On Tue 25/Apr/2023 21:08:56 +0200 John R Levine wrote:
6.1. Data Exposure Considerations
Aggregate reports are limited in scope to DMARC policy and
disposition results, to information pertaining to the underlying
authentication mechanisms, and to the domain-level identifiers
involved in DMARC validation.
Aggregate reports may expose sender and recipient identifiers on
domain level, specifically the RFC5322.From domain. No personal
information such as individual email addresses, IP addresses of
individuals, or the content of any messages, is included in reports.
However, low-traffic reports may allow a mapping of 'record' elements
to individuals due to a lack of aggregated data. A malicious Domain
Owner might add a unique user identifier to messages (e.g., as DKIM
selector) that allows a tracking of individual users in aggregate
reports.
[remaining section unchanged]
Looks mostly good to me. By the way, that bit about a malicious Doamin Owner
is not hypothetical, and I don't think I'm malicious. Just make it A Domain
Owner ...
No, wait. Domain owners can only add something when users posts via their
domain's MSAs. In that case, the information that can be gathered by aggregate
reports is a blurred image of what can be obtained from internal logs. One can
find out who is using external MSAs by matching connections in small domain to
small domain correspondence only.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
