Picture this: Your marketing team sends out thousands of emails each week, but recipients are increasingly hesitant to open them due to the increasing number of phishing emails. Meanwhile, your competitors’ emails stand out with their logos prominently displayed next to their messages in Gmail and other major email clients. Mark certificates power those logos.
Mark certificates aren’t just an IT upgrade; they’re a brand and trust strategy. As inboxes become more visual and security-aware, having your logo displayed is no longer a nice-to-have. It’s a signal to customers, employees, and partners that your organization is legitimate, secure, and worth engaging with.
We’ll break down the differences between Common Mark Certificates (CMC), Verified Mark Certificates (VMC), and Government Mark Certificates (GMC), and how to choose the right option for your organization.
Explore Mark Certificates
What Exactly Are Mark Certificates and Why Do They Matter?
Mark certificates allow your logo to be displayed next to your emails in participating inboxes. For recipients, that logo functions much like a blue checkmark on verified social media accounts, signaling legitimacy, trust, and brand recognition. For businesses, the benefits are tangible:- Stronger brand visibility in crowded inboxes
- Increased customer trust and open rates
- Protection against phishing and brand spoofing attacks
- Clear differentiation from impersonators and bad actors
Think of DMARC as the security foundation, BIMI as the display layer, and mark certificates as the proof that your brand is legitimate and that you have the legal right to use the logo.
That’s where Verified Mark Certificates (VMCs), Common Mark Certificates (CMCs), and Government Mark Certificates (GMCs) come in. Each serves the same basic purpose in validating your legal right to display a logo. However, each differs in requirements, recognition, and use cases.
Understanding Mark Certificate Types
Verified Mark Certificates (VMCs) are the original “gold” standard for BIMI compliance. To obtain a VMC, your organization needs a registered trademark for your logo with a national trademark office (such as the USPTO in the United States).The certificate authority validates both your identity and your trademark registration before issuing the certificate. VMCs offer the highest levels of brand recognition and trust and are widely recognized across email platforms.
Benefits of a Verified Mark Certificate
- Blue checkmark in Gmail and Apple Mail
- Widest support across mailbox providers
- Strongest signal of brand legitimacy
- Maximum brand visibility and recognition
- Helps protect against spoofing attacks and phishing
Gmail examples:
With a VMC:
Without a VMC:
Common Mark Certificates (CMCs) emerged as a more accessible alternative. CMCs don’t require trademark registration, making them ideal for organizations that haven’t formalized their trademark yet, are still in the registration process, or simply don’t have registered marks.
CMCs validate your domain ownership and organizational identity. While they enable BIMI functionality and logo display, they don’t include the trademark component or the blue checkmark.
Benefits of a Common Mark Certificate
- Faster and more accessible entry into BIMI
- No trademark registration required
- Improves brand recognition and email trust
- Lower cost compared to VMCs
Benefits of a Government Mark Certificate
- Official seal displayed in supported inboxes (including Gmail with blue verified checkmark)
- No trademark registration required (authentication based on enabling legislation)
- Strongest possible assurance for government communications
- Protection against government impersonation and phishing
- Available to government entities in 30+ countries worldwide
Comparing Mark Certificate Differences: What Sets Them Apart?
When you compare common mark certificates and VMCs, the primary distinction is trademark registration. VMCs require it; CMCs don’t. This fundamental difference affects both the validation process and the level of trust conveyed.Brand visibility is largely similar across VMCs and CMCs—both enable your logo to appear in supported email clients. However, VMCs carry additional weight in terms of brand protection. By requiring trademark registration, VMCs demonstrate that your organization has taken the legal steps to protect its brand identity. This can be particularly valuable for enterprises concerned about brand reputation and intellectual property.
GMCs follow the same authentication model as VMCs but substitute enabling legislation for trademark registration. For government entities, this approach recognizes that official seals and emblems are protected by law rather than through commercial trademark systems. GMCs are only available to government entities whose mark is established through statute, regulation, treaty, or government action.
Time to deployment is another practical consideration. If you already have trademark registration, obtaining a VMC is straightforward. But if you need to register a trademark first, that process can take months or longer. CMCs offer a faster path to BIMI adoption since they bypass trademark requirements entirely. For government agencies with established marks in legislation, GMCs can move relatively quickly once enabling legislation is submitted and verified.
Cost considerations extend beyond the certificate itself. While VMCs and CMCs have comparable certificate costs, factor in trademark registration fees (typically $250–$750 per mark in the U.S.) and legal expenses if you’re pursuing a VMC without an existing trademark. GMCs are available at a fixed annual rate.
Obtaining a Mark Certificate from SSL: What to Expect
Understanding the validation process helps you prepare for implementation. SSL’s rigorous validation ensures that only legitimate organizations can display their logos through BIMI. Here’s what you’ll need for each certificate type:Prerequisites for All Mark Certificates:
Before applying for a VMC, CMC, or GMC, you must have DMARC enforcement enabled on your domain with either a Quarantine or Reject policy (not just monitoring mode). You’ll also need to create an SSL account and pre-validate your domain through one of the supported methods. Here are some additional shared requirements for every Mark Certificate:| Requirement | Details |
| DMARC at enforcement | Your sending domain must have DMARC configured at p=quarantine or p=reject. This is the foundation of BIMI. |
| SVG logo (Tiny P/S format) | Your logo must be in SVG Tiny Portable/Secure (P/S) format as defined by the BIMI Working Group. Square aspect ratio (1:1) required. SSL can advise on conversion. |
| Owned domain | You must own and control the sending domain. One certificate is required per unique base domain. |
| One certificate per logo | Each unique logo requires its own certificate. Organizations with multiple logos or sub-brands will need a certificate per logo. |
| BIMI DNS record | A BIMI TXT record must be added to your domain’s DNS after certificate issuance. SSL provides step-by-step configuration guidance. |
SSL validates that your trademark is registered with an office listed in the WIPO (World Intellectual Property Organization) directory. The trademark must not expire within 397 days of verification. You’ll need to provide your company information, designate key organizational contacts (Contract Signer, Certificate Requester, and Certificate Approver), and complete identity verification through SSL’s Face-to-Face (F2F) process using third-party AI identity verification providers combined with manual review.
Your logo must be formatted as SVG Tiny Portable/Secure (SVG P/S) with a maximum file size of 30KB and a square 1:1 aspect ratio. SSL carefully validates that your logo matches your registered trademark.
Requirements (High Level)
- Enforced DMARC policy
- Compliance with BIMI standards
- Requiring a registered trademark
- Rigorous identity verification
You’ll still complete the same organizational validation, identity verification, and logo formatting requirements as VMC applicants. For CMCs only, SSL offers an optional logo hosting service to simplify deployment.
Requirements (High Level)
- DMARC enforcement enabled
- Logo in the correct BIMI format
- Proof of logo ownership
You’ll need to provide:
- Enabling Legislation: The official law or government record that grants your agency its mark (this might be an Act of Parliament, executive order, agency establishment statute, official gazette, treaty, or similar binding document)
- Proof of Identity: Documentation confirming your agency’s official status (government register entry, official gazette listing, or equivalent)
- Enforced DMARC Policy: Your domain must have DMARC configured at p=quarantine or p=reject
- Logo in SVG Tiny P/S Format: Your official seal, exactly matching the mark described in your enabling legislation
- BIMI DNS Record: Added to your domain after issuance (SSL provides step-by-step guidance)
Requirements (High Level)
- Enabling legislation establishing the government mark
- Official status documentation
- DMARC enforcement enabled
- Logo exactly matching the official mark in legislation
The Validation Process Timeline:
SSL’s validation team guides you through each step, from document submission to identity verification. The Face-to-Face verification uses AI-powered tools for secure, remote identity confirmation, eliminating the need to visit an office or mail documents. Most organizations complete the process within a few business days once all requirements are submitted, though trademark verification for VMCs may add time if your trademark office requires additional documentation.How to Choose the Best Option for Your Business
So which mark certificate is right for your organization? Consider these key questions:Do you have a registered trademark? If yes, a VMC is your best choice. It offers maximum brand recognition and demonstrates your commitment to brand protection. If you’re a government entity with an official mark established by law, GMCs are available now from SSL—providing the same authentication strength as VMCs through a validation path tailored to government needs.
Is speed essential? If you need to implement BIMI quickly and don’t have trademark registration, a CMC gets you up and running while you pursue trademark registration in parallel. Many organizations start with a CMC and upgrade to a VMC later.
What’s your brand protection strategy? Companies in competitive markets or those facing brand impersonation threats often prefer VMCs for the additional legal protections that come with trademark registration. The blue checkmark effect of having your verified logo displayed can significantly boost brand visibility and trust.
What’s your long-term plan? If trademark registration is in your future plans anyway, consider whether to wait for your VMC or start with a CMC now. For many small to mid-size businesses, getting that logo displayed sooner rather than later drives immediate value in terms of email engagement and protection against spoofing attacks.
Quick Guidance:
- Choose a CMC if you’re early-stage, cost-conscious, or still registering trademarks
- Choose a VMC if brand trust, recognition, and protection are strategic priorities
- Choose a GMC if you’re a government entity seeking the highest level of public trust and authentication for official communications
Mark Certificates Comparison Chart
| Feature | VMC — Verified Mark Certificate | CMC — Common Mark Certificate | GMC — Government Mark Certificate |
| Who it’s for | Private organizations with a registered trademark | Organizations with an established logo in use for 12+ months | Government agencies, departments, ministries, and public institutions |
| Proof of rights | Registered trademark (USPTO, EUIPO, UKIPO, CIPO, IP Australia, etc.) | Evidence of 12+ months continuous logo use on an owned domain | Enabling legislation — the law, statute, or regulation granting the official mark |
| Trademark required? | Yes | No | No (legislation instead) |
| Authentication level | Highest | Standard | Highest (VMC-equivalent) |
| Gmail blue checkmark | Yes | Varies by provider | Yes |
| Supported email clients | Gmail, Apple Mail, Yahoo Mail *, Fastmail | Gmail, Apple Mail, Yahoo Mail *, Fastmail | Gmail, Apple Mail, Yahoo Mail *, Fastmail |
| DMARC enforcement required? | Yes | Yes | Yes |
| Typical validation time | 3–5 business days | 3–5 business days | 3–5 business days |
| WebTrust for CAs audited | Yes | Yes | Yes |
| Get started | Buy VMC | Buy CMC | Buy GMC |
SSL: Your Trusted Partner for Email Trust Solutions
SSL offers all three mark certificate types: Verified Mark Certificates, Common Mark Certificates, and Government Mark Certificates. Our team understands that choosing the right certificate goes beyond technical specifications. It’s about protecting your brand, building trust with your customers and constituents, and staying ahead of email security threats.Ready to enhance your email brand visibility and protect against spoofing attacks? Compare common mark certificates with SSL’s team and discover which solution aligns with your business goals. Your verified logo in the inbox is just the beginning of stronger customer trust.