> We decided to keep this because I read that some webmail clients are
> planning to support BIMI without checking for certificates, or,
> perhaps, also displaying a little lock icon in the corner of the
> sender's BIMI-style logo image where certification is verified.
This is exactly what I have in mind for my client, thanks for publishing your
logo in an easily accessible and standard way :)
Groetjes,
Louis
Op woensdag 10 januari 2024 om 21:58, schreef Randolf Richardson, Postmaster via
mailop <mailop@mailop.org>:
> We looked into it and publish our own default BIMI record even
> though we didn't pay the enormous amount money required to one of two
> Certificate Authorities.
>
> If anyone is curious to see what the record looks, use this command:
>
> dig txt default._bimi.inter-corporate.com
>
> The results should include:
>
> ;; ANSWER SECTION:
> default._bimi.inter-corporate.com. 3600 IN TXT
> "v=BIMI1; l=https://www.inter-corporate.com/images/logo60bimi-iccns.svg
> [https://www.inter-corporate.com/images/logo60bimi-iccns.svg]; a=;"
>
> It basically just links to an SVG version of the logo from our main
> web site (which is also in the same DNS zone).
>
> Note: The "a=" portion normally includes a URI to what's called the
> "VMC/Assertion record" in the form of a typical .pem file. Ours is
> blank because we don't have the needed file for this.
>
> We decided to keep this because I read that some webmail clients are
> planning to support BIMI without checking for certificates, or,
> perhaps, also displaying a little lock icon in the corner of the
> sender's BIMI-style logo image where certification is verified.
>
> The BIMI Group provides an online checking tool that displays our
> logo (just search for "inter-corporate.com" to see ours):
>
> BIMI LookUp & Generator :: Check compliance w/ BIMI standards
> https://www.bimigroup.org/bimi-generator/
> [https://www.bimigroup.org/bimi-generator/]
>
> Our logo is shown near the end of the report, and for ours there's
> an indication that we comply, but there's also this warning:
>
> "Note: While your BIMI record is compliant, it doesn't include a
> Verified Mark Certificate that may be required by some mailbox
> providers."
>
> What's missing from BIMI in its current form? The option for mail
> server oparators to use the same TLS certificates that we're already
> using for our mail servers (and web servers, and FTP servers, etc.).
>
> It makes less sense to me to involve a different CA just for one
> tiny little image because then that's more technology that has to be
> administered, managed, troubleshooted, implemented, etc., and paid
> for separately. For eMail systems that host mlutiple domains and
> clients, BIMI is not an attractive option in its current state.
>
> If BIMI is to be taken as an open standard, then it needs to embrace
> openness so that the TLS certificates issued by all CAs (including
> commercial and free CAs {e.g., Let's Encrypt}) can contribute to BIMI
> gaining wider adoption.
>
> The "must be a Registered Trademark" requirement is too expensive
> for a lot of small businesses. A copyrighted logo is already
> sufficient to provide legal protections in many scenarios (depending
> on jurisdiction, etc.), so the bar is too high as it is -- DMCA
> violation notices should be taken seriously regardless of whether the
> intellectual property (such as an organization's logo) is protected
> under copyright, servicemark, or trademark property mechanisms.
>
> Another problem with limiting the scope of intellectual property
> protection to a Registered Trademark is that trademark applications
> can also be rejected even though a logo is already copyrighted, and
> the reasons can vary based on a variety of factors, including
> different jurisdictional regulations, local and/or national laws that
> limit free expression, cultural sensitivity policies, delays due to
> fraudulent disputes submitted by intellectual property trolls, etc.
>
> Also: How does BIMI intend to resolve valid Registered Trademarks
> from two different countires that look almost the same? Is there a
> mechanism that will only allow BIMI logos to be displayed in cerrtain
> countries where said Registered Trademark is protected? Will there
> be enforcement to make sure all vendors adhere to implementing BIMI
> correctly in this manner? Or, if a Registered Trademark is only
> registered in one country, will vendors still be able to display it
> in other countries? Or will the source be the determining factor (in
> which case, what reliable solution does BIMI propose for a company
> using service provider in some other country to deliver their eMail)?
>
> Keeping things simpler, open, and lowering the bar to be more
> inclusive are, in my opinion, some of the more important factors in
> BIMI's future success. Otherwise, it just looks like an attempt to
> make money (which is how at least some people who've looked into it
> seem to perceive it at present).
>
> (If BIMI doesn't lower the bar, then perhaps someone will be
> motivated to create an alternative standard that is simpler, open,
> and more inclusive.)
>
> > Hi mailops,
> >
> > I am new here because I want to collect some opinion.
> >
> > Many bigger mailers are blogging about BIMI.
> > As far as I see its exclusively for brands.
> > It has 2 big barriers for entry:
> > - Expensive bespoke cert oids
> > - Registered trademark logos
> >
> > As from my perspective of independent mailing between humans: I fear this
> might be not just a carrot for doing DMARC, but also making independent
> mailers less credible in the UX of mainstream mailer users.
> >
> > Do you have input on how non-marketing mailers deal with this?
> > Because obviously its for brand-logos, as in marketing mails. Not for user 2
> user.
> > How will common platforms show user2user?
> > Will they use platform logos? No logos?
> >
> > It seems infeasible to do the logo-ing per user.
> >
> > Can we influence the mailing world to use the standard differently?
> > Like accepting BIMI logos only depending on valid bog standard cert and
> DMARC, boycotting the moneygrab scheme?
> >
> > Its also may be yet another reader-engagement tracker. Why do those things
> always have to be out of band.
> >
> > I wish y'all a happy new year and good mailing weathers!
> >
> > Olga
> > _______________________________________________
> > mailop mailing list
> > mailop@mailop.org [mailop@mailop.org]
> > https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]
>
> --
> Postmaster - postmas...@inter-corporate.com [postmas...@inter-corporate.com]
> Randolf Richardson, CNA - rand...@inter-corporate.com
> [rand...@inter-corporate.com]
> Inter-Corporate Computer & Network Services, Inc.
> Vancouver, British Columbia, Canada
> https://www.inter-corporate.com/ [https://www.inter-corporate.com/]
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org [mailop@mailop.org]
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
