate

The process of obtaining a CMC largely echoes VMC requirements, except for the absence of registered trademark validation. Get started by following these steps:

Prepare an SVG logo. The logo must be in SVG Tiny 1.2 format and should include an embedded color profile. This logo need not be trademarked, but it will need to clear other requirements. A logo should have been publicly used for at least 12 months on your domain, although modified versions of registered trademark logos may also qualify.
Confirm active DMARC enforcement. Follow the previously described steps to confirm DMARC quarantine or reject policies.
Seek validation from the right CA. As with VMCs, CA selection is crucial. Be prepared to undergo identity verification protocols that may include notarized IDs or live video calls with CA validation agents.

Why email authentication matters for cybersecurity and brand trust

Email authentication forms a crucial layer of digital security, making it far more difficult for bad actors to impersonate trusted brands. This verifies senders' legitimacy so that recipients are less vulnerable to sophisticated spoofing attacks. By strengthening trust, authentication also improves overall visibility, leading to higher open rates and improved engagement.

While many safeguards contribute to strong email authentication, CMCs and VMCs enhance this protection by adding visual trust indicators that leverage the power of brand recognition.

Get started with VMC or CMC certificates through Sectigo

Enhance visual trust with common mark certificates and verified mark certificates—both available through Sectigo. As a digital certificate leader, Sectigo offers industry-leading solutions to help you navigate the validation process with confidence. Start your path to visual trust in the inbox today.