I'm comfortable with the language. Michael Hammer
On Thu, Feb 18, 2021 at 3:40 PM Brotman, Alex <Alex_Brotman= [email protected]> wrote: > Aggregated comments: > > -------------------------- > Aggregate feedback reports contain aggregated data relating to messages > purportedly originating from the Domain Owner. The data does not contain > any identifying characteristics about individual users. No personal > information such as individual email addresses, IP addresses of > individuals, or the content of any messages, is included in reports. > > Mail Receivers should have no concerns in sending reports as they do not > contain personal information. In all cases, the data within the reports > relates to the domain-level authentication information provided by mail > servers sending messages on behalf of the Domain Owner. This information is > necessary to assist Domain Owners in implementing and maintaining DMARC. > > Domain Owners should have no concerns in receiving reports as they do not > contain personal information. The reports only contain aggregated data > related to the domain-level authentication details of messages claiming to > originate from their domain. This information is essential for the proper > implementation and operation of DMARC. Domain Owners who are unable to > receive reports for organizational reasons, can choose to exclusively > direct the reports to an external processor. > -------------------------- > > Agreeable? > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse & Messaging Policy > Comcast > > > -----Original Message----- > > From: dmarc <[email protected]> On Behalf Of Alessandro Vesely > > Sent: Thursday, February 18, 2021 12:09 PM > > To: Kurt Andersen (b) <[email protected]>; Ken O'Driscoll > > <[email protected]> > > Cc: [email protected]; John Levine <[email protected]> > > Subject: Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns > > > > On Thu 18/Feb/2021 17:52:55 +0100 Kurt Andersen (b) wrote: > > > On Thu, Feb 18, 2021 at 7:09 AM Ken O'Driscoll <ken= > > > [email protected]> wrote: > > > > > >> > > >> . . . I'd propose something like the below, which I think gets across > > >> what we all want to say. > > >> > > >> ======= > > >> Aggregate feedback reports contain anonymized data relating to > > >> messages purportedly originating from the Domain Owner. The data does > > >> not contain any identifying characteristics about individual senders > > >> or receivers. No personal information such as individual email > > >> addresses, IP addresses of individuals, or the content of any > messages, is > > included in reports. > > >> > > >> Mail Receivers should have no concerns in sending reports as they do > > >> not contain personal information. In all cases, the data within the > > >> reports relates to the authentication information provided by mail > > >> servers sending messages on behalf of the Domain Owner. This > > >> information is necessary to assist Domain Owners in implementing and > > maintaining DMARC. > > >> > > >> Domain Owners should have no concerns in receiving reports as they do > > >> not contain personal information. The reports only contain aggregated > > >> anonymized data related to the authentication details of messages > > >> claiming to originate from their domain. This information is > > >> essential for the proper implementation and operation of DMARC. > > >> Domain Owners who are unable to receive reports for organizational > > >> reasons, can choose to exclusively direct the reports to an external > > processor. > > >> ======= > > >> > > > > > > With a s/anonymized/aggregated/g change, this seems like reasonable > > > language. In technical terms, there is no anonymization involved. The > > > only other issue might be some ambiguity in the intepretation of the > > > term "individual senders or receivers" because the IP addresses of the > > > MTAs involved in the email interchange are definitely in the report. > > > As someone has pointed out earlier in the thread, a compromised home > > > computer which is able to send out on port 25 would indeed be exposed > > > in such a scenario, though it is a rare case. > > > > > > I'd s/individual senders or receivers/individual users/. > > > > Also s/authentication/domain-level authentication/. > > > > > > Best > > Ale > > -- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > dmarc mailing list > > [email protected] > > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/dmarc__ > ;! > > !CQl3mcHX2A!QnQcMsS_KTWtqiiZuaapRUWc3xT1P55tS453rXWzE_lJElYm2DKE3 > > yW2lwFWuJZIJs-sye0H4w$ > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
