Dnia 20.11.2025 o godz. 09:37:46 Todd Herr via mailop pisze: > In my judgment, telling people that a logo showing in a specific place in > the email client means the email is safe is going to be heard by those > people as "logo means safe", with no differentiator on where that logo > appears. To steal a phrase that I believe I've heard Mr. Levine use before, > that's just teaching people to be phished, because bad guys can figure out > ways to get a logo in a message somewhere, even if it's not the location > that a BIMI logo would show up.
I wonder why the companies that want to use BIMI would not rather go the path of signing their messages with S/MIME. That's already supported by most mail clients, the message about mail being properly signed (or not) is prominently displayed by the client, and it's definitely easier for a company to obtain S/MIME certificate(s) for signing mail than to go through all the hassles of getting BIMI-verified. Why don't use a solution that already exists, instead of inventing something new, and very strange in concept (at least in my opinion)? Verifying authenticity of mail on transport stage (SMTP), instead of doing this on the final stage when the mail is actually read (which S/MIME provides) is at least a misconception, in my opinion. You cannot actually verify authenticity of any communication if you aren't doing this end-to-end. -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
