I'm not sure if this is significant or not, but I noticed that I can infer numbers of subscribers to mailing lists based on either aggregate or FBR data I get from data providers.
For general providers like Gmail, Yahoo!, etc, I doubt it matters (although it does give me some idea of their relative user bases), but for individual companies, I'm not sure it's 100% benign. My specific example, is Linked In. I know, from previous postings that Franck Martin is subscribed to this list using a linkedin.com address. The last message I sent to the list, I got an aggregate data report back from linkedin.com that said one message with a valid DKIM signature from dmarc.org. I infer (I think quite reasonably) that Franck is the only subscriber to this list from Linked In. Is it a significant information leak? No. Is it worth documenting? I'm not sure, thus the message to ask ... Scott K _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
