+1 On Wed, Jan 10, 2024 at 6:14 PM Louis Laureys via mailop <[email protected]> wrote:
> We decided to keep this because I read that some webmail clients are > planning to support BIMI without checking for certificates, or, > perhaps, also displaying a little lock icon in the corner of the > sender's BIMI-style logo image where certification is verified. > > This is exactly what I have in mind for my client, thanks for publishing > your logo in an easily accessible and standard way :) > > Groetjes, > Louis > > > Op woensdag 10 januari 2024 om 21:58, schreef Randolf Richardson, > Postmaster via mailop <[email protected]>: > > We looked into it and publish our own default BIMI record even > though we didn't pay the enormous amount money required to one of two > Certificate Authorities. > > If anyone is curious to see what the record looks, use this command: > > dig txt default._bimi.inter-corporate.com > > The results should include: > > ;; ANSWER SECTION: > default._bimi.inter-corporate.com. 3600 IN TXT > "v=BIMI1; l=https://www.inter-corporate.com/images/logo60bimi-iccns.svg; > a=;" > > It basically just links to an SVG version of the logo from our main > web site (which is also in the same DNS zone). > > Note: The "a=" portion normally includes a URI to what's called the > "VMC/Assertion record" in the form of a typical .pem file. Ours is > blank because we don't have the needed file for this. > > We decided to keep this because I read that some webmail clients are > planning to support BIMI without checking for certificates, or, > perhaps, also displaying a little lock icon in the corner of the > sender's BIMI-style logo image where certification is verified. > > The BIMI Group provides an online checking tool that displays our > logo (just search for "inter-corporate.com" to see ours): > > BIMI LookUp & Generator :: Check compliance w/ BIMI standards > https://www.bimigroup.org/bimi-generator/ > > Our logo is shown near the end of the report, and for ours there's > an indication that we comply, but there's also this warning: > > "Note: While your BIMI record is compliant, it doesn't include a > Verified Mark Certificate that may be required by some mailbox > providers." > > What's missing from BIMI in its current form? The option for mail > server oparators to use the same TLS certificates that we're already > using for our mail servers (and web servers, and FTP servers, etc.). > > It makes less sense to me to involve a different CA just for one > tiny little image because then that's more technology that has to be > administered, managed, troubleshooted, implemented, etc., and paid > for separately. For eMail systems that host mlutiple domains and > clients, BIMI is not an attractive option in its current state. > > If BIMI is to be taken as an open standard, then it needs to embrace > openness so that the TLS certificates issued by all CAs (including > commercial and free CAs {e.g., Let's Encrypt}) can contribute to BIMI > gaining wider adoption. > > The "must be a Registered Trademark" requirement is too expensive > for a lot of small businesses. A copyrighted logo is already > sufficient to provide legal protections in many scenarios (depending > on jurisdiction, etc.), so the bar is too high as it is -- DMCA > violation notices should be taken seriously regardless of whether the > intellectual property (such as an organization's logo) is protected > under copyright, servicemark, or trademark property mechanisms. > > Another problem with limiting the scope of intellectual property > protection to a Registered Trademark is that trademark applications > can also be rejected even though a logo is already copyrighted, and > the reasons can vary based on a variety of factors, including > different jurisdictional regulations, local and/or national laws that > limit free expression, cultural sensitivity policies, delays due to > fraudulent disputes submitted by intellectual property trolls, etc. > > Also: How does BIMI intend to resolve valid Registered Trademarks > from two different countires that look almost the same? Is there a > mechanism that will only allow BIMI logos to be displayed in cerrtain > countries where said Registered Trademark is protected? Will there > be enforcement to make sure all vendors adhere to implementing BIMI > correctly in this manner? Or, if a Registered Trademark is only > registered in one country, will vendors still be able to display it > in other countries? Or will the source be the determining factor (in > which case, what reliable solution does BIMI propose for a company > using service provider in some other country to deliver their eMail)? > > Keeping things simpler, open, and lowering the bar to be more > inclusive are, in my opinion, some of the more important factors in > BIMI's future success. Otherwise, it just looks like an attempt to > make money (which is how at least some people who've looked into it > seem to perceive it at present). > > (If BIMI doesn't lower the bar, then perhaps someone will be > motivated to create an alternative standard that is simpler, open, > and more inclusive.) > > > Hi mailops, > > > > I am new here because I want to collect some opinion. > > > > Many bigger mailers are blogging about BIMI. > > As far as I see its exclusively for brands. > > It has 2 big barriers for entry: > > - Expensive bespoke cert oids > > - Registered trademark logos > > > > As from my perspective of independent mailing between humans: I fear > this might be not just a carrot for doing DMARC, but also making > independent mailers less credible in the UX of mainstream mailer users. > > > > Do you have input on how non-marketing mailers deal with this? > > Because obviously its for brand-logos, as in marketing mails. Not for > user 2 user. > > How will common platforms show user2user? > > Will they use platform logos? No logos? > > > > It seems infeasible to do the logo-ing per user. > > > > Can we influence the mailing world to use the standard differently? > > Like accepting BIMI logos only depending on valid bog standard cert and > DMARC, boycotting the moneygrab scheme? > > > > Its also may be yet another reader-engagement tracker. Why do those > things always have to be out of band. > > > > I wish y'all a happy new year and good mailing weathers! > > > > Olga > > _______________________________________________ > > mailop mailing list > > [email protected] > > https://list.mailop.org/listinfo/mailop > > -- > Postmaster - [email protected] > Randolf Richardson, CNA - [email protected] > Inter-Corporate Computer & Network Services, Inc. > Vancouver, British Columbia, Canada > https://www.inter-corporate.com/ > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
