I might have missed something, but wouldn't that be a phisher's wet dream? Most spammers know very well how to do a mail with valid DMARC. So, now they only need to send a valid mail from any throw away cheap domain and in their BIMI add the logo of paypal?
I understand it's not great to have to pay for the verification/certification, but leaving the door open to abuse is a dangerous path to take. Being on the antispam side, I would hate to have to start implementing BIMI spoof checks. Regards, Laurent On 11.01.24 00:05, Louis Laureys via mailop wrote: > We decided to keep this because I read that some webmail clients are > planning to support BIMI without checking for certificates, or, > perhaps, also displaying a little lock icon in the corner of the > sender's BIMI-style logo image where certification is verified. > > This is exactly what I have in mind for my client, thanks for publishing your > logo in an easily accessible and standard way :) > > Groetjes, > Louis > > _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
