On Jan 12, 2024, at 3:52 PM, Jaroslaw Rafa via mailop <[email protected]> wrote:
> As I have shown above, for BIMI to be useful, it *has* to be the *only* > specification for having such logos appear, and no other options could be > possible. Yes, this is exactly right. If an MUA displays a "sender's logo" like this, it's a signal that "a human being has checked this out, and is reasonably confident that this logo accurately represents the true sender". Recipients can then (optionally) use that logo to help them decide "this message really is from my bank" -- or more to the point, to decide they should be suspicious of a later message "from the bank" that does not display this logo. If an MUA also displays any sender-controlled logos that have not been human-verified as part of this process, it defeats the purpose, because malicious senders would then be able to use the bank's logo. I hope nobody creates MUA features that show non-BIMI logos in the same space as BIMI logos (or that make it difficult for users to notice the difference, such as a tiny padlock superimposed on it sometimes). If MUA authors think BIMI is pointless, or that users shouldn't be trusting logos to make security decisions, that's fine -- but then they should not implement BIMI or display "sender logos" outside the message's content area at all. I want to be able to tell my 91-year-old wife's uncle that "if you get a message from Bank of America and it doesn't have that logo to the left of the sender's name, call me before you do anything". -- Robert L Mathews
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
