Verified Mark Certificates (VMCs)

Display your registered logo in email inboxes

In crowded inboxes, your emails compete for attention. A Verified Mark Certificate (VMC) helps your messages stand out by displaying your organization’s registered trademark logo next to your emails in inboxes that support BIMI (Brand Indicators for Message Identification). BIMI is the standard that enables logo display, while the VMC proves the logo is officially registered and verified as associated with your business. With a VMC, your emails:

Appear more professional – Show your verified brand logo instead of a generic icon
Increase trust – Help recipients instantly identify your messages and avoid spoofing attempts
Boost engagement – Increase open rates and interaction through improved brand recognition

Common Mark Certificates (CMCs) and VMCs reinforce brand recognition and build immediate trust with recipients, making users more likely to engage with your emails. They share a common goal of improving trust and credibility through the use of verified brand logos. However, VMCs are specifically designed for organizations with registered trademarks, requiring official trademark verification, while CMCs offer a more accessible solution for businesses that want to display their brand logos without needing registered trademark status. Both certificates enable BIMI logo display, but VMCs provide the highest level of brand authentication by proving trademark ownership, making them ideal for enterprises with valuable intellectual property assets.

As low as

Up to 20% off with multi-year

Questions? Contact sales by chat or phone

VMC vs CMC: Find the Right Email Branding Certificate for Your Business

Your choice of certificate determines how your brand appears in inboxes, the trust you build with customers, and how quickly you can go live

Verified Mark Certificate (VMC)

Choose VMC if:

You have a registered trademark
You need the blue verified checkmark in Gmail
Maximum email trust is critical (full BIMI compliance)
Brand protection is paramount
You can invest in premium certification (as low as $1,350/year)
Best for large enterprises, regulated industries

Get My Verified Mark Certificate

Common Mark Certificate (CMC)

Choose CMC if:

You don't have a registered trademark
Your logo has 12+ months of public use
Basic email branding is sufficient (basic BIMI compliance)
Faster deployment is needed (issued in 5-10 days)
You want cost-effective branding (as low as $990/year)
Best for SMBs, startups, unregistered brand logos

Start with a Common Mark Certificate

Features & Benefits

Prevent Phishing	Verified Mark Certificates place your verified logo directly in recipients’ inboxes, helping your emails stand out as trusted and making impersonators easier to spot. Eliminate doubt, protect your reputation, and convert with confidence.
Improve Deliverability	Verified Mark Certificates don’t just secure your emails, they boost deliverability and visibility by verifying your domain meets the highest authentication standards, including DMARC, SPF, and DKIM. That means more emails land where they belong—with your customers.

Stand out. Stay secure.	Verified Mark Certificates extend your visual brand into the inbox—reinforcing brand recognition and trust in one of the most crowded digital spaces. At the same time, they validate your email authentication standards, enhancing security, deliverability, and brand protection with every send.
Drive Better Results	Emails with verified logos are more likely to be opened and read. A clear visual cue builds confidence with your audience, helping improve open rates and conversion over time.

What you need to order a VMC

Secure your email domain with DMARC
DMARC is a security policy that helps stop attackers from sending fake emails using your domain. DMARC authentication is necessary for meeting BIMI specifications.
- Your DMARC policy must be set to “quarantine” or “reject (p=quarantine or p=reject).
- SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) must be correctly configured.
- Your domain must follow DMARC rules for at least 30 days before applying for a VMC.
Have a trademarked logo - Your logo must be officially registered in a recognized trademark database (e.g., USPTO in the U.S.).
- The logo must be in square SVG format to meet BIMI requirements.
Verify your business identity
- We’ll check your business registration and legal documents.
- This validation process ensures only legitimate businesses can display their logos in email inboxes.

How to order your Verified Mark Certificate (VMC)

To order and collect your VMC follows these six steps:

Check your email security (DMARC Setup)
Before applying, your email domain must have DMARC security in place:
- Set your DMARC policy to “quarantine” or “reject” (not “none”).
- Make sure SPF and DKIM are properly configured.
- Keep DMARC active for at least 30 days before ordering.
Confirm your logo is trademarked
- Your logo must be officially registered in a recognized trademark office.
- Your logo must be officially registered in a recognized trademark office.
- Must be insquare SVG format (required for BIMI compliance).
Purchase your VMC
- Add to Cart above and complete your purchase.
- You will receive an email with instructions to help you complete and download your VMC.
- Sectigo will verify your business identity, which may include reviewing registration documents and confirming identity via a notarized ID or video call.
Set up your logo
- Upload your SVG logo to a publicly accessible HTTPS URL, or allow Sectigo to host your logo for you
- If you're hosting your own logo, add a BIMI TXT record to your domain's DNS (your host or IT team can assist)
Verify & test your logo
- Use a BIMI testing tool to check if your email is configured correctly.
- Send a test email to ensure your verified logo appears in inboxes.
Keep your VMC active
- Regularly monitor DMARC compliance to prevent issues.
- Renew your VMC before it expires to maintain visibility.

FAQs

Have another question?

Reach us by chat in the lower-right corner.

How do VMCs improve email engagement?

When recipients see familiar brand logos, they are more likely to feel confident that emails have been sent by reputable sources. VMCs facilitate logos, which offer a powerful form of visual reassurance. This makes recipients more likely to open and read emails. Furthermore, the DMARC process required to use VMCs can improve engagement by emphasizing authentication, which improves deliverability. Google also shows a blue checkmark indicating the sender of this email has verified that they own the domain and the logo in the profile image.

What is the difference between BIMI, CMC, and VMC?

BIMI (Brand Indicators for Message Identification) is an email authentication standard that displays a brand’s logo in supported email clients. For Gmail users, Google displays a blue checkmark next to the sender’s name to indicate a verified logo. A VMC (Verified Mark Certificate) is a digital certificate issued by a trusted authority that verifies logo ownership, often required for BIMI implementation. CMC (Certified Mark Certificate) shares a common goal of verifying logo ownership but does not require a registered trademark. CMCs are often a faster and more accessible path to BIMI compliance, however they do not trigger the Gmail blue checkmark.

What is the difference between BIMI and other email authentication protocols?

BIMI works in conjunction with email authentication protocols like SPF, DKIM and DMARC to make the sender’s worthiness more visible in recipients’ inboxes. SPF (Sender Policy Framework) prevents email spoofing by allowing domain owners to specify which mail servers are authorized to send emails on behalf of their domain. DKIM (DomainKeys Identified Mail) adds a security layer by allowing the sender to attach a digital signature to the email to confirm the sender's identity and to verify the content has not been altered in transit. DMARC (Domain-based Message Authentication Reporting & Conformance) builds on SPF and DKIM by providing a policy framework that tells receiving mail servers how to handle emails that fail SPF or DKIM checks. It also allows domain owners to receive reports on email authentication results.

How does BIMI work?

BIMI works by linking your email address to your brand’s logo using DNS records. To become BIMI compliant, companies must ensure that their emails are authenticated using SPF, DKIM and DMARC, then set up a DNS record that points to their logo image and VMC. BIMI-participating mailbox providers like Gmail, Apple Mail and Yahoo check the BIMI record when receiving emails from the company’s email domain. If DMARC passes, it will verify if there is a BIMI record in DNS for the sender domain name (and so be re-directed to the VMC and logo image to display); if DMARC fails, it won’t look for BIMI.

What email providers support BIMI/Mark Certificates?

VMC logos are currently supported in inboxes of email clients that implement BIMI — including Gmail, Yahoo Mail, Apple Mail, Zoho Mail, Fastmail, La Poste, Onet.pl, Zoner, and au.com. Gmail also displays a blue checkmark for verified senders with VMC. An updated list of mailbox providers is maintained by the BIMI group.

How do I create a BIMI DNS record?

To create a BIMI record, follow these steps:

Ensure DMARC enforcement: Your domain must have a DMARC policy set to p=quarantine or p=reject.
Prepare your logo: Convert your logo to SVG format using the SVG Tiny Portable/Secure (SVG P/S) profile.
Host your logo: Upload the SVG file to a secure HTTPS-accessible location.
Obtain a Verified Mark Certificate (VMC): If required by your target email providers (e.g., Gmail), get a VMC from a trusted Certificate Authority like DigiCert or Entrust.
Publish the BIMI record: Add a DNS TXT record for default._bimi.yourdomain.com with the following format:
v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/vmc.pem;

If you're not using a VMC, leave the a= field blank for a self-asserted record.

If you are unsure how to add a TXT record to your DNS, check with your hosting provider, DNS provider or system administrator.

How do I check to see if my logo is registered with recognized trademark office?

Typically an organization's legal team can provide details around your trademark status. Having this data, you can look on the World Intellectual Property Organization's (WIPO) website and search for your organization's logo. Once you find your logo in the database, verify registration status (trademark must not expire within 397 days of verification), jurisdiction and a match between the logo you use in email and the trademarked version. As of September 2025, VMC guidelines officially recognize 17 intellectual property offices:

If your logo is not registered with a recognized intellectual property office, you need to go through the trademark registration process in the appropriate jurisdiction. This process can take months, so plan ahead. Alternatively, if your organization is unable to register their logo, or is looking for a more accessible path to BIMI compliance, you may want to start with a Common Mark Certificate (CMC) which allows your organization to display your logo in emails without a trademark.

For a CMC, how do I show that our logo has been in use for 12 months?

Applicants can demonstrate historical usage by providing proof that the logo has been used on their website for at least 12 months. Proof of this activity can be found on the Internet Archive: https://archive.org

What validation is required?

VMC/CMC validation consists of:

Organization validation (similar to EV SSL)
Face-to-face validation (similar to eIDAS)
Logo verification
Domain Control Validation (same as for SSL)
CAA checks (same as for SSL)

How long are Mark Certificates valid?

Mark Certificates are valid for one year. Sectigo offers its customers multi-year subscriptions on Mark Certificates, which ensure continuous coverage and cost-saving benefits.

How many VMCs/CMCs do I need?

If your organization has one domain and one logo, you may only need one VMC/CMC. If you have multiple domains and a single logo, you can use one VMC/CMC for all domains. If you have multiple logos you wish to display in recipient’s inboxes, you need one certificate per unique logo.

What information should I have before I start setting up my VMC?

Before starting the setup process, we recommend having the following information ready. This will help you move through the setup smoothly without losing progress.

Domain names you want to associate with your CMC/ VMC
Certificate Signing Request (CSR)
- Must include all domains you’re associating now
- Cannot include more domains than purchased
- You can start with one domain and add more later
Domain validation method for each domain (Email, DNS, or HTTP)
Organization details: legal name, registration number, and address
Validation contact information
Trademark details: registration number, jurisdiction, and DUNS number
- View list of verified trademark offices for VMC (Not needed for CMC)
Logo in SVG format
- Max size: 24 KB
- Must meet CMC/ VMC logo requirements (square aspect ratio, no transparency)

What if I prefer to host my own logo?

You can absolutely host your own logo. Your logo must be publicly accessible via HTTPS. That is, you should upload your logo to a location that is accessible on the internet. Simply upload your SVG file to your server and reference its URL in your BIMI DNS record. Make sure the file meets BIMI specifications and is not behind authentication or redirects. If you prefer, you can let Sectigo host your logo file instead.

How should my logo be formatted?

Your logo must be: