On Wed, 10 Jan 2024, Olga Fischer via mailop wrote:
Hi mailops,
I am new here because I want to collect some opinion.
Many bigger mailers are blogging about BIMI.
As far as I see its exclusively for brands.
It has 2 big barriers for entry:
- Expensive bespoke cert oids
- Registered trademark logos
As from my perspective of independent mailing between humans: I fear this might
be not just a carrot for doing DMARC, but also making independent mailers less
credible in the UX of mainstream mailer users.
Do you have input on how non-marketing mailers deal with this?
Because obviously its for brand-logos, as in marketing mails. Not for user 2
user.
How will common platforms show user2user?
Will they use platform logos? No logos?
It seems infeasible to do the logo-ing per user.
Can we influence the mailing world to use the standard differently?
Like accepting BIMI logos only depending on valid bog standard cert and DMARC,
boycotting the moneygrab scheme?
Its also may be yet another reader-engagement tracker. Why do those things
always have to be out of band.
I wish y'all a happy new year and good mailing weathers!
Olga
I am also interested in user 2 user email and have little interest in BIMI.
My biggest problem is that showing or not showing a logo signals
one bit of information, but even if the technology is perfect,
there are three possibilities that need to be shoe-horned into it,
otherwise someone will be upset.
If a web-mail or MUA displays the logo, does that indicate that it verified
that the sender was entitled to use the logo, or that it failed to confirm
that the sender was not entitled to use the logo ?
It could signal the middle, "I don't know", case by displaying the logo
in monochrome ... except that some logos are monochrome, some people are
colour-blind, ...
I am confident that displaying a logo will be taken as making a promise
that cannot be kept.
My other concerns include:
My phone screen has a couple of million pixels, but not enough square inches
for me to comfortably read an email.
Taking space for the logo will make it even harder to read the message
- unless BIMI saves organisations from putting the logo in the HTML version
of the email (which would have some value).
As a user of Alpine, a text-base mail reader, I will never see the "logo"
without taking extra effort.
I fear that some mailbox operators will make assumptions about what is
valid that are subtlety different from each other or from reality, so
it may require unreasonable effort to make an email satisfy both the
mailbox operators and best practice (just as we have two sender
addresses that may or may not appear when a message is listed or
displayed, so we now have SPF and DKIM verifying different things).
At the same time I fear that there will be short-cuts that allow phishers
to fake the logo on enough mailbox services to be profitable.
I have just read the bug for BIMI to be added to Thunderbird
https://bugzilla.mozilla.org/show_bug.cgi?id=1670078
Some people there are advocating that Thunderbird should display the logo
even if no Visual Mark Certificate can be verified.
If that is a common view amongst those who provide MUAs and web-mailers,
users will rightly be confused over whether the logo means anything.
Even ignoring the matter of fees, the ability of the marketing
department to get the branding into everyone's email will be somewhat
independent of the ability of the technical team to correctly do
everything else to make email secure and trustworthy.
I believe this even though one of the aims of BIMI is to encourage
correct use of SPF/DKIM/DMARC.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
