In the data itself, there are summaries of IP addresses and authentication
statuses of mail that fall into three categories: 1) mail that is
authenticated by the domain, 2) mail that fails to authenticate as the
domain, and 3) mail that is wholly unauthenticated. From a domain owner
perspective, this means they get reports of mail that is 1) authorized by
them, 2) not authorized by them, or 3) broken by forwarding or other
rewriting by an intermediary. ...
All true, but more to the point, the reports include IP addresses and
domain names of mail servers and DKIM signers, not IP or e-mail addresses
of individual users. There's no PII other than in the extreme case that
the domain has only a single user so all of the mail can be attributed to
that user.
R's,
John
PS: updated the ticket title to say aggregate reports
PPS: that extreme case lets me tell things like how many NANOG subscribers
get their mail at gmail.
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
