On 12/9/20 10:28 PM, seth=40valimail....@dmarc.ietf.org wrote: > As an individual, I feel extremely strongly that failure reports should go > away in their entirety. Although Jesse Thompson has outlined a use case that > really has no other good solution, and is equally true in other large > complicated organizations. However, this problem is mitigated with a tree > walk, where you can get the reports to the appropriately localized part of > the organization (like, math.wisc.edu <http://math.wisc.edu>, instead of to > Jesse at wisc.edu <http://wisc.edu> who'd need to hunt things down).
To be clear, I'm not advocating for this From/To use case, but I know of universities who would. There's at least one who cleverly flattened their SPF record to include every known sender specifically because they had no mission to change the way their institution distributively sends email. That is the type of organization who *may* want From/To data, assuming they want to do more validation before adding yet another IP to their SPF. It's a stretch in my mind. I would only strongly advocate for seeing the unredacted From header, since my primary concern was with identifying a little bit more information about who was using the domain and why (i.e. who is using random ESP). The stated purpose of Failure Reports is "for quickly notifying the Domain Owners when there is an authentication failure ... also provide more information about the failed message than is available in an aggregate report". Since the focus of DMARC is to authorize the use of the domain used in the From header, then the logical next incremental levels of "more information" should be: 1) From header domain (already known) 2) local part of From address 3) Friendly From 4) Subject 5) other parts of the message containing identifiable information 1->5 decreases in usefulness/relevancy to DMARC 1->5 increases in unnecessary information disclosure Jesse _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
