It appears that Alessandro Vesely <ves...@tana.it> said: >On Wed 03/Aug/2022 21:52:21 +0200 John Levine wrote: >> He insists that the failure reports mean something is wrong, the list needs >> to make them go away, which of course means rewriting headers to make it >> harder >> to tell who each message was from. I suggested that if he doesn't want the >> reports he's asking for he should not ask for them, or perhaps use a three >> line procmail script to sort the obviously benign list ones, but he's sure >> it's the list's fault. > >For aggregate reports, one has to collect the information that will later >be aggregated. Failure reporting apparently requires no data collection, >which is probably wrong.
I don't understand what you mean by "no data collection." It is true that you can send a failure report immediately without saving anything for later. >Should we specify what data to collect? No. >Would that worsen the perceived privacy violations? Since we cannot read people's minds and guess what they perceive as privacy violations, there is no way to answer this question. >Should we specify a max amount / percentage of reports per domain? PLEASE can we not invent yet more irrelevant distractions. If it were up to me, I would completely remove failure reports from the spec. Few people send them, they're not very useful, they have horrible privacy problems, and as we have seen people use them as yet another stick to beat up innnocent mailing lists. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
