In article
you write:
>Aggregate feedback reports are essential for the proper implementation and
>operation of DMARC. Domain Owners can choose to
>exclusively direct reports to a processor external to their organization. In
>such cases, the content of the reports are never
>sent directly to
It would help me if you could elaborate on the concerns that you have
encountered.
Which data is sensitive and therefore needing classification?
Which roles creates the objection? Server owner sending reports,
recipient domain allowing the server owner to send reports from recipient
data, or
I PM deployments for organisations and the concept of aggregate reports have
caused problem more than once. Similar to the PII concerns of providers which
originated this ticket, these organisations operate in heavily a regulated
industry and have extensive DPO functions. To give a flavour of
Incorporating some feedback:
---
## Data Contained Within Reports (Tkt64)
Within the reports is contained an aggregated body of anonymized data pertaining
to the sending domain. The data is meant to aid the report processors
and domain holders in verifying sources of messages