On Fri, Mar 16, 2018 at 10:47 AM, Steven M Jones <s...@crash.com> wrote:
> On 3/15/18 10:19 AM, Kurt Andersen (b) wrote: > > > - Creating a diagnostic report that would have some additional > information (such as sending address) and URLs without going quite as far > as a forensic report - so something between the aggregate and forensic > levels > > > I'm probably missing something, but -- aren't email addresses usually > classed as PII in the EU, whether they're sending or receiving at the > moment? Seems to me it would run afoul of the privacy regs that tend to > rule out forensic reports in certain jurisdictions... > > Maybe there's a batch/aggregate angle vs. per-message that helps avoid > that concern? Would time and URLs alone be useful enough to warrant the > effort and expense? > There are two aspects to this - 1. batching (lightens the load for reporting receivers), and 2. re privacy - the fact that someone with authority (over the domain) has requested said reports suffices for GDPR legal/consent coverage --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc