Hello folks, In ticket #64 (https://trac.ietf.org/trac/dmarc/ticket/64), it was suggested that a Privacy Considerations section may alleviate some concerns about the ownership of the data. I created an initial attempt, and thought to get some feedback. I didn't think we should go too far in depth, or raise corner cases. Felt like doing so could lead down a rabbit hole of trying to cover all cases. This would go within a "Privacy Considerations" section.
* Data Contained Within Reports (#64) Within the reports is contained an aggregated body of anonymized data pertaining to the sending domain. The data is meant to aid the report processors and domain holders in verifying sources of messages pertaining to the 5322.From Domain. The data should not contain any identifying characteristics about individual senders or receivers. An entity sending reports should not be concerned with the data contained as it should not contain PII (NIST reference for PII definition), such as email addresses or usernames. Does this seem a reasonable start? Thanks for your time. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
