On Apr 29, 2013, at 1:34 PM, John R Levine <[email protected]> wrote: >>> For the institutional domains that are DMARC's main target, there's no >>> problem since there's no mail from individual users, but for domains >>> with people, and particularly domains where the people are not >>> employees of the domain operator, the privacy issues are worrying. >>> >> p=none is used on all kind of domains. >> >> Per the spec, the sending of a failure report is not tied to any p=, only >> that the email fails dmarc. > > Quite right. For anyone with live users in their mail domains, ruf= provides > the system admin ability to snoop on mail that he should never have seen. > I think this statement is overreaching, you have not yet demonstrated that the system admin would have access to emails he would not been able to obtain via other means.
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
