Understanding BIMI Certificate Types

by | Dec 12, 2024

When implementing Brand Indicators for Message Identification (BIMI), verifying your logo with a BIMI Certificate brings additional benefits for recipients at mailbox providers globally. There are three types of assertion for logos: Self-assertion, Common Mark Certificates (CMCs) and Verified Mark Certificates (VMCs). Understanding the differences ensures you get the benefits you expect out of your BIMI implementation.

What Differentiates BIMI Certificate Assertion Types?

A key distinction between BIMI Certificates lies in the type of mark validated and their associated requirements. As outlined in the MC Guidelines, Section 1.1 Overview, these differences are defined as follows:

  • Self-asserted logos: These are the simplest form of BIMI implementation since they do not require verification through certificates, making them a great entry point for BIMI adoption. These BIMI records are supported by only a few mailbox providers, they still offer benefits at providers including Yahoo, Fastmail, and LaPoste.
    • They can be denoted by omitting the ‘a=;’ or leaving the URL portion blank within the ‘a=’ value for your BIMI record.
    • They still require an HTTPS-hosted SVG file, a BIMI record, and DMARC at enforcement.
  • Common Mark Certificates (CMCs): These certificates accommodate marks that may not be registered trademarks.
    • Prior Use Mark: Defined in Section 3.2.16.1, these certificates reflect a history of legitimate use without necessitating trademark registration. This flexibility makes CMCs accessible for a broader range of organizations.
    • Modified Registered Mark: Defined in Section 3.2.16.2, these certificates represent marks that have undergone modifications while maintaining ties to an original registered trademark. They ensure adaptability without compromising the integrity of the validation process.
  • Verified Mark Certificates (VMCs): These certificates are tailored for organizations with registered or acknowledged government trademarks.
    • Registered Mark: Validated under Section 3.2.17.1, these marks undergo rigorous verification to ensure compliance with stringent validation standards. VMCs play a crucial role in conveying credibility and authenticity.
    • Government Mark: Validated under Section 3.2.17.2 of the guidelines, these marks receive official recognition from a government authority, emphasizing their legal authenticity.

Each certificate type has specific use cases and fields that indicate its purpose, making it vital to align the selection with your brand’s credentials and email marketing goals.

The Role of “Prior Use” in CMCs

For “Prior Use” certificates, specific fields within the certificate help identify the mark type. Section 7.1.4.2.2.r of the guidelines describes this in detail:

  • Certificate Field: subject:markType (OID: 1.3.6.1.4.1.53087.1.13)
  • Requirement: This field is mandatory.
  • Contents: It must contain one of the following values, corresponding to validation methods:

How to Identify Your BIMI Certificate Type

To determine if your certificate is a VMC or CMC:

  1. Review the certificate’s profile in the MC Guidelines.
  2. Check the subject:markType field value.
  3. Refer to the validation method outlined in Sections 3.2.16 or 3.2.17.

For instance, if the subject:markType contains “Prior Use Mark,” the certificate qualifies as a CMC under Section 3.2.16.1.

Why Your Choice of BIMI Certificate Matters

The distinction between VMCs and CMCs directly impacts how your brand’s logo appears in inboxes.The differentiation could vary between mailbox providers and display of the logo is at their discretion, the AuthIndicators Working Group does not provide explicit guidance on these distinctions. Examples that we could imagine would be a VMC will get a logo and a trust indicator, where a CMC may only get the logo and no trust indicator. With limited support currently for CMCs we are not able to provide examples currently. 

Properly configured certificates can strengthen email authentication and enhance trust with recipients.

For a comprehensive understanding, consult the MC Guidelines starting from Section 1.1, and dive into the specifics of validation methods in Sections 3.2.16 and 3.2.17.