Adding to Udeme's comment. There could be other criteria the MBP could use to determine if the message should display BIMI-associated imagery. This could be domain reputation, spaminess, manual validation, and so on. Just because a domain says it wants to use the Paypal logo doesn't mean it will automatically happen, even if they are actually Paypal.
I'm not sure we should try to cover the case where the MUA does something outside of spec and/or recommended practices. Slippery slope and all that. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > -----Original Message----- > From: mailop <mailop-boun...@mailop.org> On Behalf Of Laurent S. via mailop > Sent: Thursday, January 11, 2024 9:34 AM > To: mailop@mailop.org > Subject: [EXTERNAL] Re: [mailop] BIMI boycott? Lookup tool, why we publish > BIMI anyway, and intellectual property law considerations > > On 11.01.24 14:59, Udeme via mailop wrote: > > There’s a trademark ownership vetting item that’s part of BIMI > > implementation. > > Not just *anyone* can get past that. #wink > > > > The trademark verification is only for those that pay for it. Nothing forbids > a MUA > from displaying an unverified BIMI. Most are luckily not doing it (yet), I > just want > to warn that if this becomes common, it will be abused for sure. I don't > think that > the regular user will check if the little extra lock is there on the icon. > They'll see a > version of the paypal logo on the phish and have an extra feeling of safety. > > Best, > Laurent > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!CQl3mcH > X2A!AlCoE6X5OSgmkeerA4AeCyCJjGJBF4- > 2cJsrAnATCK1y6uqMECI5MpRlPlonIaxicOQK-EIw2c2PfKqxHSY$ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
