> When the big providers all require VMC to show BIMI, then VMC is not optional, no matter what the spec says. Claiming it is optional is then disingenuous.

What do you mean "no matter what the spec says", it is the spec we're talking about. It is what you argued against several times.

If you had started with saying "big providers' implementations of BIMI", then it wouldn't be wrong to say it's required but it's still not "monopolizing". Requiring you to prove your claims using a third unrelated party is simply not that.

> As I said in the linked post, logo verification is not a problem which can be solved. [...] and the BIMI system will have trained your customers to trust your logo.

There are caveats to each system. It does not mean the problem is not solvable to a large extent.

Secondly, it's pretty clear who to jail for the attack described. I'd say it's even a positive side of the system if that's the type of attacks we'd get.

> Any fix for this you try to implement will make the system even less usable for its stated purpose, or more suited to only large players and unusable in practice for smaller operators.

That's simply not true. The price of a VMC is really not that high for any business that doesn't only employ one man and his dog.