On Thu 06/Dec/2018 18:48:00 +0100 Scott Kitterman wrote: > On December 6, 2018 5:39:56 PM UTC, Alessandro Vesely <[email protected]> wrote: >> On Sat 01/Dec/2018 02:27:54 +0100 Scott Kitterman wrote: >>> >>> Perhaps we need to step back and see if there is consensus that the privacy >>> considerations in the draft are substantially correct and if risk mitigation >>> is needed as described. >> >> >> How about expanding on this: >> >> On Sat 01/Dec/2018 00:37:24 +0100 Scott Kitterman wrote: >>> >>> I don't think wide open TLDs like .com ought to be stimulating feedback on >>> any lower level elements of the DNS tree. >> >> IMHO, statistics derived thereof would be an interesting read. > > I'm not sure I understand? How much would be okay?
Eh? How much of what? I meant, let's consider average.com which doesn't have a DMARC record. I receive a message from [email protected], so I lookup _dmarc.average.com and get NXDOMAIN, then let's say I lookup _dmarc.com and find a record there. In the end of day I'll mail an aggregate record saying I received 1 message from 192.0.2.1 using From: domain average.com, valid spf average.com, no dkim. That way, Verisign will get to know how many messages, from which mailouts, featuring what auth methods average.com send each day. Ditto for any other domains which don't bother publishing their own DMARC records. For ESPs, those numbers reveal something about their business volumes. Ditto for e-commerce businesses or similar, which send e-mail transactions. How much of a risk is that, compared to, say, their ISPs' data, or their accountants'? On Sat 05/May/2018 15:55:37 +0200 John Levine via dmarc-discuss wrote: > My feedback goes into a database where I do occasional summary > queries. I don't recall any particular problems doing the analysis > and it is kind of fun to extract numbers like how many NANOG > subscribers get their mail at Gmail. By the time From:-rewriting takes hold, even such amusing diversions won't be possible. I think John was among the first to store reports in a DB. The above quote is about the only finding I happened to hear from him on this subject. I may be dumb, but I have difficulty in getting useful data from aggregate records. And still don't see the risk. Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
