When implementing Brand Indicators for Message Identification (BIMI), verifying your logo with a BIMI Certificate brings additional benefits for recipients at mailbox providers globally. There are three types of assertion for logos: Self-assertion, Common Mark Certificates (CMCs) and Verified Mark Certificates (VMCs). Understanding the differences ensures you get the benefits you expect out of your BIMI implementation.

What Differentiates BIMI Certificate Assertion Types?

A key distinction between BIMI Certificates is in the type of mark validated and their associated requirements. As outlined in the MC Guidelines, Section 1.1 Overview, these differences are defined as follows:

• Self-asserted logos: These are the simplest form of BIMI implementation, as they do not require verification through certificates, and are a great entry point for BIMI adoption. While these BIMI records are limited to a few mailbox providers, you’ll still be able to see the benefits at providers including Yahoo, Fastmail and LaPoste.
  • These can be denoted by omitting the ‘a=;’, or leaving the URL portion blank within the ‘a=’ value for your BIMI record.
  • These still require an https hosted SVG file, a BIMI record, and DMARC at enforcement. 
• Common Mark Certificates (CMCs): These certificates accommodate marks that may not be registered trademarks.
  • Prior Use Mark: Defined in Section 3.2.16.1. These certificates reflect a history of legitimate use but do not necessitate trademark registration. This flexibility makes CMCs accessible for a broader range of organizations.
  • Modified Registered Mark: Defined in Section 3.2.16.2, these certificates represent marks that have undergone modifications while maintaining ties to an original registered trademark. They ensure adaptability without losing the integrity of the validation process.
• Verified Mark Certificates (VMCs): These certificates are tailored for organizations with registered or acknowledged government trademarks.
  • Registered Mark: These are marks validated under Section 3.2.17.1. They offer the highest level of verification by ensuring compliance with stringent validation standards. VMCs are instrumental in conveying credibility and authenticity.
  • Government Mark: These are marks validated under Section 3.2.17.2 of the guidelines. They are specific to marks officially recognized by a government authority, emphasizing their legal authenticity.

Each certificate type has specific use cases and fields that indicate its purpose, making it vital to align the selection with your brand’s credentials and email marketing goals.

The Role of “Prior Use” in CMCs

For “Prior Use” certificates, specific fields within the certificate help identify the mark type. Section 7.1.4.2.2.r of the guidelines describes this in detail:

• Certificate Field: subject:markType (OID: 1.3.6.1.4.1.53087.1.13)
• Requirement: This field is mandatory.
• Contents: It must contain one of the following values, corresponding to validation methods:
  • Registered Mark: Section 3.2.17.1
  • Government Mark: Section 3.2.17.2
  • Prior Use Mark: Section 3.2.16.1
  • Modified Registered Mark: Section 3.2.16.2

How to Identify Your BIMI Certificate Type

To determine if your certificate is a VMC or CMC:

1. Review the certificate’s profile in the MC Guidelines.
2. Check the subject:markType field value.
3. Refer to the validation method outlined in Sections 3.2.16 or 3.2.17.

For instance, if the subject:markType contains “Prior Use Mark,” the certificate qualifies as a CMC under Section 3.2.16.1.

Why Your Choice of BIMI Certificate Matters

The distinction between VMCs and CMCs directly impacts how your brand’s logo appears in inboxes.The differentiation could vary between mailbox providers and display of the logo is at their discretion, the AuthIndicators Working Group does not provide explicit guidance on these distinctions. Examples that we could imagine would be a VMC will get a logo and a trust indicator, where a CMC may only get the logo and no trust indicator. With limited support currently for CMCs we are not able to provide examples currently. 

Properly configured certificates can strengthen email authentication and enhance trust with recipients.

For a comprehensive understanding, consult the MC Guidelines starting from Section 1.1, and dive into the specifics of validation methods in Sections 3.2.16 and 3.2.17.