With a VMC and CMC certificate, your company can also have a logo in its emails (BIMI).

Jan 2, 2025 | Jindřich Zechmeister

In the digital world, trust and security come first. The internet bombards us with one scam after another, fraudulent messages flood our emails, and it’s more important than ever to distinguish between legitimate messages and the rest (spam, phishing). Thanks to BIMI and VMC/CMC certificates, we have a powerful ally against fraud.

What do BIMI, VMC, and CMC mean and why these certificates are important

For recipient trust, sender authentication is necessary to ensure that the message does not come from a fraudster. To facilitate the authentication of a genuine sender, the BIMI protocol was created, which allows displaying the sender's logo in messages. The sender chooses and sets this logo using DNS records. If this mechanism were to work openly, it would soon be exploited by attackers as well - therefore, BIMI is practically exclusively used in combination with VMC and CMC certificates, verifying that the sender truly has legal rights to the logo and is not simply trying to misuse it.

What is the difference between VMC and CMC certificates?

VMC (Verified Mark Certificate) is a digital certificate that allows organizations to display their verified logos in emails. This certificate is important for combating phishing as it enhances trust in the authenticity of the email sender. VMC serves as visual proof that an email comes from a verified and trustworthy organization whose identity has been verified by a reputable certification authority.

CMC (Common Mark Certificate) works the same way, but obtaining it does not require owning a trademark for the logo that is displayed with the sender in the recipient's email service.

Common Mark Certificate functions the same as VMC (Verified Mark Certificate), only in Gmail, it does not trigger the display of a blue "check" symbol next to the sender's logo. Therefore, the difference is minimal for the message recipients.

Recipient protection is in the hands of the domain owner

If the sender does not use BIMI in combination with a verified certificate, they expose the recipients of their emails to possible risk. Attackers exploit domains and names of well-known brands and services. They set the sender's name in their phishing messages as well-known brands like Revolut, Netflix, or banks. They use an appropriate sender name displayed to the recipient instead of falsifying the domain name, which is easily detectable.

The sender's domain is subject to control, but the sender's name is not. If a message is sent from a domain with correctly set SPF and DKIM, it will likely reach the recipient's inbox since these "hard" mechanisms have no reason to reject the message (they do not deal with the sender's name) - and the message genuinely came from the given domain, the sender's address is not spoofed. Whether the message is fraudulent or genuine is determined by the spam filter, but even that cannot be relied upon too much. Therefore, it is more than appropriate for your message recipients to also see your verified logo and confirmation that the sender is genuine and verified.

From the above principle of operation, it is clear that the critical point of current email services is the use of the sender's name. And this verification of the sender's authenticity is entirely on the shoulders of the recipient, i.e., the reader of the message.

It's time to help message recipients better navigate the flood of spam and phishing. Ideally, by displaying your company's logo and confirmation in messages sent by your company, ensuring the name and logo of the sender have been verified by an independent certification authority. Then, your messages can be trusted, and an impostor has no chance to endanger them.

Obtaining the certificate for BIMI has never been easier

To display the sender's logo using BIMI, you no longer need a trademark. It is enough if you have been using your logo on the web for more than a year. The issuing certification authority will verify its use and then issue you the Common Mark Certificate. This new and straightforward option opened up thanks to the new CMC (Common Mark Certificate) certificate. The use of BIMI is available to absolutely all companies, no longer limited to selected companies with a trademark.

Consult with us about implementing BIMI for your domains

We are experts in BIMI and obtaining VMC/CMC certificates. Consult with us free of charge and without obligation on enhancing the security of your message recipients. Our customer support is fully available to you.

If you are interested in obtaining a VMC or CMC certificate, we will help you smoothly obtain it. Once the certificate is issued, we will also help you with its deployment.