On Mon 30/Jun/2025 17:44:10 +0200 Dotzero wrote:
I propose the following tweak to the Introduction of the Failure Reporting
draft:
A couple of questions:
Failure reports (RUF) provide detailed information about the failure of a
single message, or a group of similar messages failing for the same reason.
What is the meaning of RUF? I tend to imagine something like Reporting Url
(for) Failure (reports), which refers to an email address, not the report itself.
They are meant to aid in a) cases where a Domain Owner is unable to detect why
failures that were reported in aggregate form occurred or b) it is important to
the Sender domain to quickly identify and address mail involving abusive mail
involving direct domain abuse.
This sentence needs rewording, since (a) and (b) are not symmetric. How about:
Their purpose is twofold. On the one hand they are meant to aid in cases
where a Domain Owner is unable to detect why failures that were reported in
aggregate form occurred. On the other hand, they can allow the Sender
domain to quickly identify and address harmful messages involving direct
domain abuse.
It is important to note that these reports can
contain the header fields or sometimes the entire content of a failed message,
which may contain personally identifiable information (PII). The potential
disclosure of PII should be considered when deciding whether to request failure
reports as a Domain Owner, or what information to include or redact in failure
reports when creating them as a Mail Receiver, or whether to create failure
reports at all.
Best
Ale
--
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org
