IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Alessandro Vesely <vesely@tana.it> Mon, 21 December 2020 18:57 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21CBE3A1271 for <dmarc@ietfa.amsl.com>; Mon, 21 Dec 2020 10:57:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEYh5h3XB9-T for <dmarc@ietfa.amsl.com>; Mon, 21 Dec 2020 10:57:42 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D2CC3A1266 for <dmarc@ietf.org>; Mon, 21 Dec 2020 10:57:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1608577059; bh=/A+zij/PSPHFvcF8lXfxk5twD/aHUx06JhvdtkyZZYo=; l=1856; h=To:References:From:Date:In-Reply-To; b=BxYBQGH2FkinCKNqVa+XFu1+52RGRCpJ7CHkr9D0iXS1HHsR9ttoqWGVTywCD+/P1 zH8dEvwRbCqJmHFCACeZ4bQNUQm/5hZFKrCufzK3/S655Q+OKQZuG6bm9nMN1fVzrF mAuwJgXiNc190aQ3PYJfiXMV+RSzpp7O43WQIw3BztsbAHYjiF5ld19VXhibZ
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005FE0F023.00007121; Mon, 21 Dec 2020 19:57:39 +0100
To: John R Levine <johnl@taugh.com>, dmarc@ietf.org
References: <20201218023900.E73B82ACBB2B@ary.qy> <4a43ffaa-3987-c892-cce7-56f18888cdf5@tana.it> <39125012-e356-d62d-36fd-a7ff25a9f59f@taugh.com> <e6880ba9-f5f3-1050-25c0-658551187512@tana.it> <6bba023-d3d9-63a5-8441-11dac9a05e28@taugh.com> <74051a64-871a-db72-b5d9-1be374e23015@tana.it> <a323077-9b64-555b-3561-62cdc93819fd@taugh.com> <a8281e16-9417-5189-df73-79ea0a865fbd@tana.it> <c713b9ae-a364-1ae0-e79-55f61624aa3d@taugh.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <3034face-b6fc-0ce2-fa1b-f59210bd6f5b@tana.it>
Date: Mon, 21 Dec 2020 19:57:38 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <c713b9ae-a364-1ae0-e79-55f61624aa3d@taugh.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/18cYqAYPwm8GwMA9Qj7eOlpOo3E>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2020 18:57:44 -0000

On Mon 21/Dec/2020 19:25:48 +0100 John R Levine wrote:
>>>>> That seems like a great way to destroy mailing lists by not telling them 
>>>>> which recipients are bouncing.
>>>
>>> Um, the mailing list *is* the forwarding address.
>>
>> Oh, well, no, in that case the target address is not meant to be kept secret.
> 
> You don't know that.  Keeping in mind that the reports go the the From: 
> address, some lists let subscribers see who else is subscribed, but many do not.


Sorry for my lack of details.  I was considering the cases where a bounce or a 
failure report reveal that user@example.com forwards to user@secret.example. 
That is, a user may want to receive mail destined to her (old) address, but 
does not want (old) contacts to become aware of her new one.  The address she 
uses to subscribe to a mailing list is obviously revealed to the MLM.  It is 
not secret in that sense.


>>> In any event, I think we agree that failure reports are not worth a lot of 
>>> effort here.
>>
>> I'd look for ways to trim them down a bit.  Just enough to let them be 
>> privacy-wise credible.
> 
> As I would have thought was evident by now, there is no such thing.  We have no 
> idea what parts of the message might disclose PII, and we have no idea what 
> relationship (if any) the target of the ruf= might have to the author of the 
> message.  We can just note that ruf can leak personal info and leave it at that.


What is evident is that, as conceived, failure reports break privacy enough to 
make an admin's skin crawl.  I think we should convey the fact that failure 
reports are (to be) sent in limited circumstances and with due circumspection. 
We must underline that in order to differentiate failure from aggregate 
reports, lest people conclude that feedback reporting is a bad idea in general.


Best
Ale
--

v2.23.0 | Report a Bug | By Email