On Thu, Feb 18, 2021 at 7:09 AM Ken O'Driscoll <ken= [email protected]> wrote:
> > . . . I'd propose something like the below, which I think gets across what > we all want to say. > > ======= > Aggregate feedback reports contain anonymized data relating to messages > purportedly originating from the Domain Owner. The data does not contain > any identifying characteristics about individual senders or receivers. No > personal information such as individual email addresses, IP addresses of > individuals, or the content of any messages, is included in reports. > > Mail Receivers should have no concerns in sending reports as they do not > contain personal information. In all cases, the data within the reports > relates to the authentication information provided by mail servers sending > messages on behalf of the Domain Owner. This information is necessary to > assist Domain Owners in implementing and maintaining DMARC. > > Domain Owners should have no concerns in receiving reports as they do not > contain personal information. The reports only contain aggregated > anonymized data related to the authentication details of messages claiming > to originate from their domain. This information is essential for the > proper implementation and operation of DMARC. Domain Owners who are unable > to receive reports for organizational reasons, can choose to exclusively > direct the reports to an external processor. > ======= > With a s/anonymized/aggregated/g change, this seems like reasonable language. In technical terms, there is no anonymization involved. The only other issue might be some ambiguity in the intepretation of the term "individual senders or receivers" because the IP addresses of the MTAs involved in the email interchange are definitely in the report. As someone has pointed out earlier in the thread, a compromised home computer which is able to send out on port 25 would indeed be exposed in such a scenario, though it is a rare case. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
