On Sat 19/Dec/2020 01:03:58 +0100 Seth Blank wrote: > > A privacy consideration should say such a thing, specifically clarify what > may be in a report that could be categorized as PII even after intended > redaction, but refrain from legal advice.
As John pointed out, an IP address can be classed as personal data in a country and not in another. It is hard to tell what data could be PII while refraining from legal considerations. Anyway, email addresses seem to be PII under any legislation. Indeed, that's the only piece of data mentioned by RFC 6590. (Hence I guess one should redact also From:, Jesse's point for ticket #61 notwithstanding.) Yet, spam complaints seem to be sent w/o redaction. I confess I wouldn't know how to carry out an "intended redaction". I cannot recall any useful redacting recommendation for email messages. Most "practical" guides recommend to print them, carefully redact addresses, phone numbers and the like, then scan the result and send the image. Non so practical for a mail filter daemon. I read Outlook has a message redaction feature. I'd be curious about what does that deliver. Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
