Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report

John Levine <johnl@taugh.com> Thu, 10 December 2020 05:44 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B0003A03EF for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 21:44:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=IA249MeT; dkim=pass (2048-bit key) header.d=taugh.com header.b=eAM8uHt9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOWbtLE_p_y2 for <dmarc@ietfa.amsl.com>; Wed, 9 Dec 2020 21:44:09 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 468A93A03EE for <dmarc@ietf.org>; Wed, 9 Dec 2020 21:44:08 -0800 (PST)
Received: (qmail 38942 invoked from network); 10 Dec 2020 05:44:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=981c.5fd1b5a7.k2012; bh=uumGUdCZmDgH213GE8AAVa4ptIr8/e1Cs1OJPOFfl+U=; b=IA249MeTsJ3z130tZM/2+XikMQ/C12TqRLU/LLWYypcopgv+JM3LthoRekwPIYwqREM012EPDYcQT/sUurg8ufu1lpQ4rjXDO9ZnCfpXB6lh1clsu0s+wPOa+HKwv1/GGjva18gwjT1L1QlUEVJ3N6XBlQjT4wrg7rwbWbfAZyicV/GOEkZWpts53y5UfjsqoHHi9tXgzId+bn8O9susPPi+lUA8h/aqz9lGiT/GLKJ98aLR8NbeOSEbXmlsA6bgjsIb9aUsN38LURGe2ZdEjm9C+rDZIXhxQ+ijzmAFE0zGpR6srv3hQafDeY7sR65a2BmdIu0akK/IlfJ2b8cM1A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=981c.5fd1b5a7.k2012; bh=uumGUdCZmDgH213GE8AAVa4ptIr8/e1Cs1OJPOFfl+U=; b=eAM8uHt9YmenCgiR2FhNWnyEKR+d0d+e9GDAHwBCoEpL6P0IyCJcpp+KWQzpKA/XgMeWhfI/MtXoH/kp+0Vtbr8HXNBQS1B9hYojmZfs9Qo31UHDKB3t24TN93C+Wuellk0QxZvzPDdPpG6L5cHcEBS0B+b5jVbWabpNQtv5LH0zW+gYQrNftTJiCHexbiAQHVts6oLY2zoG6tODVAXX6MTIBc1Kyo6Iok1xbx+wSdT4yblIes97lq6SsYqjv5eEnprgy5UcshISQUWkv6HL1PA4jTHDzziu4lwfYPra5Q5wIZmdSfafhnGe5vMgMYtYAc/Tarbja8Ll0XNqC0ZX9g==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 10 Dec 2020 05:44:07 -0000
Received: by ary.qy (Postfix, from userid 501) id 05D5E294F351; Thu, 10 Dec 2020 00:44:06 -0500 (EST)
Date: Thu, 10 Dec 2020 00:44:06 -0500
Message-Id: <20201210054407.05D5E294F351@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: seth@valimail.com
In-Reply-To: <CAOZAAfNUGVriJfjhQCo_3phg_pajfJsComr8zJBZcL9_Ucy3Nw@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/24BhWv_hs51PjHsI25rKPIM7d9o>
Subject: Re: [dmarc-ietf] Ticket #61 - Define and add a simplified (redacted) failure report
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 05:44:12 -0000

In article <CAOZAAfNUGVriJfjhQCo_3phg_pajfJsComr8zJBZcL9_Ucy3Nw@mail.gmail.com> you write:
>For this ticket in particular-- the simplified failure report with only
>from: and to: addresses speaks to Jesse's exact use case, without any of
>the other PII that tends to get failure reports in privacy trouble (like
>body content and attachments). This approach to Jesse's use case should get
>a fair discussion, separate from whether we want failure reports at all.

Having sat in on far too many GDPR discussions, I'm sure that the To
and From addresses are exactly the kind of PII that makes lawyers
nervous. Keep in mind that there is no guarantee that the entitity
getting the reports has any responsibility for either, particularly if
a third party is collecting the reports.

I don't think this group has any particular expertise in the issues
that are likely to make organizations decide whether there is legal
risk in sending the reports and whether and how much to redact them. I
would leave whole ruf section alone other than perhaps making clearer
that the reports are optional and it may be useful to send even if
they are heavily redacted. As an example, a report with the Message-ID
but no To or From might still be enough for the report recipient to
figure out where a message came from while not disclosing any PII.

R's,
John