On Apr 29, 2013, at 1:53 PM, Steve Atkins <[email protected]> wrote:
> > On Apr 29, 2013, at 1:40 PM, Franck Martin <[email protected]> wrote: > >> >> On Apr 29, 2013, at 1:34 PM, John R Levine <[email protected]> wrote: >> >>>>> For the institutional domains that are DMARC's main target, there's no >>>>> problem since there's no mail from individual users, but for domains >>>>> with people, and particularly domains where the people are not >>>>> employees of the domain operator, the privacy issues are worrying. >>>>> >>>> p=none is used on all kind of domains. >>>> >>>> Per the spec, the sending of a failure report is not tied to any p=, only >>>> that the email fails dmarc. >>> >>> Quite right. For anyone with live users in their mail domains, ruf= >>> provides the system admin ability to snoop on mail that he should never >>> have seen. >>> >> I think this statement is overreaching, you have not yet demonstrated that >> the system admin would have access to emails he would not been able to >> obtain via other means. > > If I send mail from my ISPs smarthost, using my corporate email address, to a > deliverable recipient, how would my corporate postmaster have access to that > email? > Company policies forbid you to just do that... even to forward your email to an external mailbox...Just saying... This is part of the email retention regulations companies need to adopt. http://blog.sonian.com/bid/51121/Email-Retention-Policy-Not-Having-One-Could-Cost-Your-Company http://www.in.gov/icpr/files/policyemailandguidelines.pdf May be, we need to be clear on the legal/policy environment one must adhere to before using DMARC? _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
