On Mar 20, 2013, at 11:49 PM, John Levine <[email protected]> wrote:
> In article
> <c8869be93cf766409d9086a78338cee938827...@prn-mbx01-5.thefacebook.com> you
> write:
>> This is definitely something that will need to be called out in the DMARC
>> draft as a privacy consideration when it is published at some point.
>
> I have to say that DMARC is a privacy disaster waiting to blow up.
> When used on small domains like mine, I can tell a lot about what
> happened to individual mail messages. For example, I now have a very
> good idea how many NANOG subscribers get their mail at Gmail, Hotmail,
> and Yahoo.
Before we (as a discussion list) jump to conclusions, can we be a bit more
rigorous in fleshing out what people are concerned about in terms of privacy?
It'll make the draft better.
For example, "privacy disaster waiting to blow up" sounds like someone needs to
jump on the grenade before DMARC explodes and kills everyone's privacy. Since
this appears be about DMARC allowing people to count how many list subscribers
live at each DMARC-enabled provider, what are the privacy implications?
Hyperbole aside, is there anything there?
I'll take a stab at fleshing this out:
- I no longer have to talk to the list admin and ask for these
statistics.
- I don't have to pay anyone for these numbers.
- I can determine how many list lurkers are Out There.
That wasn't very satisfying. Where is the disaster? How about when the entire
world is providing DMARC? Then, if someone was subscribed to a list using a
domain like @individual.person, you could discover that someone/thing
@individua.person was subscribed to the list! There's some cause for minor
concern right there.
Are there any work-arounds? What if DMARC report generators were instructed
NOT to provide data points if sources are determined to be "mailing_list"?
This is a possible solution. However, this relies on the ability of the report
generator to accurately identify "mailing_list", which even now is weak.
Therefore ineffective and not really a solution.
What if mailing lists that are concerned about privacy used their own mailing
list domain in the 5322.From header field? Then, the snoopers would no longer
get the privacy-sensitive data under discussion. This is a possible solution,
and viable in that subscribers would be put into a position to say "I'd like to
use your mailing list, but I can't until you stop leaking my subscriber info to
anyone who can send email to your list".
OK. End of exercise. Murray, I'll be proposing text so mailing list operators
can understand how their lists might become privacy disasters waiting to blow
up, and what they can do to mitigate this risk.
=- Tim
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
