When you see a blue checkmark next to someone’s name on Instagram, you know the account belongs to whom it claims to belong to.
Many major email service providers, like Gmail, liked the idea and did (almost) the same. They introduced the verified blue checkmark and a framework called BIMI, or Brand Indicators for Message Identification, to ensure recipients stay safe and businesses stay visible. BIMI email authentication is something great to have in times of commonplace phishing and spoofing attacks. Yet, many don’t know much about it.
What Is the Blue Checkmark in Email - and Why Does It Matter?
The blue checkmark in the email appears next to the sender’s name. It means the sender has put in the effort to implement BIMI and has gotten verified through a digital certificate.
This checkmark helps:
•Send a trust signal for recipients: Many recipients don’t click a link simply because they’re afraid of what and where the link can lead to. A verified logo and a checkmark take away the uncertainty and fear, as now the recipient knows the email is truly from someone they can trust. So, the attachment is more likely to be safe to open, and the recipient is more likely to actually click on it.
•Deter fraud: To get the checkmark, you need to have strict authentication protocols. This means it’s very hard for impersonators and hackers to replicate it. What a great way to protect your brand from those who’d want to be you but are not.
One thing the best marketers today know is that the recipients often first look at the checkmark before looking at the subject line.
How Does BIMI Work? The Technical Foundation
Don’t look at BIMI as something that stands alone or is separate from other email authentication things. It sits on top of existing email security standards.
If you want to receive the checkmark, here are three things that are required:
• DMARC enforcement: You must have Domain-based Message Authentication, Reporting, and Conformance (DMARC). It needs to be set at either p=quarantine or p=reject. If you have this, receiving servers will block or flag any emails that fail the checks.
• SVG logo format: Your brand logo must be in Scalable Vector Graphics (SVG) Tiny PS format. This will help your logo look its best on both mobile and desktop screens.
• Domain Name System (DNS) publication: You must publish a BIMI record in your DNS settings, which points the receiving mail server to your verified logo file.
VMC vs. CMC: Which Certificate Do You Need?
To get the Gmail blue verified checkmark, a self-published logo alone is not enough. You need a digital certificate to vouch for your brand identity. There are now two main paths:
1. Verified Mark Certificate (VMC)
A Verified Mark Certificate (VMC) is the gold standard. To obtain one, your brand must have a registered trademark with an officially recognized intellectual property office, such as the USPTO in the United States. VMCs are issued by authorities like DigiCert or GlobalSign.
2. Common Mark Certificate (CMC)
Google recently expanded BIMI support by introducing the Common Mark Certificate (CMC). This is a significant development for smaller brands or those without registered trademarks. A CMC allows you to display your logo in Gmail if you can demonstrate that you have used that logo continuously for at least one year. While it lowers the barrier to entry, CMC support is not universal; VMC remains the more broadly compatible option.
When to choose: If you have a registered trademark, always opt for a VMC for maximum provider compatibility. If you lack a trademark but have an established brand identity, the CMC is your path into Gmail’s verified sender circle.
Which Inboxes Support BIMI?
While BIMI is gaining momentum, support varies by provider, and so does the certificate type required:
| Provider | BIMI support | Certificate required |
| Gmail | Yes; displays blue checkmark | VMC or CMC |
| Apple Mail | Yes; iOS 16+ / macOS Ventura+ | VMC only |
| Yahoo & AOL | Yes; long-time supporters | VMC |
| Fastmail, Zoho | Yes; full support | VMC |
| Microsoft Outlook | No BIMI support | N/A ; uses own Business Profile system |
As you can see in this table, for now, CMC is only for Gmail. Other providers require VMC.
How Do I Get the Blue Checkmark in My Inbox?
Step 1: Enforce DMARC
First and foremost, your DMARC policy needs to be set to p=quarantine (at 100% of traffic) or p=reject. This is the first step, and if you skip it, you won’t be able to get the blue checkmark no matter what else you do.
Step 2: Prepare your SVG logo
You need to have your brand logo in the SVG Tiny PS format. It needs to be square, centred, and have a solid background colour to display correctly in dark mode and circular crop environments.
Step 3: Get your VMC or CMC
Apply for your certificate through an approved Certificate Authority. They will need to confirm that you really own both the brand identity and the domain from which you are sending. This might take several weeks.
Step 4: Publish your BIMI record
Add a TXT (text) record to your DNS.
Step 5: Verify with PowerDMARC
Before you go live, use PowerDMARC’s Free BIMI Record Lookup tool to confirm your record is formatted correctly. This will ensure your certificate is recognized by receiving servers.
How to Maintain Your BIMI Email Setup
BIMI is a win-win for both businesses and customers. Brands are more likely to be seen, and customers are less likely to get scammed. Especially if you follow the tips below, you will enjoy all the benefits BIMI has to offer.
• Stick to the standard format: Use SVG Tiny PS and keep your DMARC policy at either reject or quarantine. p=none will invalidate your BIMI display immediately.
• Use auto-increment when you can: After adding your BIMI record, ensure your DNS zone serial number is updated so that the changes propagate across the internet. Most modern DNS providers do this automatically.
• Audit after migrations: Whenever you change DNS providers or migrate servers, re-verify your BIMI record with a lookup tool. You don’t want to have anything lost in the process.
• Monitor your certificate expiry: VMCs and CMCs have expiry dates. Set a renewal reminder at least 30 days before expiry.
Frequently Asked Questions
Do I need a trademark to get the blue checkmark?
Depends. A VMC does require a registered trademark with an official intellectual property office. However, Google now accepts the CMC in Gmail; your brand just needs to demonstrate at least one year of continuous logo usage.
Will BIMI improve my open rates?
Many senders report a great increase in open rates after BIMI implementation. This is because, when recipients see a logo they know and trust and a verified checkmark, they are much more likely to trust and open the email without even looking at the subject line.
How long does it take to get a VMC?
The process can take several weeks from start to finish. This means you shouldn’t begin the VMC application the week before a major send; start the process earlier to ensure you have everything in your hand at the time you need it most.
Comments