Aggregated comments: -------------------------- Aggregate feedback reports contain aggregated data relating to messages purportedly originating from the Domain Owner. The data does not contain any identifying characteristics about individual users. No personal information such as individual email addresses, IP addresses of individuals, or the content of any messages, is included in reports.
Mail Receivers should have no concerns in sending reports as they do not contain personal information. In all cases, the data within the reports relates to the domain-level authentication information provided by mail servers sending messages on behalf of the Domain Owner. This information is necessary to assist Domain Owners in implementing and maintaining DMARC. Domain Owners should have no concerns in receiving reports as they do not contain personal information. The reports only contain aggregated data related to the domain-level authentication details of messages claiming to originate from their domain. This information is essential for the proper implementation and operation of DMARC. Domain Owners who are unable to receive reports for organizational reasons, can choose to exclusively direct the reports to an external processor. -------------------------- Agreeable? -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > -----Original Message----- > From: dmarc <dmarc-boun...@ietf.org> On Behalf Of Alessandro Vesely > Sent: Thursday, February 18, 2021 12:09 PM > To: Kurt Andersen (b) <kb...@drkurt.com>; Ken O'Driscoll > <ken=40wemonitoremail....@dmarc.ietf.org> > Cc: dmarc@ietf.org; John Levine <jo...@taugh.com> > Subject: Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns > > On Thu 18/Feb/2021 17:52:55 +0100 Kurt Andersen (b) wrote: > > On Thu, Feb 18, 2021 at 7:09 AM Ken O'Driscoll <ken= > > 40wemonitoremail....@dmarc.ietf.org> wrote: > > > >> > >> . . . I'd propose something like the below, which I think gets across > >> what we all want to say. > >> > >> ======= > >> Aggregate feedback reports contain anonymized data relating to > >> messages purportedly originating from the Domain Owner. The data does > >> not contain any identifying characteristics about individual senders > >> or receivers. No personal information such as individual email > >> addresses, IP addresses of individuals, or the content of any messages, is > included in reports. > >> > >> Mail Receivers should have no concerns in sending reports as they do > >> not contain personal information. In all cases, the data within the > >> reports relates to the authentication information provided by mail > >> servers sending messages on behalf of the Domain Owner. This > >> information is necessary to assist Domain Owners in implementing and > maintaining DMARC. > >> > >> Domain Owners should have no concerns in receiving reports as they do > >> not contain personal information. The reports only contain aggregated > >> anonymized data related to the authentication details of messages > >> claiming to originate from their domain. This information is > >> essential for the proper implementation and operation of DMARC. > >> Domain Owners who are unable to receive reports for organizational > >> reasons, can choose to exclusively direct the reports to an external > processor. > >> ======= > >> > > > > With a s/anonymized/aggregated/g change, this seems like reasonable > > language. In technical terms, there is no anonymization involved. The > > only other issue might be some ambiguity in the intepretation of the > > term "individual senders or receivers" because the IP addresses of the > > MTAs involved in the email interchange are definitely in the report. > > As someone has pointed out earlier in the thread, a compromised home > > computer which is able to send out on port 25 would indeed be exposed > > in such a scenario, though it is a rare case. > > > I'd s/individual senders or receivers/individual users/. > > Also s/authentication/domain-level authentication/. > > > Best > Ale > -- > > > > > > > > > > > > > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/dmarc__;! > !CQl3mcHX2A!QnQcMsS_KTWtqiiZuaapRUWc3xT1P55tS453rXWzE_lJElYm2DKE3 > yW2lwFWuJZIJs-sye0H4w$ _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
