Can you elaborate on how typosquatting is relevant to this? I'm confused.
If one of your users sends email /to/ a typosquatted domain, and you've
DKIM'd the email properly on the way out, then you're not going to get
failure reports because the email does, in fact, pass DMARC.
If someone sends email /from/ a typosquatted domain, then you're not
going to get failure reports because it's not your domain in the From line.
I'm just... confused. I don't understand what scenario you are implying.
Can you clarify for me?
Thanks,
Jonathan Kamens
On 5/30/18 5:17 PM, Elizabeth Zwicky wrote:
It might be that you are correct about GDPR, but this has been a
concern well before the GDPR, and whether or not it concerns the Data
Protection Authorities, it concerns our privacy lawyers. Typosquatting
is, after all, a thing.
Elizabeth
*
*
*Elizabeth Zwicky*
Mail Abuse Distinguished Engineer
My oath: 🦄 ☕️ 🌋
On Wednesday, May 30, 2018, 2:02:45 PM PDT, Jonathan Kamens via
dmarc-discuss <dmarc-discuss@dmarc.org> wrote:
On 5/30/18 4:22 PM, John Levine wrote:
2) The people receiving the failure reports aren't "total strangers."
They are either (a) the same people who run the email infrastructure (if
failure reports are handled internally), who are presumably authorized
to look at email headers while troubleshooting issues, or (b)
third-party data processors (to use the GDPR terminology), which are
permitted as long as how they are using the data is disclosed to users.
They're sent to whoever some ruf= tag points to. I get all the
failure reports for any message with one of my domains on the From:
line, even if if was forged or a typo or a configuration error and
nobody related to me sent it. Sounds like total strangers to me.
I don't think you can be held responsible if a "total stranger's"
email ends up in your inbox because they put your domain in the From
line of the email without your authorization. Furthermore, of the
cases you mentioned ("forged", "typo", "configuration error"), I don't
think anything but "forged" happens with sufficient frequency to be
worth your concern or the concern of the European Union's member
states' Data Protection Authorities.
Jonathan Kamens
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org <mailto:dmarc-discuss@dmarc.org>
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note
Well terms (http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
