In article <cc4e4665-f55b-bec7-760d-ae6ae3d01...@tana.it> you write: >We would like to close this ticket two weeks from now, by the end of the year, >so please get on it. > >The ticket text is just: > > Make it clear in privacy considerations that failure reports can provide > PII well beyond a domain name, and are not sent by most receivers.
The current text says that, but it should also point out that redaction does not always remove PII. Info about sender or recipient might be encoded in non-obvious places such as the Message-ID or DKIM selectors.* Also, whether we use the current Org domain heuristic or a tree walk to find a higher level DMARC record, there is no way to reliably tell the relationship between a domain publishing the rua or ruf tag and a subdomain being reported. Partly this is the Holy Roman Empire problem, partly the PSL is just incomplete and always will be. >Any lawyers in this WG? The IETF most definitely does not provide legal advice. R's, John * - I've been doing that for ages. Every message gets a unique selector. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
