On Mon 21/Dec/2020 22:01:44 +0100 John R Levine wrote:
What is evident is that, as conceived, failure reports break privacy enough
to make an admin's skin crawl.
Right.
I think we should convey the fact that failure reports are (to be) sent in
limited circumstances and with due circumspection.
Yes, that is more or less what I have been saying, only I'd say you probably
don't want to send them at all since they have turned out not to be important.
Saying so ourselves would corroborate our credibility. One place to change is
the second paragraph in the Introduction. For example:
OLD
"Failure reports," or "failed message reports," provide diagnostic
information about messages that a Mail Receiver has determined do not
pass the DMARC mechanism. These reports are generally sent at the
time such messages are received and evaluated, to provide the Domain
Owner with timely notification that such failures are occurring, and
to provide information that may assist in diagnosing the cause of the
failures.
NEW
Failure reports provide detailed information about the failure of a single
message or a group of similar messages failing for the same reason. They
are meant to aid extreme cases where a domain owner is unable to detect why
failures reported in aggregate form did occur. As an extension of other
kinds of failure notifications, these reports can contain either the content
of a failed message or just its header. The latter characteristic entails
severe privacy concerns. For that reason, and because it turned out not to
be important, failure reporting is usually disabled.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc