>To my mind, this doesn't create a privacy problem any different from >the existing ones around spam filtering, DLP, or NDRs: somebody in an >administrative position may end up looking at message contents.
It's worse than that, since it sends reports to people who may have not been anywhere in the mail path. For example, if one of my users forwards her mail to a Gmail or Yahoo account, and sets up that account to send mail using the From address in my domain, an ruf could provide me with copies of every message she sends, even though I operate none of the systems through which the mail sent. For the institutional domains that are DMARC's main target, there's no problem since there's no mail from individual users, but for domains with people, and particularly domains where the people are not employees of the domain operator, the privacy issues are worrying. R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
