We would like to close this ticket two weeks from now, by the end of the year,
so please get on it.
The ticket text is just:
Make it clear in privacy considerations that failure reports can provide
PII well beyond a domain name, and are not sent by most receivers.
Currently, the dmarc-failure-reporting draft includes the Privacy
Considerations of RFC 7489. They address which kind of privacy policy may
conflict with failure reporting. Yet, that section doesn't say what PII is
contained in a reported message, except generically mentioning that "These
reports may expose sender and recipient identifiers (e.g., RFC5322.From
addresses)".
Do we need to clarify more?
Any lawyers in this WG?
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
