Re: [Bimi] (non)desire for bimi
Richard Clayton <richard@highwayman.com> Thu, 14 February 2019 18:52 UTC
Return-Path: <richard@highwayman.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A2E12DDA3 for <bimi@ietfa.amsl.com>; Thu, 14 Feb 2019 10:52:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8-6Dr8yo234 for <bimi@ietfa.amsl.com>; Thu, 14 Feb 2019 10:52:16 -0800 (PST)
Received: from mail.highwayman.com (happyday.demon.co.uk [80.177.121.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D74B71289FA for <bimi@ietf.org>; Thu, 14 Feb 2019 10:52:15 -0800 (PST)
Received: from localhost ([127.0.0.1]:36618 helo=happyday.al.cl.cam.ac.uk) by mail.highwayman.com with esmtp (Exim 4.91) (envelope-from <richard@highwayman.com>) id 1guM7K-0006Sr-65 for bimi@ietf.org; Thu, 14 Feb 2019 18:52:14 +0000
Message-ID: <E9NipkB8hbZcFAhy@highwayman.com>
Date: Thu, 14 Feb 2019 18:50:36 +0000
To: "bimi@ietf.org" <bimi@ietf.org>
From: Richard Clayton <richard@highwayman.com>
References: <20190214175243.950C2200E509D1@ary.qy> <aac6ca77-a8f7-7628-fc0d-18ab616659f2@dcrocker.net> <BL0PR11MB3107E380194F10A297485BBCA9670@BL0PR11MB3107.namprd11.prod.outlook.com>
In-Reply-To: <BL0PR11MB3107E380194F10A297485BBCA9670@BL0PR11MB3107.namprd11.prod.outlook.com>
MIME-Version: 1.0
X-Mailer: Turnpike Integrated Version 5.03 M <kN1$+jWI77$h+OKL79e+dC6FuA>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/i99AWwW-8hAB3QovNBxS9vU5amQ>
Subject: Re: [Bimi] (non)desire for bimi
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 18:52:18 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <BL0PR11MB3107E380194F10A297485BBCA9670@BL0PR11MB3107.namprd1 1.prod.outlook.com>, Terry Zink <tzink=40terryzink.com@dmarc.ietf.org> writes > That heavily depends upon implementation. A web bug, as I > understand it, helps to track user behavior - did the user open up > my mail? While I concede that BIMI could be used this way, it's not > a particularly effective way to do it. It would require setting up > a lot of DNS records, and then being able to stand up > infrastructure that can handle all those requests. ... and surely marketing people would never do that ?+ > Most large receives wouldn't serve up a BIMI logo from the actual > location pointed to by headers/DNS records each time they needed > it. Instead, they'd periodically poll the logos/certs they need, > upload them into a local database, and then pull from there. Please explain how they would "poll the certs they need" ? I understand that they might cache certificates that they had already fetched once, but that's not the same thing at all. How do they know what certificates they need a priori ? is it just for the brand owners who have sent them cheques to pay for the display of their logo ?? > So, as > a sender/brand, you might send out 100,000 messages to a single > receiver and intend to use BIMI to see how many people interacted > with the message. But in reality, you might see only 1 request - > the one where that receiver saw it needed your logo and then > downloaded it after verifying it. And then 30 days later, you saw > them download it again. the way you would get tracking (and of course mess up the caching behaviour by the mail receiver) would be to use a different (sub)domain for every email... ... so if you wish to forbid this (or make it expensive) you need language about wildcard certificates. Where do I find that in the spec? > So, while a web bug is a possible concern, a large receiver (and I > would think even a medium sized one) would have to make use of more > efficient architectural implementations to make the web bug > concerns a minor one on the list of things to worry about. the reverse -- without protocol restrictions the large receiver would be worried that their caching architecture was subject to attack - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBXGW4fDu8z1Kouez7EQL6iwCfWUNBwQvx20LG1lzQ4YDaHiEI7TYAmgJd wOsceIENtEVbG51TLit0kTod =2QC5 -----END PGP SIGNATURE-----
- [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi John Levine
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Richard Clayton
- Re: [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi A. Schulze
- Re: [Bimi] (non)desire for bimi Marcel Becker
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Marcel Becker
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Richard Clayton
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Stephen Farrell