On Sun 20/Dec/2020 19:17:03 +0100 John R Levine wrote:
On Fri 18/Dec/2020 21:05:43 +0100 John R Levine wrote:
[ failure reports leak PII including forwarded recipients ]
Are failure reports about forwarded messages still useful? If not so much,
perhaps we could deplore them.
There's no mechanical way to tell whether a message has been forwarded as
opposed to bcc or a mailing list or a local redistribution list or whatever.
One could judge by verified SPF alignment. Such kind of gross misconfiguration
can be detected by aggregate reports, so disabling RUF doesn't seem to be an
irrecoverable loss.
Given how few sites send failure messages, and that we all seem able to manage
our DMARC setups without them, I don't think they're worth a lot of effort.
Hence my suggestion for simplified advice.
Agreed. However, cutting down sending times might be reassuring.
Keeping the target of forwarded messages private needs to be addressed at
emailcore as well, though. Regular bounces leak the same info.
That seems like a great way to destroy mailing lists by not telling them which
recipients are bouncing.
Temporary failures (over quota) don't hurt mailing lists. Permanent failures
(target account takedown) deserve bounces right from the forwarding address.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
