> On 10.01.2024 at 21:59 Randolf Richardson, Postmaster via mailop
> wrote:
>
> > What's missing from BIMI in its current form? The option
> > for mail server oparators to use the same TLS certificates that
> > we're already using for our mail servers (and web servers,
> > and FTP servers,
On 10.01.2024 at 21:59 Randolf Richardson, Postmaster via mailop wrote:
> What's missing from BIMI in its current form? The option for mail server
> oparators to use the same TLS certificates that we're already using for our
> mail servers (and web servers, and FTP servers, etc.).
A server
Hey all,
> I might have missed something, but wouldn't that be a phisher's wet dream?
It depends on the implementation really. A lot of parallels can be drawn to
things email clients and other platforms have been doing for years. Email
clients have already been using Gravatar, and on almost
They can already rip people off, w/out BIMI. BIMI limits their ability to
do so in two ways:
1) It raises the cost, because BIMI setup costs more.
2) It makes it harder for scammers to impersonate trusted brands.
-Tim
On Thu, Jan 11, 2024 at 12:58 PM Randolf Richardson, Postmaster via mailop <
Randolf Richardson, Postmaster via mailop skrev den 2024-01-11 19:52:
I might have missed something, but wouldn't that be a phisher's wet
dream?
Indeed, and because the BIMI record references a URI to load the
logo from, so the scammers (spammers, phishers, malware/virus
distributors,
> I might have missed something, but wouldn't that be a phisher's wet dream?
Indeed, and because the BIMI record references a URI to load the
logo from, so the scammers (spammers, phishers, malware/virus
distributors, etc.) could simply specify a different logo file with a
recognized
Dnia 11.01.2024 o godz. 14:34:16 Laurent S. via mailop pisze:
> The trademark verification is only for those that pay for it. Nothing
> forbids a MUA from displaying an unverified BIMI. Most are luckily not
> doing it (yet), I just want to warn that if this becomes common, it will
> be abused
o: "mailop"
Sent: Thursday, January 11, 2024 9:34:16 AM
Subject: Re: [mailop] BIMI boycott? Lookup tool, why we publish BIMI anyway,
and intellectual property law considerations
On 11.01.24 14:59, Udeme via mailop wrote:
> There’s a trademark ownership vetting item that’s part of BIMI imp
On 11.01.24 14:59, Udeme via mailop wrote:
> There’s a trademark ownership vetting item that’s part of BIMI implementation.
> Not just *anyone* can get past that. #wink
>
The trademark verification is only for those that pay for it. Nothing
forbids a MUA from displaying an unverified BIMI. Most
There’s a trademark ownership vetting item that’s part of BIMI
implementation. Not just *anyone* can get past that. #wink
-Udeme
On Thu, Jan 11, 2024 at 5:36 AM Laurent S. via mailop
wrote:
> I might have missed something, but wouldn't that be a phisher's wet dream?
>
> Most spammers know very
I might have missed something, but wouldn't that be a phisher's wet dream?
Most spammers know very well how to do a mail with valid DMARC. So, now
they only need to send a valid mail from any throw away cheap domain and
in their BIMI add the logo of paypal?
I understand it's not great to have
> > We decided to keep this because I read that some webmail clients are
> > planning to support BIMI without checking for certificates, or,
> > perhaps, also displaying a little lock icon in the corner of the
> > sender's BIMI-style logo image where certification is verified.
>
> This is exactly
+1
On Wed, Jan 10, 2024 at 6:14 PM Louis Laureys via mailop
wrote:
> We decided to keep this because I read that some webmail clients are
> planning to support BIMI without checking for certificates, or,
> perhaps, also displaying a little lock icon in the corner of the
> sender's BIMI-style
> We decided to keep this because I read that some webmail clients are
> planning to support BIMI without checking for certificates, or,
> perhaps, also displaying a little lock icon in the corner of the
> sender's BIMI-style logo image where certification is verified.
This is exactly what I have
We looked into it and publish our own default BIMI record even
though we didn't pay the enormous amount money required to one of two
Certificate Authorities.
If anyone is curious to see what the record looks, use this command:
dig txt
15 matches
Mail list logo
