Policy is not-cacheable

[massar]

The policy ("logos") for a domain are not cacheable. DNS TTL will be much lower than needed.

As HTTP is involved anyway (as hopefully the MUA does not fetch the logo everytime, but only once in a while, and hopefully from a cached source...) why not use HTTP caching/expiry information to determine how long to cache the information?

Another approach is to use what MTA-STS (https://tools.ietf.org/html/draft-ietf-uta-mta-sts-14) performs.

As with MTA-STS, it might be good to serve up the "logos" as a policy document on the webserver.

e.g.:

default._bimi.example.com TXT "v=BIMI1; id=2018032901; h=bimi.example.com"

And then that the policy is always coming from https://bimi.example.com/.well-known/bimi.txt
Which thus requires functional HTTPS, and control of the .well-known/bimi.txt URL.

That file then contains the policy, as currently encoded in DNS, but that thing can be cacheable. the MTA can also quickly do a DNS request to check if the policy is still the same/in-place. See MTA-STS for more background on that technique.

That stated though, as the MTA is already fetching the policy from MTA-STS, maybe the logos can be added to that policy file, as that is just extra information....