Then let's chase the chain of custody problem.
If I have sensitive information, I am obligated to only release it to authorized persons, and they can only be authorized if they agree to follow the same protections. For HIPAA rules in the. U.S., this means that I need a HIPAA business agreement with any organization that might see medical records information, and they are required to have an agreement with any vendor that they use who might see my protected data, to all levels of indirection. Mail has no such control. Any message may be forwarded by any recipient, and any message may be inspected by any MTA to detect malicious intent. Some mail hosting organization pesume a right to pervasive surveillance for revenue purposes. Since I cannot prevent forwarding and cannot ensure TLS encryption at every hop, I cannot even assume that disclosure is limited to sending and receiving organizations and their vendors. Regulatory attempts to prevent message inspection by system administrators can only harm email safety. All of which says that I have no basis for believing that my next message will only be read by the requested recipient. Failure reporting is such a tiny portion of the privacy problem that I do not understand the concern. To the extent that it is a Regulatory issue, the responsibility for compliance is with the current possessor of the data, which would be the entity that is choosing to generate and send reports DF On Wed, Jun 11, 2025, 7:19 AM Alessandro Vesely <ves...@tana.it> wrote: > On Wed 11/Jun/2025 12:42:41 +0200 Douglas Foster wrote: > > All of this seems off topic. > > > Determining whether failure reports bear any usefulness _is_ on topic, > because > of the charter's phrase "or removing failure reporting from DMARC in its > entirety." > > > Best > Ale > -- > > > > > _______________________________________________ > dmarc mailing list -- dmarc@ietf.org > To unsubscribe send an email to dmarc-le...@ietf.org >
_______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org
