That’s an interesting perspective. While senders could embed identifiers to mitigate PII concerns, the bigger challenge seems to be that most MBPs have already moved away from sending failure reports altogether. Even with a workaround, I wonder if the inconsistency in report availability still limits their practical value.
On Thu, Mar 20, 2025 at 1:31 PM Dotzero <dotz...@gmail.com> wrote: > > > On Thu, Mar 20, 2025 at 9:16 AM Matt Ratliff <matt= > 40funneltechie....@dmarc.ietf.org> wrote: > >> Based on my experience, RUF (forensic failure reports) have not been as >> valuable as initially intended. While some entities still provide failure >> reports, their usefulness in troubleshooting is limited unless one is >> willing to analyze them at a deep level, which is often impractical. >> >> Since most providers have opted to redact PII it has made these reports >> largely ineffective. Given that the industry has already moved away from >> using them in a meaningful way, it makes sense to close the loop and >> deprecate failure reporting altogether formally. >> >> Option 3 makes the most sense in this case. >> > > To me, redaction of PII in Failure Reports is a red herring. It is rather > trivial to embed a "pointer" to the user in the Message ID, insert in URLS > as a variable or by other means if you are the sending domain. This also > mitigates the risk of PII leakage to third parties if the domain generating > the report is redacting visible PII. > > Michael Hammer > -- Matt Ratliff Founder, FunnelTechie www.funneltechie.com
_______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org
