IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Michael Thomas <mike@mtcc.com> Tue, 05 January 2021 23:50 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8DBB3A0EA7 for <dmarc@ietfa.amsl.com>; Tue, 5 Jan 2021 15:50:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.013
X-Spam-Level:
X-Spam-Status: No, score=-2.013 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L6OTDp4ps0OY for <dmarc@ietfa.amsl.com>; Tue, 5 Jan 2021 15:50:47 -0800 (PST)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5310E3A0EA4 for <dmarc@ietf.org>; Tue, 5 Jan 2021 15:50:47 -0800 (PST)
Received: by mail-pf1-x429.google.com with SMTP id m6so664713pfm.6 for <dmarc@ietf.org>; Tue, 05 Jan 2021 15:50:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=yY5HSSyXfj+o2HxnhAHxJ5llP6LyKp9ph+qPZ6Lsby4=; b=Nb9Tk3VGzxwnIFzLkALwwDzDulCxsN+RyhFAOfHYEP7x7kdHGUOH66A7xgEC1SG6gh ku3zk5aQHX7BUoxILeilMifmMBNMC7voWjv8NctET+c3rFeWexXdRdzIvQavqSeGthId DDdMyjCHEWJnqyMHFFrxQj4sIEnql93Slegvu5gOEfxaaFgORhV9P6z5QfhKakAfU9Uu YCXAKYVch/+yo3Zm24XKeDx8iRpBGlq5srY7Ev0K4mAaat7u/CrNAXF9agQ6JN8OyWaS YNeBiD9SCifn1u29t3WRU/cWdximpcg+26b/rLom2KRWsiztoZhPxrJ7JN0cQFJLwhaT 8DFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=yY5HSSyXfj+o2HxnhAHxJ5llP6LyKp9ph+qPZ6Lsby4=; b=imScQtvPXPv12R8u3/3WVOpwp65YQuLami2LJmfPAz9ZRaSSw2V7j3LiIeIVh81Om0 EhIzvUNrLGG8yJrUodLR/SNGZ7ZzuhrA/0Y4i2C5AEDpS4faYrLvf0pKkM6Oigqjma2y 3qqwgwTVOHN89Aw/MkMA7q5KUG2mUIALbqX+12T0JbfHtur779yYsNiQ4/piaZestC3v ALCv0DaFBlyXnFVcA8rrgDXmxTez8QnBKFRj7ONPOP8nrJD0yPZkllj6KirLEExncQEd CrTSNkuNEppSY4bORc3jP/H5loj4WT9wAAnDpROOU3Frk+As8BmK8F5kgx88iwGYFRiz EvDw==
X-Gm-Message-State: AOAM530YDmY7uA67BRM/s5rxVfCNaEWx/A0bB6RYszXS994P7E84x3Dr acIdrPlyVHp6l8LZmpompTHeWnOvE+cpEI+D
X-Google-Smtp-Source: ABdhPJx4YbpF0EBJYGNk9kUo+YrRdbWbwPixAxYrErbUbsfsR9YxCQIN4CqI9ngYkDLvO3QXDrU30Q==
X-Received: by 2002:a65:6409:: with SMTP id a9mr1511460pgv.171.1609890646150; Tue, 05 Jan 2021 15:50:46 -0800 (PST)
Received: from mike-mac.lan (107-182-39-88.volcanocom.com. [107.182.39.88]) by smtp.gmail.com with ESMTPSA id k18sm310035pjz.26.2021.01.05.15.50.45 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 Jan 2021 15:50:45 -0800 (PST)
To: Dave Crocker <dcrocker@gmail.com>, dmarc@ietf.org
References: <20210104174623.2545154CFF9F@ary.qy> <FD45F9FC-46B0-40A9-ADC6-DDD7650D62F2@bluepopcorn.net> <ae77d9f-6f63-16ca-903a-7cb463a7b58d@taugh.com> <CABuGu1o2t7WaEOh+nsx3_MRUGgGHqKHzQ9302FM9-HL0GxvJvA@mail.gmail.com> <f15c8f53-8075-99a1-83c7-f687200e6a94@gmail.com> <f640ee95-ba0a-6aa7-1a14-2af1db151e27@mtcc.com> <050e8614-c088-a165-a733-35c5eee52eed@gmail.com> <cd3a41e8-cc4f-05eb-5c86-47b0047e8d08@mtcc.com> <d9e23994-8666-5c3f-3e42-9a12a2ed6daf@gmail.com> <974f9dcd-33ec-9d11-7857-3a473f994a2c@mtcc.com> <72d6bc7d-6862-8184-9f16-e1cc14120239@gmail.com> <f9244f50-8748-a395-a412-ca82bfe6bbea@mtcc.com> <4f2250f2-cc1c-5c3e-3d64-fa0e8b4ad086@gmail.com> <fcd84963-48dd-1fd0-a754-769f8cd7b58c@mtcc.com> <cba89cdb-40c6-48ff-45a0-287117a90385@gmail.com> <215493fa-a033-e5b0-ce8d-4a409ae93684@mtcc.com> <fa04ac5d-3a9f-5546-c77b-e6ddb5c1b1d4@gmail.com> <b3d77e5a-8024-218f-cd3c-6286f9ecd7dc@mtcc.com> <a7e6944a-363c-9d40-9cd9-1fe640ea6cfb@gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <e509cd25-19f9-ae75-ba62-30173af6857b@mtcc.com>
Date: Tue, 05 Jan 2021 15:50:44 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <a7e6944a-363c-9d40-9cd9-1fe640ea6cfb@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/43R-UIuFbqTUuNZPispiFxiuoP4>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 23:50:49 -0000

On 1/5/21 3:44 PM, Dave Crocker wrote:
> On 1/5/2021 2:57 PM, Michael Thomas wrote:
>>>
>>> Oh?  A trust indicator to a user, flagging a domain name, isn't 
>>> pretty much the same?  Please explain.
>>>
>> Pretty much != same.
>>
> A trust indicator, to a user, flagging a domain name. Essentially the 
> same user-oriented mechanism. Web vs. email.  Why and how does that 
> make a difference?
>
> The extensive experience with the web EV experiment has been that it 
> does NOT make a difference.  Since you seem to dismiss this web 
> experience, please explain why it is not relevant to the current topic.

I'm dismissing nothing. That is a strawman. I already said why its 
problematic to compare the two which apparently you did dismissing and 
why it's preferable to have an apples-apples comparison.

>> The study was directly about email. If you read it, the authors were 
>> also skeptical about the efficacy.
>>
> Exactly.  Thank you for noting that.  But, then, it raises the 
> question of why you cited it as demonstrating meaningful efficacy for 
> signalling DMARC results to end users?
>
Quit cutting out needed context to make your points. The study directly 
contradicts your categorical statement. Your issue is with the study's 
authors not me. Quit shooting the messenger.

Mike, this is just silly. and typical. I'm done.

v2.23.0 | Report a Bug | By Email