On Apr 29, 2013, at 1:40 PM, Franck Martin <[email protected]> wrote:
> > On Apr 29, 2013, at 1:34 PM, John R Levine <[email protected]> wrote: > >>>> For the institutional domains that are DMARC's main target, there's no >>>> problem since there's no mail from individual users, but for domains >>>> with people, and particularly domains where the people are not >>>> employees of the domain operator, the privacy issues are worrying. >>>> >>> p=none is used on all kind of domains. >>> >>> Per the spec, the sending of a failure report is not tied to any p=, only >>> that the email fails dmarc. >> >> Quite right. For anyone with live users in their mail domains, ruf= >> provides the system admin ability to snoop on mail that he should never have >> seen. >> > I think this statement is overreaching, you have not yet demonstrated that > the system admin would have access to emails he would not been able to obtain > via other means. If I send mail from my ISPs smarthost, using my corporate email address, to a deliverable recipient, how would my corporate postmaster have access to that email? Cheers, Steve _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
