Todd, I am not trying to plow new ground here. I thought I was restating the consensus position, for which you were a key player.
There were tickets asking for the target domain to be included in the reports, and to disaggregate based on target domain. You argued that sender authentication policy would be determined by the server organization, not by the client domain. So we don't need to know which GSuite client organization was targeted, only that a GSuite server made the disposition decision. There was also concern that disaggregating by target domain was an unsupportable burden on organizations that have many thousands of client domains. Then Laura expressed her concerns about online stalking. It solidified resistance to including target domain in the reports. It was followed by a discussion of whether very-low-count results should be reported at all, aggregated to a higher level, or allowed. Given all of this, I was surprised to subsequently see that AOL/Verizon/Yahoo was voluntarily disaggregating by domain. The reverse was ProofPoint, which aggregates on a server identity that is unrelated to anything in my SMTP logs, so I am hard pressed to know what messages are being reported. I am willing to accept that we have little control over reporter behavior, and our primary response should be gratitude. I see no way to fix the problem, but since we were building a list of all of the inconsistencies, it seemed like these should be added to the list. Doug On Mon, Oct 3, 2022 at 9:14 AM Todd Herr <todd.herr= [email protected]> wrote: > On Mon, Oct 3, 2022 at 7:01 AM Douglas Foster < > [email protected]> wrote: > >> You did not mention the differences in aggregation. >> AOL/Yahoo/Verizon send a unique report for each target domain, even >> though this approach has been rejected as unnecessary and more likely to >> involve privacy violations. >> > > Who rejected this approach as unnecessary? > Also, please describe the privacy violations about which you're concerned, > and compare and contrast your position with that of this document - > https://certified-senders.org/wp-content/uploads/2018/08/Report_DMARC_and_GDPR.pdf > > -- > > *Todd Herr * | Technical Director, Standards and Ecosystem > *e:* [email protected] > *m:* 703.220.4153 > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
