Re: [dmarc-ietf] DMARC forensic reports (ruf=) and privacy

Дилян Палаузов <> Sat, 26 January 2019 16:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 83DC8130E76 for <>; Sat, 26 Jan 2019 08:03:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (4096-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uW-VZSIHBn5T for <>; Sat, 26 Jan 2019 08:03:42 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6054E130E83 for <>; Sat, 26 Jan 2019 08:03:42 -0800 (PST)
Authentication-Results:; auth=pass (PLAIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=k4096; t=1548518620;; r=y; bh=9vtQQzV+JV3TfMI9j86CQ9i7G4UvF+HfBaQRJWTR8q4=; h=Subject:From:To:Date:In-Reply-To:References; b=Dq45TwnECioPkXQXL91eJX+bP+9lJ5an4kBRGaxF1oN0MqGCSHpcS7Z/L70iTciPB 7bvIbX+zBEEkscZi4ZBkIe9raJ2x3h5exhByccA/f5Wsgu/jZtbzmtyT3mv64UxLx2 5v7XRxwlgH8c32WNSOPRGjO8U+kd1hrZXMed3LXqLTeklaIhqcN8OzX1eXax6eO9tL qfEVA9PQAMo0qlWEVZerKzoVqHu6+n68IA0J3w6htKaJjuQ+xphf6ADsBeA5sEHaf2 wXL1y0dSn7Gjk7O2gxSOGd0wKUW3cYlkJOc5EA82V2cEUfyIOkFIp7IsNIVaFK1B9n nNsMzLXX8SJ9DgA9mrKxfT+Yx55an54nTfjS8NJUacCmmxBYCXzyjHweqEqVvPOn4d XFti4D0eFGjeK3zlFkmctrrrSrAp1xP9ju+YnfcHlwmJHAJYRj048qhiLPtFfF67+F sIFwktVjxKnZJrt0NVRzfy1ad0dSe6VIrJmhtz/GNjx2p427yNV5443TBszzvI5hs0 X8mS0jYCqYgUpXR83OuCOLNFaT9Ai94sYj3cxUEquFdhBpe4Lr4D5xuG79mgj4wW9+ 1yUCQyVsVkVtU8Yfk3U86pkP7U8QlOwG9rCFVIDXfcxQcP+x31ynjhZu+nW0Cza6U7 f1K6qEpd9q+T3os+/ZJdEyqY=
Authentication-Results:; dkim=none
Received: from Tylan ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id x0QG3dIc015713 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <>; Sat, 26 Jan 2019 16:03:40 GMT
Message-ID: <>
From: Дилян Палаузов <>
Date: Sat, 26 Jan 2019 16:03:39 +0000
In-Reply-To: <20190126153650.491F6200D38D44@ary.qy>
References: <20190126153650.491F6200D38D44@ary.qy>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.31.90
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.1 at
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [dmarc-ietf] DMARC forensic reports (ruf=) and privacy
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 26 Jan 2019 16:03:44 -0000


On Sat, 2019-01-26 at 10:36 -0500, John Levine wrote:
> In article <> you write:
> > What are the privacy concerns in this simple scenario that speak against sending a DMARC/DKIM report to sending server,
> > telling that the DKIM validation fails?
> The person reading the DMARC reports had enough authority to put a
> record in the DNS, but that is not the same thing as being able to
> read all of the users' mail.
> In large mail systems, different staff have different roles, and very
> few of them can look at users' mail.

Aha, we have staff dealing with DNS, staff dealing with email boxes and domain owners.

How can a domain owner communicate, that its users agree to have investigations on forensic reports, where DKIM
signatures failed (fot the purpose of avoiding repeating errors in DKIM signing/validation)?  In particular, that there
is no expectation of the users that a deleted message is erased and that the domain owner, DNS staff and email staff
function good as whole?