Tim, You should know there is nothing wrong with mailing lists and it is rather the rest of the email ecosystem which should be changed...
On 3/21/13 7:25 AM, "Tim Draegen" <[email protected]> wrote: >On Mar 20, 2013, at 11:49 PM, John Levine <[email protected]> wrote: >> In article >><c8869be93cf766409d9086a78338cee938827...@prn-mbx01-5.thefacebook.com> >>you write: >>> This is definitely something that will need to be called out in the >>>DMARC >>> draft as a privacy consideration when it is published at some point. >> >> I have to say that DMARC is a privacy disaster waiting to blow up. >> When used on small domains like mine, I can tell a lot about what >> happened to individual mail messages. For example, I now have a very >> good idea how many NANOG subscribers get their mail at Gmail, Hotmail, >> and Yahoo. > >Before we (as a discussion list) jump to conclusions, can we be a bit >more rigorous in fleshing out what people are concerned about in terms of >privacy? It'll make the draft better. > >For example, "privacy disaster waiting to blow up" sounds like someone >needs to jump on the grenade before DMARC explodes and kills everyone's >privacy. Since this appears be about DMARC allowing people to count how >many list subscribers live at each DMARC-enabled provider, what are the >privacy implications? Hyperbole aside, is there anything there? > >I'll take a stab at fleshing this out: > - I no longer have to talk to the list admin and ask for these >statistics. > - I don't have to pay anyone for these numbers. > - I can determine how many list lurkers are Out There. > >That wasn't very satisfying. Where is the disaster? How about when the >entire world is providing DMARC? Then, if someone was subscribed to a >list using a domain like @individual.person, you could discover that >someone/thing @individua.person was subscribed to the list! There's some >cause for minor concern right there. > >Are there any work-arounds? What if DMARC report generators were >instructed NOT to provide data points if sources are determined to be >"mailing_list"? This is a possible solution. However, this relies on >the ability of the report generator to accurately identify >"mailing_list", which even now is weak. Therefore ineffective and not >really a solution. > >What if mailing lists that are concerned about privacy used their own >mailing list domain in the 5322.From header field? Then, the snoopers >would no longer get the privacy-sensitive data under discussion. This is >a possible solution, and viable in that subscribers would be put into a >position to say "I'd like to use your mailing list, but I can't until you >stop leaking my subscriber info to anyone who can send email to your >list". > >OK. End of exercise. Murray, I'll be proposing text so mailing list >operators can understand how their lists might become privacy disasters >waiting to blow up, and what they can do to mitigate this risk. > >=- Tim _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
