Gmail has just announced an update to its support for the BIMI standard!
What is BIMI?
As a reminder, BIMI is a standard that allows the sender to display its logo next to sent emails to reinforce user confidence. For a logo to be displayed, the sender must have implemented email authentication protocols, notably DMARC, which guarantees that the message actually comes from the company’s domain. In addition, a Verified Mark Certificate (VMC) is often required to certify that the logo legally belongs to the sender. This was notably the case with GMail. Unlike Yahoo!Mail or Laposte.net
BIMI’s aim is twofold: to improve security by making fraudulent e-mails easier to detect, and to offer brands greater visibility in users’ inboxes.
VMC certificate, what’s the problem?
As mentioned above, to display your logo on BIMI, you needed a VMC certificate. The problem is that only 2 entities are currently authorized to issue this type of certificate, at a rather high price:
- Entrust DataCard ($1299/year)
- DigiCert ($1608/year)
VMCs exist to validate the ownership of an organization’s logo; certificates are based on the trademarks of the logo/image.
What’s more, it takes a very long time to obtain a certificate – several months (6 to 8 months in general) – because there is a human and manual validation of the ownership and identity of the applicant.
These constraints, while legitimate, slow down the deployment of BIMI and restrict its implementation to entities with sufficient resources.
GMail announces 2 changes for BIMI
GMail supports Common Mark Certificates (CMC)
Gmail now supports “Common Mark Certificates” (CMC).
This is a new type of BIMI certificate issued by certification authorities. CMCs enable a wider range of senders to use BIMI, as they do not require a VMC certificate with a visual trademark (logo).
Note that with a CMC, the sender’s brand logo is displayed without Gmail’s verified checkmark, which is displayed for VMCs.
Being fairly new, we haven’t found precise information on how to obtain this branded certificate.
In the BIMI documentation explaining the prerequisites for a VMC certificate, mention is made of “Common Mark Certificates” (CMC). (chapter 3.2.16)
We learn that the logo used for BIMI must be present on a website, that there must be validation that the applicant has sufficient control over the domain in question, but also that the representation of the brand (the logo for example) has already been present on websites for more than 12 months. For this, they will use archives.org.
BIMI verified check marks are now displayed on Android and iOS
Currently, the blue “BIMI Verified” checkmark 
is only displayed in webmail (on Desktop) for senders with VMC certificates. In the coming weeks, users will be able to see the blue verification icon on their GMail application on Android and iOS (Apple Mail). As mentioned above, only VMC certificates are concerned, not CMCs.
Availability
Deployment began on September 24, 2024 and will last 15 days.
We strongly recommend that you implement BIMI, whether for your transactional emails, newsletters or promotional emails. It will increase trust in your emails and improve the user experience with your brand.
More information on Valimail (who helped us discover this info) and on Google’s blog