On 2016-12-23 10:09 AM, Juri Haberland via dmarc-discuss wrote: > When I look at the few failure reports that I receive, they all consist of > headers only - but all headers, not just a few. They do not include a > single line of the body. > So your proposal would just describe the reality - or what am I missing?
Perhaps this is what John meant in the first place, but IMO standardizing a set of headers to be included in forensic reports that would clear privacy laws may actually get receivers sending them. The idea of "if they wanted to, they already would" strikes me as a bit naive, in that a surface level look (vs reading through and interpreting in detail the RFCs) would suggest you're supposed to send the whole email, and a receiver setting up DMARC reporting will just drop the idea there. I've seen ranking figures in this list mention privacy as a reason their organization doesn't send forensic reports, and those are people that are/should be aware that they COULD send partial forensics, which strongly suggests to me that most people will conclude the same. Hence developing and promoting a privacy-friendly subset of headers may get alot of receivers sending forensic reports, and thus go a long way towards senders switching for reject or at least quarantine. And of course that's ! the ultimate point of DMARC (to me anyway) so it seems an idea worth working on. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)