Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns

Ken O'Driscoll <ken@wemonitoremail.com> Thu, 18 February 2021 15:09 UTC

Return-Path: <ken@wemonitoremail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11A0E3A1338 for <dmarc@ietfa.amsl.com>; Thu, 18 Feb 2021 07:09:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wemonitoremail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id md4sV5Q5akjX for <dmarc@ietfa.amsl.com>; Thu, 18 Feb 2021 07:09:22 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60128.outbound.protection.outlook.com [40.107.6.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ED6C3A12A0 for <dmarc@ietf.org>; Thu, 18 Feb 2021 07:09:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A6XHzz1AecUfFx58p3HU6AkoOnjIN1W3JRCmLphv9A6o+BKOrE+SVN8+BMyEVbIhij/UkZRbiCKDUqBGk2bclkprfwZo2/kNJfbLR6qBGJt/+ZFF7l2A96d50urPwUJgkrLLQh4oE8/qbOKuENm5cc7gPJ2yx9xI/iKce+oRlQUSF5qDndI0ShETuOCVgzl2/0tCAgBnt9bxK+Xxeq6JnLQHKy4FqJcpLEwsRwyLTzG+kjDSy8zAefvGqdfI6YRzwmLVQGe+y6MmZcEUQ1cDkMhvw742ty/p1SrrlLEhp7jRHo5eGDQELmiILiVQwmm7vNlSJzS4x00MYTrbv/1Zdg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nkdRo7sdA6NhS0PMNPhgSmDEwHe6CgeCySQQxxTQKiA=; b=YDT9OALp/LthuJdIDHcYYHNbjMNfCOVaGNjqAzQZhxUyfZWpvI99IRDUCperzp3Kh0P1+krc6bH3aJU78bK5Tzti3+ZIkFz+YIQs5IqH/EHigg4LihRD61u/3Tid6hMKhGPDHAiDBWij8U/emBT/xPfHcABUDPghQreDurkR4IzK9isN+j6ksoSQhZmoEsVqOI1g1k6fSqk5HPwy+t0ZI1ji76U/2n8wZ5E9PG/qAvYG5ZV5sQn+oxxpyTdr0w/C4q5iP8lOH2mW3DbqBi31WLZSm0ogxAm032ytUiAoStlZhoQv41j1Zps5etRJB7MEBUIz6uI44mwkmPDCy8R83A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wemonitoremail.com; dmarc=pass action=none header.from=wemonitoremail.com; dkim=pass header.d=wemonitoremail.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemonitoremail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nkdRo7sdA6NhS0PMNPhgSmDEwHe6CgeCySQQxxTQKiA=; b=RSsjkOZFAd7lSdTIl0ye/EZY804UBQ7Q+RJdToJZE490caWyQh8iJ/LqjL06IRluCkPoiua67Lh3YLfve5ygfYi/KEiLrRC9+Vfm4q4UamJTqB6xLNgGfTh3UKFtAnVOSjIp6kZQ9aK4GpWmbG4no0GrrpqbrH/ds3vArHV8lIcos8Jxr2JX2vgoKV0X6SP5i39oYjaM4meYCLO2LsG0WT93/jRfulkH8df4Y4mpqHeKFGxYmYvkG4ufEXfTfvFav+8TQoUuGjz42fmoupQwthCmXiKO5LP2olMzH90xfuXZCOq2MRWKyyGCRm/QKYlBeW+avRsCvJKliFiOFy0WAw==
Received: from VI1PR01MB7053.eurprd01.prod.exchangelabs.com (2603:10a6:800:19a::9) by VI1PR01MB4512.eurprd01.prod.exchangelabs.com (2603:10a6:803:a4::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Thu, 18 Feb 2021 15:09:18 +0000
Received: from VI1PR01MB7053.eurprd01.prod.exchangelabs.com ([fe80::9c69:59f:c073:bd9f]) by VI1PR01MB7053.eurprd01.prod.exchangelabs.com ([fe80::9c69:59f:c073:bd9f%7]) with mapi id 15.20.3846.039; Thu, 18 Feb 2021 15:09:18 +0000
From: Ken O'Driscoll <ken@wemonitoremail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
CC: John Levine <johnl@taugh.com>
Thread-Topic: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns
Thread-Index: AdcBfLdYcAd1ycC0TvWJKBD11cOyegCIhNKAAG9eXXAABJQJQAAMZ9qAABjkaCA=
Date: Thu, 18 Feb 2021 15:09:18 +0000
Message-ID: <VI1PR01MB70530199B815F3216D64E9A2C7859@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
References: <VI1PR01MB70538541D7ADE18A555B05D6C7869@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <20210218024606.4727B6E23874@ary.qy>
In-Reply-To: <20210218024606.4727B6E23874@ary.qy>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=wemonitoremail.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 83dda0b9-f703-46b4-2a50-08d8d41f29f6
x-ms-traffictypediagnostic: VI1PR01MB4512:
x-microsoft-antispam-prvs: <VI1PR01MB4512462EAD376A6290ED04BDC7859@VI1PR01MB4512.eurprd01.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BIOs0imf4NEXlgrSEPVoE4OkpjMXtIDhC+YSTPnAvE6vWDGUUldGGoq2N4ojs4k24Q0GbF/R1ow082iM5iR6iZD+8uNOxM+7VWo/4dRHIsbR77UmutN0tNUdpttCZaT8wSOzV328jVLaK3hJRK9sS205Sz48Hnf3hPxAxylo4TMxJCzyAgr9VZzqXEP33liHgzp5XasruSEfset+hnIYyZ5/eqLLu8vdR1TOIMfJwHtu8nElciHfVFUf5nuBNPuWUwcZiAexEHjc0wSjsfvEA6BKllbjyx6foh07b4gd2O7pIuQr1/D18PsIjYcoDLE5ibBf0SaiYFHFM/sM4WzgWXKyE5omjaM+G7IpURdKk8D7Oc1MCsCamiB+ku1JV1IiBuORptcHXsZG0xHK/orNtx/z43sR1qIUGq0cH92p1AuzcbA5kBTrz1WIe+T19vRAUr8Aq/LSvE3l8bhi7OMA24HIhnnxBmYzX5UBRzxTf9Yypvde1/fr7zON2s77179hog3nDZDdEzv4lpDlOFapUQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR01MB7053.eurprd01.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(366004)(376002)(396003)(136003)(39830400003)(346002)(2906002)(66476007)(66446008)(8936002)(52536014)(4326008)(6506007)(6916009)(71200400001)(53546011)(5660300002)(86362001)(83380400001)(33656002)(316002)(186003)(55016002)(478600001)(64756008)(76116006)(66556008)(9686003)(7696005)(8676002)(26005)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?NjZpcHUwc0QwbnArbkthN0NqWnhBdFlaVjIwdzRaazZ2OUxoWHp0T2RwUjVv?= =?utf-8?B?cHl4dUZ4TG8yc1BVWGw3R1Jsa2hGNFhYV1VBOTFydThqekd5UHN1YzA3YUFx?= =?utf-8?B?WUpLdEFKMnM5UmJDemphOUFFUTNsQ0lHc3FoQjhON3Z3SFdhcXc2dUk3WlZP?= =?utf-8?B?cFVtMVcyV1lvZlFpcy9IVTBDSitDdUZ1UzNDK2N2ZFR1MHU5cm9ycEtTazhh?= =?utf-8?B?cGdqdDc4MiszOXdObkZlMDgwa2tpNWxJSkxKTnlmdWNSV2Q5SXprOXU4WnBK?= =?utf-8?B?aEpRT3BNalZ6VFVNT1krQmxuZzRFbUoyc21EakhST2lXK1VoOE1tVE1SWDVr?= =?utf-8?B?d1BwN05ROHhqNFlrQk1aclRZUThJUm04NHV0ZTR5dXV2ZnhEVUVOTkhVMnIx?= =?utf-8?B?VWsveWhja2hPNFFZRUl3SlZ2MzVYT082VmNYQ0RRbktKMUZYTng0WnFadElo?= =?utf-8?B?ZEwxS1E4dXJJSnczNU5zSnV2cXRLa243ZHpWWTZXUk9EM2gvMUU0TityeW1l?= =?utf-8?B?VEExVmswZDd1R1dEWk93eW5zR0RLTmVORTM5eDUxZkN3YUtXM3hJdmV0RnpM?= =?utf-8?B?Rmc2V1FXaGZ3dXkydnVOR0VyUWxuNkFXSkZ5azArTVRwQkdvSTEvWmplVG12?= =?utf-8?B?bjdIMFIzN0kzS1kxOGluK1dwOVN5TnhWM3lMMG4ySHovV2k0S2M0QmxPZHRQ?= =?utf-8?B?bUJ1aUZ2ZlBmR2ZQU243T2RwOEZTUDlLbWRxb0NYS25MUS8vTTVCcW9heFFl?= =?utf-8?B?NzkrRkFjOENVbldkNHlDWWpQVGpiUWlvY3NJK0NiV01nZjJtRXpDYXJBU0VJ?= =?utf-8?B?SE13T2ZzZ0ptbkdaaXdmcjhRVG5na3FBOEJ0Rld2Z1lFR01BZitxY0xpWE5q?= =?utf-8?B?NWtVWEtGUUptWUlhODcwdUJrOTdPWVBialUwRWcxNWxBQitsaGJPZy9WclBq?= =?utf-8?B?NXA0aUpFaWVLU2pZQ0E2WUFrcE1YWjJHRVRPM2F0R01VcFpBZG92RS8yMzJH?= =?utf-8?B?N3A2anFXNW1ZdU44bll0OTFJbkVIUTBhMnRFMXg0VjdHQ0MvV0VPOEZuVytS?= =?utf-8?B?djJjT041M0tjZjlxQ2ZSSGh3eDZnRWhodGtpSGFDNnVRQ3lQSWJpajZKbjJt?= =?utf-8?B?blVpbXIvME8rMlRjUTI0MDhrRjJCMURlQ0VSZWtjREx4TjRUOSsxN25XRERJ?= =?utf-8?B?aDQ0RXo3Qy9YclAybWpid29aZFNEbDF0eDl0aHNDcmNUK0EwTGRLSGcxRUh3?= =?utf-8?B?WXFuNTUya2pHMzVvSzcyekVtVTZ6TXpqTlJxUUxqUHNrbXRhdU5HWTRVN0Qz?= =?utf-8?B?Y29OOUlCNXh4dU1SQnRBemF4OEJ1UWR5SWhoV2ZTQVV6Sm5iRUV2NWI3c251?= =?utf-8?B?MzFEaFRrSE5tQlVNS1B6bjZxRlBwOERBVXhCNWsxMUhPVVJtNVRHT1N3L1BL?= =?utf-8?B?SzJERW5aV0toSUF5SlBqWm11eFJVYjRORGt6eXlRdzBDUEJmUEtPTGdlRWF6?= =?utf-8?B?R2tMdENRYUxNbm1idVJXRW5YWk10azVGTDRUSkIrOTNHMlUvSFAwZzBrbGRG?= =?utf-8?B?aW91Y3pzanlhWTQ3cER1SGJqOS90RXFWZjVVRHpRWmRabFVHbnJHTS9aM29U?= =?utf-8?B?MUIrY0tDcTFueDFhTDJZN2JqRFZpUU5CWDM4SWh0N0xJaUxGdG8wajJqTjdT?= =?utf-8?B?aE5qcjQwK2xtKzRVbEFUbTROYmhJZllpajdZOHFHUHByUWpsY2xlR2lVU2oy?= =?utf-8?Q?IczVn2Gs/X7Z88a+jc=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: wemonitoremail.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR01MB7053.eurprd01.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 83dda0b9-f703-46b4-2a50-08d8d41f29f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2021 15:09:18.4425 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a2b1d6fe-fc8b-4b7c-b9f1-d7b1ab3d23b3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8iQkjjUTuQaVg8BnqYtN1cUmhAMxcH15tFeOLKcPt1q29W9hRwheuwWDwJygsARn8yYeoNSFFXtMR639A/uzQg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR01MB4512
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/e7Xfm5Z_9LCWWzDSCwUGXmMMQVU>
Subject: Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2021 15:09:24 -0000

In hindsight, it looks a bit strange to have the first paragraph say "don't worry about PII" and the next paragraph say "if you're worried about PII, here's how to mitigate".

But it's a genuine concern (misguided or not) and I've been in enough meetings to at least understand where it comes from, even if I don't agree. So I'd propose something like the below, which I think gets across what we all want to say.

=======
Aggregate feedback reports contain anonymized data relating to messages purportedly originating from the Domain Owner. The data does not contain any identifying characteristics about individual senders or receivers. No personal information such as individual email addresses, IP addresses of individuals, or the content of any messages, is included in reports.

Mail Receivers should have no concerns in sending reports as they do not contain personal information. In all cases, the data within the reports relates to the authentication information provided by mail servers sending messages on behalf of the Domain Owner. This information is necessary to assist Domain Owners in implementing and maintaining DMARC.

Domain Owners should have no concerns in receiving reports as they do not contain personal information. The reports only contain aggregated anonymized data related to the authentication details of messages claiming to originate from their domain. This information is essential for the proper implementation and operation of DMARC. Domain Owners who are unable to receive reports for organizational reasons, can choose to exclusively direct the reports to an external processor.
=======

And, I agree - it's a bit weird to be okay with having a policy to not see your own reports. But the "see no evil, hear no evil" risk mitigation strategy is tried and tested. The whole IG/DPO space is really crazy in some places too.

Ken.

> -----Original Message-----
> From: John Levine <johnl@taugh.com>
> Sent: Thursday 18 February 2021 02:46
> To: dmarc@ietf.org
> Cc: Ken O'Driscoll <ken@wemonitoremail.com>
> Subject: Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns
> 
> In article
> <VI1PR01MB70538541D7ADE18A555B05D6C7869@VI1PR01MB7053.eurprd01.prod.exch
> angelabs.com> you write:
> >Aggregate feedback reports are essential for the proper implementation
> >and operation of DMARC. Domain Owners can choose to exclusively direct
> >reports to a processor external to their organization. In such cases,
> the content of the reports are never sent directly to the Domain Owner.
> 
> That is OK but I would also want to point out that the data are
> aggregated and contain no individual e-mail addresses of senders or
> recipients, nor IP addresses of individuals nor any contents of
> messages, so it is unlikely that they contain any PII.
> 
> I have to say it seems weird to me that it's OK to send whatever to
> external places but not to your own staff.
> 
> R's,
> John