> On 6 Dec 2019, at 10:42, Vytis Marciulionis via mailop <mailop@mailop.org> > wrote: > > Hi, > I am not a part of the BIMI working group but, I think it is cool in it's own > way. So I will try to add my 2 cents. > > > - It is said to increase security for mailbox owners because seeing the > companies logo they now they can see the message really is from "brand.com > <http://brand.com/>". > I still doubt this will work, because I could easily create a logo that > looks similar to brand.com <http://brand.com/>, but use "brånd.com > <http://xn--brnd-roa.com/>" including valid > SPF/DKIM/DMARC which AFAIK are conditions that have to be meet in order to > display a BIMI logo. > > For the time being the requirement is to have p=quarantine or p=reject on > DMARC and a pass, also significant volume, engagement and reputation is > necessary for BIMI to appear. > Whereas it is indeed easy to authenticate your domains, spammers still don't > do that due to them constantly switching domains and it being time-consuming.
You have the amount of effort involved in correctly authenticating with DMARC backwards for spammers and real companies. It’s utterly trivial for a spammer to deploy DMARC authenticated email. They’ve been using disposable domains on disposable IPs for a long time. The process is automated to a very high degree and every spam message they send is fully DMARC aligned. The only change they need to make is to change their deployment scripts to publish one more DNS record. It’s trivial for a spammer to change domains and have those domains fully DMARC p=reject compliant. For real companies, they need to actually discover where all their mail is coming from and go through a process of making sure each of those message streams is authenticated. It can take months for even small senders with only a few mail pathways to implement DMARC. > Needless to say, building a reputation with certain providers is also not > something that spammers think of doing or, in most cases, are able to do. You’ve not actually ever talked to companies many here would call spammers, have you? Spammers think about reputation all the time and work very hard to try and build a good reputation. There have even been lawsuits detailing the behavior they go through to try and manipulate their reputation. Now, will spammers be able to take advantage of BIMI? That is currently unclear to me, but I’m sure they’re following the protocol development very closely and looking at how they can also have their mail display logos. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
