[w3ll_w3ll_w3ll]

Under the BIMI scheme you don't pay Google, but a Certification Authority (only Digicert and Entrust for now) to get a certificate for your company logo, so that Google and other mail providers will display your company logo.

[pyrale]

> Under the BIMI scheme you don't pay Google, but a Certification Authority

Thanks for the information. So, if I get it right, the blue checkmark is simply a way to say that Google performed adequate checks?

Why not simply display the logo only for BIMI-certified emails, and drop the checkmark? Or drop any email whose logo isn't certified, as it happens for mails without dkim?

It feels weird that Chrome is dropping the padlock as a marker for https because they believe people confuse it to mean the site is trusted, and at the same time google introduces a checkmark that, inevitably, some people will interpret as a sign that the sender can be trusted.

Another issue, is that logos are much more volatile than domain names, and I don't see a good way to prevent scammers to bimi-register visually confusing logos. So I don't think it's a good idea to emphasize logos to users as a mark of trust in emails.

[w3ll_w3ll_w3ll]

>Thanks for the information. So, if I get it right, the blue checkmark is simply a way to say that Google performed adequate checks? Why not simply display the logo only for BIMI-certified emails, and drop the checkmark?

Yeah the checkmark is a Google idea, the BIMI standard is only about verifying the logo.

> Another issue, is that logos are much more volatile than domain names, and I don't see a good way to prevent scammers to bimi-register visually confusing logos. So I don't think it's a good idea to emphasize logos to users as a mark of trust in emails.

Well in theory the CA will manually verify that the logo submitted by the company is visually matching a registered trademark by the same company. That's the reason why a VMC certificate is so expensive. But let's see how it goes about that.