Brotman, Alex wrote on 2023-04-25 19:32:
I'm not disagreeing with the idea below, just that by omitting this in the
draft, we could leave it open to interpretation that it *always* will be a
privacy violation. This could justify decisions by some receivers to decline
to send reports.
Otherwise, I'll remove 6.3.
I see some merit in 6.3 by pointing out what is *not* included in a
report and that the identifiers disclosed are on domain level. The
wording "Mail Receivers / Domain Owners should have no concerns in ..."
is not optimal. Let's leave that to them to decide.
I suggest to merge those parts of 6.3 into 6.1. Proposed text:
6.1. Data Exposure Considerations
Aggregate reports are limited in scope to DMARC policy and
disposition results, to information pertaining to the underlying
authentication mechanisms, and to the domain-level identifiers
involved in DMARC validation.
Aggregate reports may expose sender and recipient identifiers on
domain level, specifically the RFC5322.From domain. No personal
information such as individual email addresses, IP addresses of
individuals, or the content of any messages, is included in reports.
However, low-traffic reports may allow a mapping of 'record' elements
to individuals due to a lack of aggregated data. A malicious Domain
Owner might add a unique user identifier to messages (e.g., as DKIM
selector) that allows a tracking of individual users in aggregate
reports.
[remaining section unchanged]
Regards,
Matt
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
