@glauca Hey, any chance you’re going to support configuring webauthn as the sole 2FA option for accounts?
| pronouns | they/them |
| github | https://github.com/titanous |
Jonathan Rudenberg
- 179 Followers
- 298 Following
- 26 Posts
debugger.
@tomlowenthal And this is why I’ve been putting off moving somewhere else for years now
@tomlowenthal Google Workspace is the only other option that I’m aware of…
Annnd tagging @fastmail here got an immediate response to the ticket confirming that as of this week they "now require an aligned DKIM pass for BIMI".
So @fastmail didn’t respond at all to my report sent to security@ about the BIMI spoofing issue. The auto reply from their ticket system claimed that it may take “10 business days to respond” which elapsed this morning (and is way too long for an initial response to a security issue).
Great coverage of the BIMI spoofing issue from AJ: https://cyberscoop.com/security-professionals-tweet-bimi-google-gmail/
@aliu I did in the next post in my thread! Great paper!
@kurtseifried BIMI doesn't show up if you're using the native Mail app on iOS with Gmail because they aren't adding the message headers that it is looking for. The logos do show up in the Gmail app.
My only complaint is about the extremely misleading verified checkmark/tooltip (and equivalent UI in Apple Mail). I agree that the logos have no meaningful impact given that Gmail shows profile images.