On Tue, Dec 10, 2019 at 2:36 PM John Levine <jo...@taugh.com> wrote: > In article < > caba8r6th5dgkknxgbzrchkhafg93ihhsanz6dmphi2vfjzb...@mail.gmail.com> you > write: > >I'm not sure it about the "can't scale" thing, probably the most similar > is > >EV certificates... without quite as much security theater. That was > >certainly available to anyone with the money, looks like $1k year. Is > that > >too much? > > Honestly, that sounds pretty close to a shakedown. Nice little Etsy > store you have there, too bad if anything should happen to the > receipts you mail. >
I mean, that's at least a bit of a stretch. And they're probably using a gmail.com account anyways. Were BIMI to become popular, people will assume that only commercial > mail with a logo is good, and without a logo is bad, no matter how > much you tell people it's voluntary and non-BIMI mail is the same as > always. You surely remember when people were saying that web sites > with a lock icon were good in a much stronger sense than that the site > and the domain match. Or look at the ongoing .org mess and last week's > NY Times op-ed by a professor at Stanford, of all places, shocked to > discover that there are .org's that aren't non-profits. (Well, yeah, > about 95% of them.) > > If you go past the tiny fraction of businesses that have registered > trademarks, which also costs at least $1000, figuring out whether a > logo legitimately belongs to someone is really hard. It's > particularly hard at the low end where the business is likely to be a > proprietorship or LLC without a lot of online records. For example, > to find the registration for my IECC or Network Abuse Clearinghouse > aka abuse.net, you have to visit the courthouse in Ithaca NY. I can > send you a PDF of my registration, but how do you know it's real? How > do you even know what a New York DBA form is supposed to look like? > > I'm not saying this is impossible, but it's hard and not cheap. If > there isn't a plausible path for small mailers, it's hard to see how > it's not an anti-competitive big boys' club. > I guess it depends on how small. It's also that it's kind of self limiting, in the sense that if it's expensive enough that only few do it, then it doesn't have the same perceived bad effects like it would if 99% of mail had it. The overall request for it probably has to do with the perception that email is competing these days with other messaging products which are almost entirely proprietary. If I'm contacted by a vendor on FB/Twitter/Messenger/Instagram/whatever, it will be branded... and email looks outdated. I realize that doesn't mean much to those responding on the plain text thread, but the results for email consumer surveys are kind of shocking (hint: they view their email box about the same way they view their physical mailbox, a dumping ground for promotions and bills/receipts... actual quote from a co-worker: You use email outside of work?) OTOH, those platforms all have to spend a lot of effort on monitoring fake accounts and scams, so maybe the assumption that we need to solve that problem with certification is wrong... of course, trying to add verification to a standard after the fact is something that we may be more careful of given that we work with email. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
