On 3/15/18 10:19 AM, Kurt Andersen (b) wrote: > Two more items for discussion (coming from a chat that I had with some > of the NCSC folks today):
Thanks for sharing their input. > * Creating a diagnostic report that would have some additional > information (such as sending address) and URLs without going quite > as far as a forensic report - so something between the aggregate > and forensic levels > I'm probably missing something, but -- aren't email addresses usually classed as PII in the EU, whether they're sending or receiving at the moment? Seems to me it would run afoul of the privacy regs that tend to rule out forensic reports in certain jurisdictions... Maybe there's a batch/aggregate angle vs. per-message that helps avoid that concern? Would time and URLs alone be useful enough to warrant the effort and expense? --S.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
