These are the potential data harvesting strategies that I can envision. Are there others?
Data harvesting by originating domain (I don't see how data harvesting by the originating domain can be considered a privacy violation, but these are the strategies: - Report data can be matched to outbound logs to determine which specific messages are covered by a specific report. - If coupled with individualized DKIM scopes or low volumes, report data can be matched to outbound logs to identify specific messages that were forwarded and the domain to which they were forwarded. Local-part of the forwarded address is not revealed. Data harvesting by report processor - Many reports are processed by service providers rather than by the domain owner. The report processor could use that data to develop a database of domain-to-domain communication patterns, and might seek to monetize that knowledge somehow. This possibility applies to both the report sending organization and the report receiving domain. Data harvesting by eavesdroppers - A report might be intercepted by eavesdroppers if the transmission channel is not secured. This information might be useful to an attacker as part of a data aggregation effort. For the last two, I don't see how DKIM scope IDs would be useful to someone who lacked access to the outbound information flow. If the attacker is intercepting all of a domain owner's mail flow, the problem is more serious and the DMARC reports are the least of his worries. Do we have a problem at all? On Wed, Apr 26, 2023 at 3:52 PM Matthäus Wander <mail= 40wander.scie...@dmarc.ietf.org> wrote: > > On Tue 25/Apr/2023 21:08:56 +0200 John R Levine wrote: > >> Looks mostly good to me. By the way, that bit about a malicious > >> Doamin Owner is not hypothetical, and I don't think I'm malicious. > >> Just make it A Domain Owner ... > > Agreed, just Domain Owner then. > > Alessandro Vesely wrote on 2023-04-26 09:25: > > No, wait. Domain owners can only add something when users posts via > > their domain's MSAs. In that case, the information that can be gathered > > by aggregate reports is a blurred image of what can be obtained from > > internal logs. One can find out who is using external MSAs by matching > > connections in small domain to small domain correspondence only. > > The Domain Owner may not learn anything new by putting in tracking IDs > into messages, but the privacy leak creeps into the aggregated report > and becomes visible to third-party report processors or organizational > units that have access to the rua mailbox but not the internal logs. > > Regards, > Matt > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
