On Tue, Dec 10, 2019 at 3:48 AM Vittorio Bertola via mailop < mailop@mailop.org> wrote:
> > Il 06/12/2019 17:14 John Levine via mailop <mailop@mailop.org> ha > scritto: > > > > The BIMI group claims senders will have to validate their logos and > > get a certificate before recipient systems will display them. This > > always seemed to me the weakest part of the plan. It's easy enough to > > do for Paypal and a handful of big banks but not at scale since it's > > essentially doing trademark examination which is neither quick nor > > cheap. > > This is also one of the conceptual reasons against this idea: it is, by > design, a service that will only be available to a few big companies, and > thus it puts everyone else (starting from smaller/local players in the same > markets) at a disadvantage. This raises concerns both in antitrust terms > (especially if a few big email recipients became the gatekeepers on who can > or cannot get this feature, and even more if this involved the payment of > fees) and in architectural terms, as trends towards consolidation and > centralization of the Internet, which are fueled by protocols that are not > equally accessible to everyone, are of concern to many. > I'm not sure it about the "can't scale" thing, probably the most similar is EV certificates... without quite as much security theater. That was certainly available to anyone with the money, looks like $1k year. Is that too much? I'm sure some will say so, but for many companies that's nothing. Then again, I've seen people argue against paying $100 for an ssl cert... but at some point, things of value cost money. Maybe this isn't valuable enough for the cost, that's certainly possible. Receivers wise, this is better than what existed, which was basically receiver specific registration (ie, with Google it was having a G+ profile). Companies aren't likely to do that for more than the top N receivers. Clearly we should switch to X-Face instead. That would be an interesting problem, actually, when to trust an included profile image or a pointer to one... but somehow I don't think the smaller providers will have the resources to do that right either. Brandon to be fair, I haven't looked at any of the details of BIMI in years
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
