> On Dec 13, 2017, at 3:38 AM, Jonathan Sélea <[email protected]> wrote:
>
> Recently stumpled upon BIMI;
>
> https://authindicators.github.io/rfc-brand-indicators-for-message-identification/#rfc.section.3
>
> What is your view on it? I think that BIMI is more a cosmetic thing rather
> than something that prevent spoofing.
>
> Is there any plans to implement support for it in postfix?
BIMI is a bad idea. Any icons for origin domains should be
selected by the receiving user, and then ongoing authenticated
messages from the same domain will get the user's selected
icon. A suggested icon could be included in the message
by the sending MUA.
Having MTAs making trust judgements on user-interface security
signals is poor design.
--
Viktor.
