Conversation
BIMI/VMC is such a hilariously grifty attempt by commercial CAs to reclaw at least *some* of the income lost to LetsEncrypt.

Don't do it.

(If you don't know what BIMI is, it's a scheme to show corp logos for emails in your inbox. See:
https://support.google.com/a/answer/10911320?hl=en)
1
1
1

@monsieuricon You _can_ do BIMI without the "Verified Mark Certificate" crap. The official website writes "Some mailbox providers may require senders to obtain a verified mark certificate (VMC)." Which mailbox providers require them? I have no idea.
I somehow thought to remember brands wold need to have DNSSEC for BIMI, that wold be awesome for pushing deployment.

I'm personally not really interested in BIMI, but the picture is not as clear I believe.

https://bimigroup.org/faqs-for-senders-esps/

1
0
0
@mynacol It seems that almost nobody actually implements the BIMI part without the VMC part? At least not outlook nor gmail, which covers the vast majority of recipients.
1
0
0

@monsieuricon Fair enough. Gmail seems to require VMC. But through my cursory search I thought Outlook doesn't support BIMI at all currently (except for one marketing sending service)?

BIMI is theoretically a good idea. Pushing DMARC adoption, thus decreasing spoofing possibilities. Adding some icons is also useful for most people.

VMC is garbage of course.

0
0
0