On Tue 22/Dec/2020 18:02:10 +0100 Michael Thomas wrote:
On 12/22/20 8:50 AM, Alessandro Vesely wrote:
On Tue 22/Dec/2020 17:16:05 +0100 Michael Thomas wrote:
On 12/22/20 1:22 AM, Alessandro Vesely wrote:
NEW
Failure reports provide detailed information about the failure of a single
message or a group of similar messages failing for the same reason. They
are meant to aid extreme cases where a domain owner is unable to detect why
failures reported in aggregate form did occur. As an extension of other
kinds of failure notifications, these reports can contain either the content
of a failed message or just its header. The latter characteristic entails
severe privacy concerns. For that reason, and because it turned out not to
be important, failure reporting is usually disabled.
I'm not understanding what this "severe privacy concerns" are. It looks like
a glorified bounce message to me. My messages pass through the originating
domain in the clear, but it only becomes a "severe privacy concern" when it
is reflected back? How does that work?
Unlike bounces, you're delivering PII info to a third party.
In Europe, if you setup failure reporting that way, having a third-party
handling/ processing meta-data or even mail content requires you to inform
your customers about that, and ask permission. If third-party is outside EU,
since privacy shield got canceled last July, there is not even a legal basis
anymore that would allow you to do so at all. In all cases, you would be
held responsible for your customers data unless third-party is signing
contracts with you to accept EU privacy laws. EU has severe penalty for
companies which break GDPR.
Sorry, having to ask for permission because of laws does not constitute a
"severe privacy concern".
Except in the sense that they're called privacy laws. Do you have a better
wording?
That is completely outside of the scope of IETF and we should be pandering
to it.
Making specifications that cannot be legally abided by is in IETF scope?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
