On Fri 18/Dec/2020 21:05:43 +0100 John R Levine wrote:
[ failure reports leak PII including forwarded recipients ]
Are failure reports about forwarded messages still useful? If not so much,
perhaps we could deplore them.
There's no mechanical way to tell whether a message has been forwarded as
opposed to bcc or a mailing list or a local redistribution list or
whatever.
Given how few sites send failure messages, and that we all seem able to
manage our DMARC setups without them, I don't think they're worth a lot of
effort. Hence my suggestion for simplified advice.
Keeping the target of forwarded messages private needs to be addressed at
emailcore as well, though. Regular bounces leak the same info.
That seems like a great way to destroy mailing lists by not telling them
which recipients are bouncing.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
