On Thu, Mar 20, 2025 at 9:16 AM Matt Ratliff <matt= 40funneltechie....@dmarc.ietf.org> wrote:
> Based on my experience, RUF (forensic failure reports) have not been as > valuable as initially intended. While some entities still provide failure > reports, their usefulness in troubleshooting is limited unless one is > willing to analyze them at a deep level, which is often impractical. > > Since most providers have opted to redact PII it has made these reports > largely ineffective. Given that the industry has already moved away from > using them in a meaningful way, it makes sense to close the loop and > deprecate failure reporting altogether formally. > > Option 3 makes the most sense in this case. > To me, redaction of PII in Failure Reports is a red herring. It is rather trivial to embed a "pointer" to the user in the Message ID, insert in URLS as a variable or by other means if you are the sending domain. This also mitigates the risk of PII leakage to third parties if the domain generating the report is redacting visible PII. Michael Hammer
_______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org
