On Monday, April 29, 2013 10:28:32 PM Franck Martin wrote: > On Apr 29, 2013, at 1:53 PM, Steve Atkins <[email protected]> wrote: > > On Apr 29, 2013, at 1:40 PM, Franck Martin <[email protected]> wrote: > >> On Apr 29, 2013, at 1:34 PM, John R Levine <[email protected]> wrote: > >>>>> For the institutional domains that are DMARC's main target, there's no > >>>>> problem since there's no mail from individual users, but for domains > >>>>> with people, and particularly domains where the people are not > >>>>> employees of the domain operator, the privacy issues are worrying. > >>>> > >>>> p=none is used on all kind of domains. > >>>> > >>>> Per the spec, the sending of a failure report is not tied to any p=, > >>>> only that the email fails dmarc.>>> > >>> Quite right. For anyone with live users in their mail domains, ruf= > >>> provides the system admin ability to snoop on mail that he should never > >>> have seen.>> > >> I think this statement is overreaching, you have not yet demonstrated > >> that the system admin would have access to emails he would not been able > >> to obtain via other means.> > > If I send mail from my ISPs smarthost, using my corporate email address, > > to a deliverable recipient, how would my corporate postmaster have access > > to that email? > Company policies forbid you to just do that... even to forward your email to > an external mailbox...Just saying... This is part of the email retention > regulations companies need to adopt. > > http://blog.sonian.com/bid/51121/Email-Retention-Policy-Not-Having-One-Could > -Cost-Your-Company http://www.in.gov/icpr/files/policyemailandguidelines.pdf > > May be, we need to be clear on the legal/policy environment one must adhere > to before using DMARC?
I think the privacy/policy considerations are significantly different for aggregate and individual reports, so there are at least two answers for that. Scott K _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
