IETF Logo Mail Archive

Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

"Brotman, Alex" <Alex_Brotman@comcast.com> Mon, 18 July 2022 19:46 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F725C14F6E5; Mon, 18 Jul 2022 12:46:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ryPUaYI2N8Cy; Mon, 18 Jul 2022 12:46:10 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69692C15791D; Mon, 18 Jul 2022 12:46:10 -0700 (PDT)
Received: from pps.filterd (m0156891.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26IJA4L9028671; Mon, 18 Jul 2022 15:46:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=20190412; bh=iAI+w1nwwfxTZbpZlQTszUda36Y99oxdmM+X8F+Q/+g=; b=xojp2sjwD5XFuneyrhTWThBbogrhDawq2XQ/CQXRFz1kjA6NYYav6u7LtygFymYfOZaw ku0LvijiP+mhYqZ1o8Ju7JfZ65U8/C8Rx+OXwjHOtk/Go83bYdY9W9o+YgiRxOveqqIX oRceWQZFT4rmCmGp9EpNW1Lqb9xQ6zmTP/+lrrQkRlqYS/tO66bXjhY/OAqkP+YvXJPV ke+G/DRMwMdlQ863Npoo9NPG8u5pSH2x7aQSz6zJzPEHe2AgDzSX5SfJxjF0czCYNb2A y7WCPNioXSDX8BS8VURDO16K5IHt1sW5WROBZpntGjTL2t5bXJ73MvseX+EkHERxm2S7 YQ==
Received: from copdcexop05.cable.comcast.com (dlppfpt-as-1p.slb.comcast.com [96.99.226.135]) by mx0a-00143702.pphosted.com (PPS) with ESMTPS id 3hdd0g0gk0-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 18 Jul 2022 15:46:09 -0400
Received: from COPDCEXOP02.cable.comcast.com (147.191.124.157) by COPDCEXOP05.cable.comcast.com (147.191.124.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.7; Mon, 18 Jul 2022 12:45:49 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by COPDCEXOP02.cable.comcast.com (147.191.124.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1118.7 via Frontend Transport; Mon, 18 Jul 2022 12:45:49 -0700
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.172) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1497.36; Mon, 18 Jul 2022 13:45:49 -0600
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by SN6PR11MB2736.namprd11.prod.outlook.com (2603:10b6:805:5a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.14; Mon, 18 Jul 2022 19:45:39 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::c407:ec04:b495:6ea3]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::c407:ec04:b495:6ea3%6]) with mapi id 15.20.5438.023; Mon, 18 Jul 2022 19:45:38 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: Ken O'Driscoll <ken=40wemonitoremail.com@dmarc.ietf.org>, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
CC: "bimi@ietf.org" <bimi@ietf.org>
Thread-Topic: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
Thread-Index: AQHYecV2TEVhaQqTsUiVXTMz0mrfqa1/muGAgATOL4CAACTXkP//oDIAgABmu+D//58KgIAAex2AgAAUofyAAAZcAA==
Date: Mon, 18 Jul 2022 19:45:38 +0000
Message-ID: <MN2PR11MB4351F9F23857FFF274583B9BF78C9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <DE61AC51-4BC3-44FF-862D-7D8ADFB3BC29@proofpoint.com> <20CBD506-7E50-4161-ADE6-64614630B1B2@proofpoint.com> <CAHej_8kridbc322MDRpxfgd+8Y2yNacxTAtvr+HF=+wevdRQhw@mail.gmail.com> <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <11A2B052-A26C-4A9C-9D88-72B594DA1C59@proofpoint.com> <VI1PR01MB70537BA29DA1F456B858C17FC78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <6993E8B6-11A0-4AF3-A94E-044F880E56BC@proofpoint.com> <CAHej_8kjwtGE4rDrXfTpgThOD-jh7t0GK9EUnVjVZT_OJzzsvg@mail.gmail.com> <VI1PR01MB705353E36328899609DE2471C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
In-Reply-To: <VI1PR01MB705353E36328899609DE2471C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 209a2d3f-4f11-4c79-af0b-08da68f6174d
x-ms-traffictypediagnostic: SN6PR11MB2736:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: d4RLMH8pF8Ln+l0LGvPIdZKzSpJVodFqdNSm9ZIjEhMa/KHmZu8LfHp+sRyRGh5+v7WRRUccVxZN9KcuT+fGn4ICvGWy8qY115okBdNyivsKf8u9Fb6xykHYEJc2F3kLBGYKJlPc3jHKgKZfLNDsORf3Q5CaFSFj7chRk5sNidMzRiki4fRErIMoivmADlIf0sh1dF3DC68/xHb3OfV79dF/s1CQxyvAMWUrBmqojRdENrkn3WAFOYXXLAG3UsRIOUeGsLLQlQlF8a2um2pp+3V/DGK75sWFfI/sE3lqxfatdjRgib/7lMpmLs1NXA5kq0JofZKoe37L2MqHl8Px3KnBJsLVoQklWryEiWE48r4A5EDhRLAjKdFxqtSePOgsqSthJ0cjUyPXNb4brCgSM4z/1GtDc2fcz1xBTU3rIArEFTUep4/87xLxfWjY1X/YgWhIFtYIYfNzE0XFTzuVZe67CBLpO8yL4dsRtXRclu7MOm99yh80KPSXKHmha+Eh/O+8RD5xpqM/XHXW3Scb1DxFpBazgf5uffOLD6DCfzFkTZnjHB/cfkhdeNw5Nr3l2U5RvHFIIK2p5JQ4FdYgtYtn3/ETg8Wie8F4WU6ehAvYEWn/i0bkAuwsbrFhjd3T43pNwIu+8jiTf0ehe7Zl06ZIKlyN/WfhK5W3NsIuLZG1dzDDVs2BE28r6CcyOVZ3BBV9x/xBwDYzB7rYwbSYxxAC9duVg/NzFFVu67JTBp6Sf8WYvPJYoq+k5z/w4UawZl5U2avxF1UOIi8suAXe5aci/4mLTtJuijPDvw/h+Yi8wBclIMwtwLfZuidpPmt+0i0uhlVINNWyLkBZWaNqdw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(376002)(39860400002)(346002)(396003)(136003)(84050400002)(71200400001)(478600001)(41300700001)(53546011)(186003)(7696005)(9686003)(82960400001)(6506007)(122000001)(38070700005)(166002)(38100700002)(83380400001)(66574015)(4326008)(2906002)(86362001)(33656002)(8936002)(5660300002)(52536014)(316002)(64756008)(66446008)(76116006)(66476007)(55016003)(66556008)(40140700001)(110136005)(8676002)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: i8Zx108lefWHBQB9BaefLc310vQmb5LuolluXEk3ZJ/xfsMqHW9anI1scFIEllkD9GYv9paaIek0ERDjKWxu8JcjQetIb2SoeWipojf71JD3E7UU5Lz66QpV1DdZtIMPvwYctKnDXPMim4XmcOi+PDIRgP4x3cekwZwHgcYShzSPkV0FHUNl4fNDU0WJGj5Z7PvyIianPA2pjfXYdIjeduZSWKF8wwbVbkYt3ob/45JBlBU8isy12tOPPmv/EhKwGlyQ54BfOi0TyXDdku4Wkjmj1+gdyeKvONYbDcgyK4gWUgmK5BMtAukJPHQ/bu6UFuS6xl7vYzgeBr8yWUeQRSZktsgvb7qnDwqBfS0+ndeQeitwpmB71FeiQjRH8pM1y81JJ+v40PFxsqAV0XU6PG3ucAPmk7898OOal51p09GAPeiYA5fDuiOjU5zXqcBzQEk+CtfadCMC20gX0QjFpRE5vgR+k1mOjAhJqpLZJq8y8FZ3An8k6WPktpxELrsaXxJbULxmkC4ubGLKn+2FKGmuKfBndyqWjAOK9xyOXFf9UISMtGlA/SPNQu0NBrNH3DO0Nivh03sC/gMGhVX7VMp1QYtVtlhbLOv30ZQGYJfx6MmRJz9fZqNSUuood6pyMYApetU9jo3mhFl2Uxi0EUjBZt6D+ezHe6Up1ATT/nxUc1j/woB/xB5U5tWKY3aAQPSkukyBR4c2gAO1QdIld8FXQyEWktLDToqtY1s17luXvqFMBmzz6f3h3eP6LNrVgYZH8GFrYHRtl4WolQl9cdXHTWmOzREnc0Rdg6Mvv9gvbT4zvPLaX6JVEFjhE9dt4bqzxQt1NqTcANYAOCM4jgznWEkCLwluyxtyBOYMYpVuSqsfOXklb4F/sPtk0lYfcwxsQW6cDxxkUebsC3FrHNF/nKKFwpIMU8Gjzhy2jxe3a7cPgNcfKdWPCUnnAoCBdAa88cDpHc9Is+niwiv+Z8FUfZ783+EFvaOPxoN9gQoifXojPCvR9oO7YkrugMc88BMGYl9JMubRSouiVSVhNFYlEBqAwAUvQp1AlBJcr6SF3t58IFGI/+kqNYlVtvuelMY+0m0FlbNLgu9W04uHVBeohf0jBCy6H+HM3rc1uTsfIrw62LO60Qr89viQ294B9CYnHutX/+Grv6YskObJO5ucpUtPSRRMFNEC7Bmj89d1Y3Z894VVhXw9vPyACVZ49XQU2ZG3ofU0xs/lOMQ34CSS83zr+qmOX5G/etlwErqO72Hh3oMeTE8TiyLaGZKHE+ZCvvXqumYMOEl6TNSpQbFts1O/BPE5KIXXUEOVnpM4+0cB0CJOFkRrWVmhcfR6xRAyiYPBB8zFXXw1cNhOxow979fRNfOIgXmj1TgasqFTKnBFAldO4WCzRbsgjJVrZwOttM0JGJuOySaEdA11tfpZmHKkjnFXTPDNFXr5V4yaCapJmM9l+FZPZGH/a1qej1rHXHxFAzS5PDCuoQK3xdwzgcHorTtuCi0k+Cz55Q7WpcwD9PDpZOBDC/iHHj2SSKmX3ot5A82bMOkxXouIxa2VqLLV+G0322bZdbqhQtPR2T9dni9coksSjWWc0jmYytFYycjel6010mPsC3cB4GEjOKhLUkFNWCejasbINxDhWDmhE1pDrUG5GCl+KH1yitpExRHsCdFOjsq5sdqGDg==
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IJFC+6BF4a6zs8uuiHkZuToMn7H8iWaiRF2qHsQfg+ib3yNRtiV7HAxCAy4f6xAT0iH+Iz2umytsoVhlL/hQa3sTPVun+bsA5/pPV/1GmgE/Cu5ulKVuzAm1tbpCJHfMKc/RGZbSTQTnGJf0IWMAgh5oPUsMSCdpWtJy4/pPyT3l1/EzluzXthz/BORsoQAHpUD/ng4zon++MCR+tnwi8Cz67do+FUaAv8e0IlaguSilvPi203qhVPYY7vWXOVC5YC2UkDxOtXacl3Uz1k6IlH/ICqo9sBw0udcY9awaHJUaWzAO0bqUzO4jBiNcJdAsOL2XJLhCV9EzPQRU6TD9FA==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9lhNDPeIcfMRYA2/TfkFznPeGSAVYgPykvFeR+XqmGY=; b=m8GHbK+RySKCBSqdA0kb2yRwUMNeEKvB7t/8P2sDNXGUj6FcjWMFwadrqZ7Hunaz0Jp1HFCJrd+qrVF3OfrVoWqFHCcoELPkjFCJSq3DjTdmCrXjdQZ2Y3k5RzJJw3dnwNiwt7T88VyEgmARR6nSyG7fWelWXZG22PWT7toY1O3PzuB6USP7HllAl+6P9LusK33Hbbw5t8GkFKPqXG7oddq0U2enGblYRjnQx05vKittS/TLM+m+/93yahDsrIfJleXK/oDhVVpx9lE/vBZC3BVp+IGjFluiAq1WgjFpddoU9dbM9hzHnxKacjvWoPb5SIwZ07qZrjysGot6I6wSEw==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 209a2d3f-4f11-4c79-af0b-08da68f6174d
x-ms-exchange-crosstenant-originalarrivaltime: 18 Jul 2022 19:45:38.8400 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: 4afKjk9dIG2cLvvfC8f1SFRF82Osx/S9CT9olOFz5tuLjC2pp9+AiJE9H1r9FUxl6HdNy11qQSc6XrBoK+Dfe+VTTz8hR+wFG8krQrCONHE=
x-ms-exchange-transport-crosstenantheadersstamped: SN6PR11MB2736
x-originatororg: comcast.com
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4351F9F23857FFF274583B9BF78C9MN2PR11MB4351namp_"
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWX
X-Proofpoint-GUID: Pq2tKjDUZGOwq6IZXHXtHtNkBbjnPjuH
X-Proofpoint-ORIG-GUID: Pq2tKjDUZGOwq6IZXHXtHtNkBbjnPjuH
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-18_18,2022-07-18_01,2022-06-22_01
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/rRLfHntgb1KWpyMxu73qwjIQtlI>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 19:46:14 -0000

That's not something we should attempt to exert control over.  That's a client design decision IMO.  That could be influenced by local caching, or only loading X number of messages above/below where you are, etc.  They may decide to only do it during message view, not list view (and therefore only have to do it when you open the message itself).

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

From: bimi <bimi-bounces@ietf.org> On Behalf Of Ken O'Driscoll
Sent: Monday, July 18, 2022 3:42 PM
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
Cc: bimi@ietf.org
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

I don't believe that an internet standard can address individual MUA design issues.

The specification should clearly explain how MUAs can/should implement BIMI. The development considerations surely must be left up to the individual implementers.

Are there other standards that go into such application level UI/UX details?

Ken.

________________________________
From: bimi <bimi-bounces@ietf.org<mailto:bimi-bounces@ietf.org>> on behalf of Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org<mailto:todd.herr=40valimail.com@dmarc.ietf.org>>
Sent: Monday, 18 July 2022, 19:08
To: bimi@ietf.org<mailto:bimi@ietf.org> <bimi@ietf.org<mailto:bimi@ietf.org>>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

On Mon, Jul 18, 2022 at 12:47 PM Trent Adams <tadams@proofpoint.com<mailto:tadams@proofpoint.com>> wrote:

Coolio... that certainly simplifies things.

My only question would be how MUAs can determine if they can rely upon the headers, if found.  I think this rolls back to how the MUA knows if the MBP from which they retrieve email is (correctly) evaluating BIMI.

For example, what if a malicious actor includes a BIMI-Location header in an email sent to an MBP that doesn't strip it out?  How can we signal to the MUA that they should only rely on headers inserted by the MBPs known to be compliant with the BIMI specification (which requires stripping of BIMI headers they didn't insert)?

What if the MBP was required to sign BIMI headers they inserted (e.g. via ARC)?


Before I forget, there's something else I'd like to add to the discussion...

If the consensus lands on "Unaffiliated MUAs should do their own BIMI validation", then I must ask if there will be any limits suggested or proscribed on how many messages that validation should be done on?

Here's a real-world scenario...

Last year, after many years of being an Android user, I switched to an iPhone. While it's true that most large mailbox providers' mail clients are capable of retrieving mail from unaffiliated MBPs, it seems that Apple's Mail client is a pretty common one to do this sort of thing on.

My primary personal email address is @gmail.com<https://urldefense.com/v3/__http:/gmail.com__;!!CQl3mcHX2A!AC30eBlMX0rYYEmNCG-iliXehy7BVMpq_ihl_v2XWr7Ab9j0navONZRdWhUuPBGt4DP3ZYRDzLuntkcUKqe7EVku_YjQmAVWh3dGChw$>, and it has been for many years. So long, in fact, that Google tells me that I've got well over 9GB of storage in use for my mail. Yeah, it'd all fit on a thumb drive, but that's still $VERY_VERY_VERY_LARGE_NUMBER of messages.

I've fooled around with pointing the Mail app on my iPhone at Gmail, but I don't like the fact that the labels Gmail uses for tabs (Promotions, Social, Updates, and Forums) don't carry over as folders in IMAP, so the end result is a big old Inbox with tens of thousands of uncategorized unread messages, to say nothing of all the read ones, but I digress...

Let's say the upcoming version of Mail in iOS 16 supports BIMI for third party mailboxes, and I try once again to use Mail to read my Gmail mailbox.

How many messages should the Mail client try to do BIMI validation on before the battery on my phone is exhausted and/or the iPhone becomes a smoldering pile of melted plastic and silicon?

--
Todd Herr | Technical Director, Standards and Ecosystem
e: todd.herr@valimail.com<mailto:todd.herr@valimail.com>
m: 703.220.4153
[https://hosted-packages.s3-us-west-1.amazonaws.com/Valimail+Logo.png]

This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email