In article <cahej_8kpt2oofojdsj1x+av90hea29yabjvp+ehrpjnxxwp...@mail.gmail.com> you write: >Is it not also important to note that the recipient of the failure report >(the domain owner) may not be the originator of the failed message, and >that fact should also weigh into the consideration of deciding whether to >generate such reports?
The exact same issue applies to aggregate reports which can leak a fair amount of PII from domains with modest amounts of traffic so you can guess who sent what. See my prior message about the county government. R's, John >This email and all data transmitted with it contains confidential and/or >proprietary information intended solely for the use of individual(s) >authorized to receive it. If you are not an intended and authorized >recipient you are hereby notified of any use, disclosure, copying or >distribution of the information included in this transmission is prohibited >and may be unlawful. Please immediately notify the sender by replying to >this email and then delete it from your system. Somehow this boilerplate seems especially ironic. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
