Hello, welcome to the Friday, April 8, 2000, 22 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

I wrote a quick post today about Beamy, and I hope I pronounce it correctly. It's an acronym B-I-I-M-I, and it stands for brand indicators for message identification.

And it's supposed to supplement the more technical standards like D-Mark, D-KIM, SPF,

in order to provide users with an easier way to detect if a particular email is legitimate or not.

Now, the trick here is that essentially the email sender is able to identify a logo that will be

added in the email client next to the email, typically already in the preview pane,

and this is supposed to help users decide that a particular email is coming from an actual

organization. Now, how is it all supposed to work and how are people not supposed to be able to fake those images?

Well, first of all, you need a special DNS records.

Everything about these email standards usually evolves around DNS text records.

In this case, the most basic form just includes a URL for the image.

Of course, that's something that could easily be faked.

Someone else could just copy the image, create the text record for a lookalike domain,

and impersonate the particular entity.

But an extension to this standard then also allows for a certificate to be added.

And this is where things get a little bit more tricky and more difficult to implement.

In order to obtain a certificate that will be trusted, you first need a trademark for the

particular image, and that sort of makes sense.

And then you need, of course, to buy the certificate.

And that's currently, in my opinion, at least pretty expensive.

It's sort of in the $1,000 to $1,500 range.

And it's, of course, yet another certificate that you need to renew annually.

...