Is email spam a solved problem?

Engadget asks, "Did AI kill off spam and we just didn’t notice?"

I'm not sure about THAT, but this article is still a very interesting read, and a good overview of how CAN-SPAM isn't considered a great law, how e-postage went nowhere (in spite of Bill Gates' help), and what TensorFlow is and why it matters.

Also: Wow! In this article, Neil Kumaran, Product Manager for Gmail, points out that "Gmail blocks about 10 million spam emails a minute." I guess the barbarians are still at the gate.

BIMI: Current Status? Should we bother?

Since lots of folks are reaching out to me, asking for help with BIMI records and/or wondering if it's something they should take the time to implement, I figured I would take a few minutes to explain the current state-of-the-state with regard to BIMI, and help to answer the question of whether or not you should move forward with it.

BIMI stands for "Brand Indicators for Message Identification," and if you want the really short version of what it is, it's this: a way to publish a logo and have that logo displayed on or near your email messages in whatever email platforms support it. Find out more about BIMI here, courtesy of Litmus.

I think that some folks are (perhaps over-) selling BIMI functionality as a trust feature for end subscribers. I'm not sure I buy that just yet. Platforms like Yahoo Mail and Gmail have already had a little logo display feature for a while now. Some smart folks have implemented that old style of logo, but I haven't seen much in the way of documented success of how you could demonstrate that it improved consumer confidence. But I do still think there's value -- it's a good branding measure, and I think you should do it. And if I'm wrong, and there is "trust value" to be found, then you'll benefit from that, as well.

From an ISP's perspective, BIMI is a tool to help drive adoption of DMARC. To implement BIMI, you need to implement DMARC, with a restrictive (p=reject or p=quarantine) policy. Meaning you have to lock your sending domain down to help prevent forged use of the domain. ISPs want this because it helps make it easier for them to tell good mail apart from bad mail. It's far from the only measure of goodness or badness, but it's still a useful thing.

So my guidance is, you should implement DMARC, and you should implement a BIMI record. Just be eyes-wide-open about what it does and what it likely doesn't do.

But don't immediately expect it to drive a significant increase in open and click rates or otherwise cause your email to significantly change how subscribers see it. It's good to add the little logo, but do keep in mind that is not the only thing governing whether or not your mail will get to the inbox and whether or not recipients are going to read and interact with your email messages.

Creating the BIMI record is easy. Your logo should be an SVG file, recommended to be on a white background, best if it can render well in a square or circle, and hosted on a website with SSL (https). When you've created and hosted that logo, you're ready to create your BIMI DNS record. After creating the BIMI DNS record (or if you need help and guidance on how to create it), pop on over to Mailkit's excellent BIMI tool.

ISP support for BIMI is limited today. Yahoo and Google have announced support for Yahoo Mail and Gmail, respectively. Yahoo Mail currently has support for BIMI in beta, and it's unclear when Gmail support will launch. Microsoft hasn't announced any support for BIMI as of yet, but I expect that they may jump on the BIMI bandwagon at some point in the future.

Also, right now, BIMI is essentially a simple thing. Implement and configure DMARC, then publish your BIMI record. But the standard hints at having some sort of trusted party or vetting service review and approve BIMI records at some point.

One example of this hit the news recently. Somebody called Entrust Datacard has announced a "Verified Mark Certificate" process and noted a leading bank as one of its first "verified" entities. How this ties into the current or near-future use of BIMI is unclear to me, and I can't really answer the question of whether or not this is something sender should pursue. It's possible that this or some other form of vetting or registration may be necessary in the future. I'll be keeping an eye out to see how this develops over time.