Yes, very true. Again as an individual, I think it's worth calling out explicitly in the draft, simply because it does seem to cause friction with implementations.
On Fri, Feb 12, 2021 at 1:23 PM John R Levine <jo...@taugh.com> wrote: > > In the data itself, there are summaries of IP addresses and > authentication > > statuses of mail that fall into three categories: 1) mail that is > > authenticated by the domain, 2) mail that fails to authenticate as the > > domain, and 3) mail that is wholly unauthenticated. From a domain owner > > perspective, this means they get reports of mail that is 1) authorized by > > them, 2) not authorized by them, or 3) broken by forwarding or other > > rewriting by an intermediary. ... > > All true, but more to the point, the reports include IP addresses and > domain names of mail servers and DKIM signers, not IP or e-mail addresses > of individual users. There's no PII other than in the extreme case that > the domain has only a single user so all of the mail can be attributed to > that user. > > R's, > John > > PS: updated the ticket title to say aggregate reports > > PPS: that extreme case lets me tell things like how many NANOG subscribers > get their mail at gmail. > -- *Seth Blank* | VP, Standards and New Technologies *e:* s...@valimail.com *p:* 415.273.8818 ` This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
