Sorry for my lack of details. I was considering the cases where a bounce or a failure report reveal that u...@example.com forwards to user@secret.example. That is, a user may want to receive mail destined to her (old) address, but does not want (old) contacts to become aware of her new one. The address she uses to subscribe to a mailing list is obviously revealed to the MLM. It is not secret in that sense.
You keep confirming what I am saying.
The failure report from user@secret.example would go to the report receiver of whoever sent the message in the first place if the MLM doesn't munge From, or to the MLM if it does. Either way, it's leaking PII.
What is evident is that, as conceived, failure reports break privacy enough to make an admin's skin crawl.
Right.
I think we should convey the fact that failure reports are (to be) sent in limited circumstances and with due circumspection.
Yes, that is more or less what I have been saying, only I'd say you probably don't want to send them at all since they have turned out not to be important.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc