On Tue 25/Apr/2023 21:08:56 +0200 John R Levine wrote:
Looks mostly good to me. By the way, that bit about a malicious
Doamin Owner is not hypothetical, and I don't think I'm malicious.
Just make it A Domain Owner ...
Agreed, just Domain Owner then.
Alessandro Vesely wrote on 2023-04-26 09:25:
No, wait. Domain owners can only add something when users posts via
their domain's MSAs. In that case, the information that can be gathered
by aggregate reports is a blurred image of what can be obtained from
internal logs. One can find out who is using external MSAs by matching
connections in small domain to small domain correspondence only.
The Domain Owner may not learn anything new by putting in tracking IDs
into messages, but the privacy leak creeps into the aggregated report
and becomes visible to third-party report processors or organizational
units that have access to the rua mailbox but not the internal logs.
Regards,
Matt
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
