BIMI, or a new torture for self hosting SMTP

I was reading a post on Mastodon today about migrating from Substack and in the linked article Molly said:

I don't know, I just do what I'm told. And someone's just told me about a BIMI record, which apparently makes emails look trustworthy, so I threw one of them in there for good measure. Why not.

So of course I stupidly went to research BIMI, or Brand Indicators for Message Identification, and it turns out to be yet another way to make things worse for you if you self host your SMTP server or want to send mail from anything other than a corporate domain.

Essentially the deal is that you publish a link to your logo in SVG format in a TXT record in your domain's DNS and then some mail clients display it. Here's how it might look.

Seems cool right?

So I added a TXT record to default._bimi.walklakes.co.uk which read

v=BIMI1;l=https://www.walklakes.co.uk/images/walklakes_logo.svg;

and the image you're seeing on the right comes from a BMI Tester which I pointed at walklakes.co.uk showing how it might render in a mobile email client and it all looked fine ...

... but here's the catch. Google Gmail only displays the logo if "logo ownership [is] verified with Verified Mark Certificates (VMC)"

What does that mean? Well, there's an optional "a" parameter to the TXT record where you post a link to a PEM file containing a certificate confirming that it's your logo. For that you need to register the logo as a trade mark (just in the US I'm guessing, I didn't get as far as checking) and then purchase a certificate from one of the two people who issue them, one of whom is digicert® who charge you a cool US$1,499 a year for the privilege.

I would worry about this more but I went to my Gmail account and I saw no logos being displayed, not least because google.com itself, from whom I get a lot of mails to my account, does not have a BIMI record!

Sigh. Moving on ...