Hi Tim
On Thu, Jan 11, 2024 at 05:02:01PM -0600, Tim Starr via mailop wrote:
> The image has to be specified in the DNS, and it has to be certified w/ a
> VMC. The VMC certification process includes checking if it's trademarked.
That's why the process started with: get a trademark. Also such a
> Then the recipient can choose to use a MUA that supports avatars (of course,
> there should always be the possibility to turn them off in configuration -
> which also solves the issue of tracking; if someone doesn't want to be
> tracked, he/she can turn the avatar support off in options, and
> I find that helpful too.
Good to hear I'm not alone haha
> Will your eMail client have a free edition option?
Afraid not. Will be starting an email host in the future and this will be the
webmail + mobile apps, it would access the host though an api so won't be
compatible with other hosts
> It can be useful to show X-Face or Gravatar from certain mails, such as
> those coming from a (trusted) forum (hint to Louis: it may be useful to
> be able to configure the images to show for specific senders)
Will be implementing something like this later on, probably for workplace
platforms.
Hey all,
> I might have missed something, but wouldn't that be a phisher's wet dream?
It depends on the implementation really. A lot of parallels can be drawn to
things email clients and other platforms have been doing for years. Email
clients have already been using Gravatar, and on almost
On Thu, Jan 11, 2024 at 5:14 PM Jay Hennigan via mailop
wrote:
> Attempting to legally prevent MUA developers from displaying logos
> competing with BIMI's
> approved logos, likewise.
>
Nobody is doing or expecting this.
___
mailop mailing list
On 1/11/24 15:27, Jaroslaw Rafa via mailop wrote:
As I wrote previously, the only method to prevent this is a (totally
unrealistic) *legal prohibition* for MUA developers to display any other
images than certified BIMI logos. Not possible.
Wasn't there an idea similar to BIMI a while back
Dnia 11.01.2024 o godz. 17:02:01 Tim Starr via mailop pisze:
> The image has to be specified in the DNS, and it has to be certified w/ a
> VMC. The VMC certification process includes checking if it's trademarked.
> So, in order for a trusted brand's BIMI logo to get spoofed, the email
> would have
The image has to be specified in the DNS, and it has to be certified w/ a
VMC. The VMC certification process includes checking if it's trademarked.
So, in order for a trusted brand's BIMI logo to get spoofed, the email
would have to be DMARC-authenticated and the logo specified in the DNS
would be
On 2024-01-11 at 17:43 +0100, Jaroslaw Rafa wrote:
> And it's clearly visible from the Laurent's mail that if MUAs will display
> the unverified BIMI logos (and what would prohibit them from that?) the
> "authentication" factor can be even weaker than with no avatars at all -
> because user who is
On Thu, Jan 11, 2024 at 01:45:19PM -0600, Tim Starr via mailop wrote:
> To elaborate on Marcel's answer, so he doesn't have to waste time
> explaining it all over again, the "different logo" won't be displayed by
> the mailbox providers, because it's not the authenticated one.
What prohibits them
> To elaborate on Marcel's answer, so he doesn't have to waste time
> explaining it all over again, the "different logo" won't be displayed by
> the mailbox providers, because it's not the authenticated one.
You're right -- I was in error on that because I forgot about that
point.
Thanks, we were able to resolve the issue.
Is there anyone here from Mediacom? We are seeing similar issue with their
domains.
From: mailop On Behalf Of Tarun Singh via mailop
Sent: Wednesday, January 10, 2024 12:11 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Contact for TWC
To elaborate on Marcel's answer, so he doesn't have to waste time
explaining it all over again, the "different logo" won't be displayed by
the mailbox providers, because it's not the authenticated one.
-Tim
On Thu, Jan 11, 2024 at 1:11 PM Marcel Becker via mailop
wrote:
> On Thu, Jan 11, 2024
They can already rip people off, w/out BIMI. BIMI limits their ability to
do so in two ways:
1) It raises the cost, because BIMI setup costs more.
2) It makes it harder for scammers to impersonate trusted brands.
-Tim
On Thu, Jan 11, 2024 at 12:58 PM Randolf Richardson, Postmaster via mailop <
> On Thu, Jan 11, 2024 at 10:58AM Randolf Richardson, Postmaster via mailop <
> mailop@mailop.org> wrote:
>
> >
> > They could
> > easily afford set up a company, get a Trademark, and then use a
> > different logo image when sending their junk eMails.
> >
>
> No, that's not how VMCs and BIMI
Randolf Richardson, Postmaster via mailop skrev den 2024-01-11 19:52:
I might have missed something, but wouldn't that be a phisher's wet
dream?
Indeed, and because the BIMI record references a URI to load the
logo from, so the scammers (spammers, phishers, malware/virus
distributors,
On Thu, Jan 11, 2024 at 10:58 AM Randolf Richardson, Postmaster via mailop <
mailop@mailop.org> wrote:
>
> They could
> easily afford set up a company, get a Trademark, and then use a
> different logo image when sending their junk eMails.
>
No, that's not how VMCs and BIMI set ups at
> I might have missed something, but wouldn't that be a phisher's wet dream?
Indeed, and because the BIMI record references a URI to load the
logo from, so the scammers (spammers, phishers, malware/virus
distributors, etc.) could simply specify a different logo file with a
recognized
You seem to be taking a religious position based on your perception of
"need." If this feature is un-needed, why did Google and Yahoo do it? They
think their users want it, that's why they spent time building this feature
into their UIs, and why they keep it there. Among other things, it serves
as
Adding to Udeme's comment. There could be other criteria the MBP could use to
determine if the message should display BIMI-associated imagery. This could be
domain reputation, spaminess, manual validation, and so on. Just because a
domain says it wants to use the Paypal logo doesn't mean it
Dnia 11.01.2024 o godz. 14:34:16 Laurent S. via mailop pisze:
> The trademark verification is only for those that pay for it. Nothing
> forbids a MUA from displaying an unverified BIMI. Most are luckily not
> doing it (yet), I just want to warn that if this becomes common, it will
> be abused
On 2024-01-10 at 20:38 +, Gellner, Oliver wrote:
> > Its also may be yet another reader-engagement tracker. Why do those
> > things always have to be out of band.
>
> Well, there’s no automated way to connect a logo to a domain. The
> BIMI group has decided to build upon the work of trademark
Greetings.
What I believe will happen is most non-big mail client apps will support
BIMI if they support avatars, otherwise, they won't, cause the arguments
on the receiver side are the same for both features.
I don't buy the "promoting authentication" argument. There would be a
marginal
FWIW we went through the trademark process for our logo.
It was time-consuming, but straightforward and not expensive.
We've deployed BIMI, but with a= as the SSL certificates are still quite
expensive; Digicert's BIMI certificate is half-again as much as their EV
certificate.
If Digicert et.
On 11.01.24 14:59, Udeme via mailop wrote:
> There’s a trademark ownership vetting item that’s part of BIMI implementation.
> Not just *anyone* can get past that. #wink
>
The trademark verification is only for those that pay for it. Nothing
forbids a MUA from displaying an unverified BIMI. Most
There’s a trademark ownership vetting item that’s part of BIMI
implementation. Not just *anyone* can get past that. #wink
-Udeme
On Thu, Jan 11, 2024 at 5:36 AM Laurent S. via mailop
wrote:
> I might have missed something, but wouldn't that be a phisher's wet dream?
>
> Most spammers know very
I'm back, and I want people to play nicely.
Whilst differences of opinion are fine, this thread (as it did in 2020) is
rapidly veering very close the line of acceptability.
Remember, please, that whilst we have a mix of members from single users
running their own system, thru enthusiasts
Dnia 10.01.2024 o godz. 14:05:26 Marcel Becker via mailop pisze:
>
> https://bimigroup.org/mailbox-providers/
Marketing blah-blah only. No actual explanation.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a
Dnia 10.01.2024 o godz. 22:57:21 Louis Laureys via mailop pisze:
> Just wanted to add that I actually like it for visual clarity. Though I would
> have liked a more general avatar implementation not geared towards businesses.
If someone, *as a recipient*, likes having avatars next to email, I
On 10/01/2024 19:18, Jaroslaw Rafa via mailop wrote:
As the OP has written, the only ones that may be interested in this may be
marketers. Nobody else needs any logos, avatars etc. displayed alongside the
email headers.
That is certainly an overly bold claim. For a lot of people it makes
I might have missed something, but wouldn't that be a phisher's wet dream?
Most spammers know very well how to do a mail with valid DMARC. So, now
they only need to send a valid mail from any throw away cheap domain and
in their BIMI add the logo of paypal?
I understand it's not great to have
> > We decided to keep this because I read that some webmail clients are
> > planning to support BIMI without checking for certificates, or,
> > perhaps, also displaying a little lock icon in the corner of the
> > sender's BIMI-style logo image where certification is verified.
>
> This is exactly
> > Simply, nobody needs this.
>
> I've been building an email client and actually do fetch avatars and logos to
> be
> displayed next to emails. I find it helps me visually identify emails easier,
> it's a lot less taxing on the brain than reading sender names or addresses. Of
> course in my
34 matches
Mail list logo