>For example, "privacy disaster waiting to blow up" sounds like someone needs >to jump on the grenade >before DMARC explodes and kills everyone's privacy. Since this appears be >about DMARC allowing people >to count how many list subscribers live at each DMARC-enabled provider, what >are the privacy >implications? Hyperbole aside, is there anything there?
Uh, Tim, that was an example. Nanog considers its subscriber list private. Short of hacking into their server or bribing people at MERIT, there is not supposed to be a way to find out where the subcribers are. DMARC lets me discover a great deal about what recipients do with the mail I send them. In the not uncommon case that I send mail to people at site A who then forward their mail to webmail G, H, or Y, I can learn about the behavior of people at site A without any cooperation at all from A. Since I put a unique selector in every DKIM signature, I can already figure some of this out by looking at my DNS logs to see who's checking the signatures on what mail, but the DMARC reports make it a lot easier. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
