So basically, Google is "adding" a blue checkmark to show more prominently that they're implementing dmarc if you pay them?
Not sure what that's supposed to mean for users. Should they believe that Google doesn't implement dmarc for other mails? That this problem wasn't solved decades ago?
I'm pretty sure Google had been dropping unsigned mails for a while now. This sounds more like a security theatre set up to milk a few pennies from commercial email senders.
Under the BIMI scheme you don't pay Google, but a Certification Authority (only Digicert and Entrust for now) to get a certificate for your company logo, so that Google and other mail providers will display your company logo.
> Under the BIMI scheme you don't pay Google, but a Certification Authority
Thanks for the information. So, if I get it right, the blue checkmark is simply a way to say that Google performed adequate checks?
Why not simply display the logo only for BIMI-certified emails, and drop the checkmark? Or drop any email whose logo isn't certified, as it happens for mails without dkim?
It feels weird that Chrome is dropping the padlock as a marker for https because they believe people confuse it to mean the site is trusted, and at the same time google introduces a checkmark that, inevitably, some people will interpret as a sign that the sender can be trusted.
Another issue, is that logos are much more volatile than domain names, and I don't see a good way to prevent scammers to bimi-register visually confusing logos. So I don't think it's a good idea to emphasize logos to users as a mark of trust in emails.
>Thanks for the information. So, if I get it right, the blue checkmark is simply a way to say that Google performed adequate checks? Why not simply display the logo only for BIMI-certified emails, and drop the checkmark?
Yeah the checkmark is a Google idea, the BIMI standard is only about verifying the logo.
> Another issue, is that logos are much more volatile than domain names, and I don't see a good way to prevent scammers to bimi-register visually confusing logos. So I don't think it's a good idea to emphasize logos to users as a mark of trust in emails.
Well in theory the CA will manually verify that the logo submitted by the company is visually matching a registered trademark by the same company. That's the reason why a VMC certificate is so expensive. But let's see how it goes about that.
I am struggling a bit to find information about BIMI that isn't some marketing crap. But from what I can tell most major email providers (except Microsoft for some reason) are on board.
But are other providers adding this checkmark? I am curious why they seem to have chosen the same style as Twitter given the complete lack of trust that has eroded with that, so if others are going to use this checkmark was this an agreed to style or did Google just choose this?
I guess I can kinda see the value of this, especially since I could see telling my parents that unless it has this checkmark don't trust it for anything serious. But that only works if this is something that they all agreed to do across the board regardless of what platform you are using to read your email.
> in Gmail’s mobile apps
Looks like this is about Google’s Gmail app and not iOS or Android system wide. Based on the title I initially thought it is the latter.
So, let me get this right, Let's Encrypt begins to show how great certs can be even if/when they are not sourced from big centralized monstrous for-profits (and how they really don't deserve to get so much $$$ for stuff that costs them little to nothing to generate)...and so, other big players like Google get in cahoots with digitcert to establish a pay-for-play-only sort of approach that keeps the big powers with ever grater control over key aspects of the internet - in this cause supposedly improved verif. for emails? Hmmm...color me skeptical, but couldn't a similar verif. approach been established which while not totally free, at least does not further entrench the big internet powers-that-be? Forgive me if i sound excessively negative, but my trust in such big entities that control or heavily influence portions of the internet, is eroding faster and faster with each passing day...and/or i guess i woke up on the wrong side of the bed today? ;-)