top | item 41699874

(no title)

ajonit | 1 year ago

Of course I understood your larger point on barriers to entry for a malicious actor.

If a thing like BIMI is not widespread, would it even help an average non-tech Joe who won’t even understand the reason behind that checkmark on a logo?

discuss

ocdtrekkie|1 year ago

It certainly can. Most people interact with the same organizations time and time again, so any visual indicator something is different can be useful. If you're used to seeing a bank logo on every email from your bank... and then you get an email without that logo... it's just one more visual indicator something is off, and it's more obvious than say... looking at the full email address behind the display name.

BIMI (and EV certs) should not be considered "for all organizations", but probably something worthwhile for organizations that transact in a lot of money and a lot of personal data.

ajonit|1 year ago

Now consider getting same visual indicators for ALL legit emails not just big companies. Which case would have a bigger recall value?

For a malicious actor spoofing a combo of SPF + DKIM + DMARC + BIMI won’t be a trivial job.