Most receivers don’t provide failure reports but sometimes failure reports (when available) can be useful. I realize there are privacy and regulatory concerns. Would it be possible to reduce the scope of the failure report in general to address the privacy concerns so that they’re more widely implemented? The trade offs might be worth it to have a stripped down failure report if there was a way to do it so the failure report would be useful but not intrusive?
The spec allows you to redact all you want, but history has shown that if you send anything at all, there is some risk of PII leaks.
Mike noted that there are places that exchange failure reports by private agreement, presumably including protections for PII. I think that's the best one can realistically expect.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
