The standard appears to provide no protection whatsoever, but the specific implementation announced by Google relies on CAs to "authenticate" the domains' logo. Seems like there should be a standard for that, too.
Matt On 7/22/20 9:17 PM, Ted Hatfield via mailop wrote: > > > On Wed, 22 Jul 2020, Marcel Becker via mailop wrote: >> On Wed, Jul 22, 2020 at 5:27 PM Ted Hatfield <t...@io-tx.com> wrote: >> >> Maybe this is a stupid question but >> >> >> Excuse me, but: Re-read the Google announcement and https://bimigroup.org ;-) >> >> >> >> >> >> > > > I read the page at https://bimigroup.org/ > > The first statement to come up is: > > > What is BIMI? > > Brand Indicators for Message Identification or BIMI (pronounced: Bih-mee) > is an emerging email specification that enables the use of brand-controlled > logos within supporting email clients. BIMI > leverages the > work an organization has put into deploying DMARC protection, by bringing > brand logos to the customers inbox. For the brands logo to be displayed, > the email must pass DMARC authentication checks, ensuring that the > organizations domain has not been impersonated. > > > How does enabling bimi keep someone from publishing their own dmarc, spf, and > dkim records and still impersonating your > brand image? > > Isn't it just a little disingenuous to promote this as a anti-phishing scheme > when all it does it add brand and logo > marketing to a person's email. > > > Ted > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
