Categories
Best practices

What Is a Common Mark Certificate, and Should I Set It Up for My Newsletter? What You Need to Know

If you want to get your logo into inboxes, the CMC can help you do it — and ensure your logo displays in both Gmail and Yahoo inboxes.

These stories are presented by Beefree, an email and landing page builder that helps you create better, and faster. With over 1,700 free templates and an intuitive drag-and-drop editor, freelancers and teams can quickly design high-performing emails and landing pages. Build emails in a fraction of the time and deploy them easily through platforms like ActiveCampaign, HubSpot, or Mailchimp. 82% of users say they build emails faster thanks to Beefree — and 63% have seen click-through rates improve by more than 11%.

Start creating better, faster emails today. Get started for free, and upgrade as you grow.

Having your logo next to your name in the inbox typically leads to higher open rates. That extra bit of branding can really help your newsletter stand out. But in the past, if you’ve wanted to put your newsletter’s logo in the inbox, you only had two options.

The first option is to go through the process of setting up BIMI, or Brand Indicators for Message Identification. BIMI makes sense for larger brands, but there are drawbacks that make it impractical for smaller publications. To be approved for BIMI, you need to:

  1. Have a logo that’s trademarked in a that’s trademarked in a pre-approved country or region.
  2. Apply for a Verified Mark Certificate, or VMC, which involves several steps, including getting certain paperwork notarized.
  3. Pay the annual fee for the VMC. Only two companies sell these VMCs: DigiCert charges $1,499 per year for a VMC, and one from Entrust costs $1,299 per year.
A screenshot of an email from PayPal,  highlighting the PayPal logo at the top, next to the email address, and a blue check mark.
PayPal uses BIMI in the inbox, so readers will see their logo and a checkmark next to PayPal emails.

The second option is more of a hack: Take the email address from which you send your newsletter, set up a YouTube account with that email address, and then add an avatar to that account on YouTube. The YouTube hack usually works for readers who use Gmail or have a work email powered by Google Workspace, though users who use Yahoo, Outlook, or any other inbox provider wouldn’t see the logo.

But now there’s an interesting third option, one that allows you to deploy BIMI and get your logo in most inboxes but without having to apply for a VMC: getting a Common Mark Certificate, or CMC.

The CMC and the VMC are two different forms of digital IDs, allowing you to deploy BIMI in inboxes. A decent analogy might be to imagine the CMC as a driver’s license and the VMC as a passport. They’re both forms of identification, but there are slight differences in how you can use them to deploy BIMI and get your logo in the inbox.

The BIMI working group released a guide to the CMC — it’s a 129-page .pdf with a lot of jargon and legalese, like this:

For Combined Marks, the location of any word mark elements MAY be rearranged in relation to the design mark elements (for example, the word mark elements may be relocated from the right side of the design mark elements to below the design mark elements, and MAY also include separating and stacking the word mark elements into a more compact area).

If you read that and thought, “Yeah, that makes sense to me!”, the whole .pdf is here, with a lot more jargon and legalese for you to enjoy. For everyone else, I’ve put together this guide to answer some common questions about the CMC in plain English.

What is a CMC, and where will it work?

When BIMI first rolled out in 2021, it was intended to give large brands a way to prove to readers that their emails were legitimate. Apple, Gmail, and Yahoo offer support for BIMI. Verified users will see a logo next to a brand’s name in the inbox. (Where the logo shows up depends on the device you’re using and your inbox provider. I’ve got a more detailed breakdown here.) Gmail and Yahoo also show a verified checkmark at the top of the email to prove you’re getting a legitimate email. BIMI was designed to help alleviate concerns about spam and spoofing. If readers see that logo or checkmark, they know they can trust the email and the links inside.

Large brands quickly adopted BIMI, from e-commerce players (eBay) to major banks (Bank of America) and large news organizations (The Philadelphia Inquirer). However, adoption has been slow: According to data compiled by Wombatmail, fewer than 22,000 of the top 10 million domains on the web have gone through the process of setting up BIMI. In the news realm, some of the largest orgs on the planet, including Bloomberg, the New York Times, the Wall Street Journal, and the Washington Post, have yet to set up BIMI. Those are the types of brands that, in my opinion, should rush to turn on BIMI as soon as possible — a trusted presence in the inbox is so important for their long-term success.

But there are a few weaknesses with BIMI. In order to apply for one, you need a trademarked logo, and many brands don’t have one. If you do have a trademarked logo, it needs to come from one of those authorized trademark offices:

  • Australia — IP Australia
  • Brazil — Brazilian National Institute of Industrial Property
  • Canada — Canadian Intellectual Property Office
  • Denmark — Danish Patent and Trademark Office
  • European Union — European Union Intellectual Property Office
  • France — Institut National de la Propriété Industrielle
  • Germany — Deutsches Patent- und Markenamt
  • India — Office of the Controller General of Patents, Designs & Trade Marks Department for Promotion of Industry and Internal Trade Ministry of Commerce & Industry
  • Japan — Japan Trademark Office
  • New Zealand — Intellectual Property Office of New Zealand
  • South Korea — Korean Intellectual Property Office
  • Spain — Oficina Española de Patentes y Marcas
  • Sweden — Swedish Intellectual Property Office
  • Switzerland — Swiss Federal Institute of Intellectual Property
  • United Kingdom — UK Intellectual Property Office
  • United States — United States Patent and Trademark Office

Readers with trademarks in other countries, from Argentina to Zambia, were out of luck — they couldn’t apply for BIMI without a trademark approved by one of the authorized offices. (Or they had to apply for the trademark through one of those 16 offices, which is an expensive and complicated process.)

The other challenge is the price of a VMC. For many newsletter operators, spending $1,299 or $1,499 a year — and needing to renew that fee annually — made BIMI a “nice to have,” but not necessary.

The CMC was created to address the first challenge: the issue with trademarks. (We’ll get to the price later in the piece — the CMC is a bit cheaper, but it still might be a hurdle for many newsletters.) With a CMC, you no longer require a trademarked logo, which should open up BIMI to many new newsletters and brands worldwide.

Thanks to the CMC, I expect to see many more small e-commerce companies, newsrooms, non-profits, and even independent newsletters turning on BIMI. Many Inbox Collective clients have told me over the years that they wanted to use BIMI, but the big hurdle was that they didn’t have a trademarked logo. Now, that’s not an issue, which will make applying for a CMC a no-brainer for many newsletters.

But the CMC won’t be for everyone. Plenty of brands don’t have a logo — Inbox Collective is one! — or don’t bring in enough revenue to justify the cost of a CMC. Another thing that might disqualify you from a CMC is that DigiCert or Entrust, the two companies that issue these certificates, will look for proof of your business through a reputable business database, like ZoomInfo. An example: While working on this piece, I talked with Al Iverson, the industry research and community engagement lead at Valimail, who helped answer several key questions. Iverson writes a fantastic newsletter about the email space called Spam Resource. Ironically, even though he writes his own newsletter and is enough of an expert to be cited in a piece all about BIMI, he won’t be able to apply for a CMC for Spam Resource. Why not? He operates it under his own name and not as an LLC, S corporation, or other business structure. Having an official business is required to apply for a CMC.

What do I need to have to apply for a CMC?

If you’re applying for a CMC, you don’t need a trademarked logo. If you can prove that your logo has existed for at least one year, you can apply for a CMC. How will you prove that? I find this fascinating: BIMI Group guidelines state that they’ll use Internet Archive’s Wayback Machine to prove the age of your logo. (I would’ve expected a more high-tech solution, but this certainly is one way to do it!)

If you only have a wordmark — just the text for the name of your newsletter or brand — that’s also OK. “You can make whatever you want with that wordmark in your BIMI,” Iverson explained. “You’re not limited by font, logo, color.” You can add a background color to the logo or lay out the words in your business’ name however you choose.

Otherwise, the process is basically identical to the one for the VMC. You’ll need to fully authenticate your newsletter’s domain. That means setting up SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) and then setting up DMARC (Domain-based Message Authentication, Reporting & Conformance) for your newsletter. (These are all steps you need to take anyway to ensure you can send to major inboxes, including Gmail and Yahoo.) A key thing: DMARC must be set to what’s known as an enforcement level, either “quarantine” or “reject.”

Lastly, you’ll need to set up a BIMI record. You’ll need to convert your logo into a .svg file; this guide can help you with that step. Then, you can use this guide to generate the BIMI record. 

Where will the CMC work?

So far, Gmail and Yahoo are the only providers supporting the CMC. (Technically, Yahoo doesn’t check to see if you have a VMC or a CMC, just that you have a BIMI record. But the end result is that the logo will display.) “If you’re a B2C marketer or B2C newsletter sender, Gmail and Yahoo together is probably 70%+” of your audience, Iverson said. “So you’re going to capture more than two-thirds of your audience with that logo.” (Yahoo also runs AOL Mail, so that’s an additional CMC-friendly inbox.)

However, there is one key difference between the CMC and the VMC: With a VMC, Gmail, and Yahoo will automatically add a verified checkmark to all of your emails. That checkmark won’t be available to those with a CMC — with the CMC, you’ll only get your logo in the inbox.

A screenshot of an email from The New Yorker Daily, highlighting the blue check mark at the top, next to the email address, which shows up only if you have a VMC.
The checkmark, like this one in a New Yorker newsletter, will only display for companies with a VMC.

What does the CMC cost, and where can I get one?

DigiCert charges $1,188 per year for a CMC. That’s $311 per year less than what they charge for a VMC.

Entrust has not yet announced pricing. (I’ll update this article when they do.) 

DigiCert and Entrust are the only companies currently authorized to sell the CMC or VMC.

What about brands that have multiple logos for multiple domains? With the VMC, Entrust does allow brands to attach the VMC to a secondary domain at a heavily discounted rate. (A VMC through Entrust costs $1,299, and an additional VMC for a second domain costs $499.) But if you want to set up a different logo for a different domain, you’d need to purchase the VMC at the full rate for both domains. I’ll update this article when Entrust announces CMC pricing — they may make a similar offer for CMC applicants.

Why would I choose a CMC over a VMC?

If you have a trademarked logo from one of the authorized trademark offices, you should still apply for a VMC. You’ll be able to show your logo in the inbox, and you’ll also get the verified checkmark in Gmail and Yahoo inboxes. There’s no data or research I can point you to that says the checkmark is guaranteed to make a difference in engagement, but it certainly won’t hurt. Any org that’s large enough to have a trademarked logo should also spend a few hundred dollars more per year to get that checkmark in every email they send. (I walked step by step through the process of applying for a VMC here.)

If you don’t have a trademarked logo, or if your logo is not trademarked by one of the 16 approved trademark offices, that’s when you’d want to apply for a CMC instead.

You can apply for either the CMC or VMC via the links below:

CMC: DigiCert | Entrust (not yet available)

VMC: DigiCert | Entrust

(Of note: Inbox Collective isn’t an affiliate of either of these companies. We receive no commission for recommending either — we’re just trying to make it easier for you to get the answers and resources you need!)

Is anything else coming down the road for BIMI?

There potentially is! Iverson told me that BIMI-approved brands may eventually be able to modify their logos slightly throughout the year. “The goal is for people to be able to have a version of a logo, for Pride Month or for Halloween or for the holidays at the end of the year — that sort of thing,” Iverson said. Some technical hurdles still need to be handled before that feature is ready, but if and when it rolls out, it’ll allow brands to modify an approved logo. The one thing the BIMI Group has specified is that 51% of the logo should remain constant, but as Iverson pointed out, it’s unclear exactly how that will be measured.

What if I don’t meet the CMC or VMC criteria?

In that case, you might want to try the ol’ YouTube logo hack. (I’ve got an explainer here.)

But as Iverson pointed out, Gmail’s acceptance of the CMC appears to be a step towards eventually closing workarounds like the YouTube logo hack. There are some real questions here that Gmail would need to answer: What happens, for instance, to the avatars that an individual user can set up for their gmail.com account? How will Gmail identify which emails are connected to newsletters or brands and which are for individuals?

“It certainly stands to reason that in the future, at some point, BIMI might be your only chance at a logo,” Iverson said. The real takeaway: If you depend on your email strategy for revenue, you should give either the CMC or the VMC a closer look in the near future.

Here's a decorative image of three animals: An owl, a flamingo, and a seahorse

Correction: The initial version of this post stated that Yahoo supports CMCs. The piece has been updated to clarify that Yahoo will display a BIMI logo but does not actually check see if a VMC or CMC is in place.

Thanks to our sponsor
The stories you’re reading on inboxcollective.com are brought to you by Beefree, which makes designing great emails and landing pages better and faster. Their drag-and-drop builder and mobile-friendly templates work seamlessly in all email clients, from Gmail to Outlook. With Beefree, you can save time and still create standout designs that drive results. Easily deploy your emails to platforms like ActiveCampaign, HubSpot, or Mailchimp.

Get started for free, and upgrade as you grow.

By Dan Oshinsky

Dan runs Inbox Collective, a consultancy that helps news organizations, non-profits, and independent operators get the most out of email. He specializes in helping others build loyal audiences via email and then converting that audience into subscribers, members, or donors.

He previously created Not a Newsletter, a monthly briefing with news, tips, and ideas about how to send better email, and worked as the Director of Newsletters at both The New Yorker and BuzzFeed.

He’s been a featured speaker at events like Litmus Live in Boston, Email Summit DK in Odense, and the Email Marketing Summit in Brisbane. He’s also been widely quoted on email strategies, including in publications like The Washington Post, Fortune, and Digiday.