On Sunday, July 29, 2012 11:55:30 PM John Levine wrote: > >I imagine this is worth noting in a Privacy Considerations or Security > >Considerations paragraph or two, but not something that needs to be > >repaired in the protocol somehow. > > It's purely a documentation issue. If R sends reports to S, it's > going to reveal something about how third parties relayed mail from S > to R. That will reveal something about who those third parties are, > and in some cases may allow report recipients to deduce information > about some of of R's users. > > Any plausible fix would be incredibly cumbersome, along the lines of > requiring the third party domains that show up in bounce addresses and > signatures to publish policy records saying it's OK to include them in > reports. It'd be totally impossible to audit, since those third > parties have no way to see what's being reported about them.
I agree. I wasn't trying to suggest a protocol change, just suggesting it should be documented. Scott K _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
