IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

John R Levine <johnl@taugh.com> Mon, 21 December 2020 21:01 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 627413A11A3 for <dmarc@ietfa.amsl.com>; Mon, 21 Dec 2020 13:01:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=tYdr8+1W; dkim=pass (2048-bit key) header.d=taugh.com header.b=QijfuSTC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23NRV6fwJuXK for <dmarc@ietfa.amsl.com>; Mon, 21 Dec 2020 13:01:46 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50EB13A118F for <dmarc@ietf.org>; Mon, 21 Dec 2020 13:01:45 -0800 (PST)
Received: (qmail 50511 invoked from network); 21 Dec 2020 21:01:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=c54d.5fe10d39.k2012; i=johnl-iecc.com@submit.iecc.com; bh=DxcSO4B433abeG6/SFn3Iz2jldlYc03rh2jyY0wq61k=; b=tYdr8+1W5xPmpvIoJebXBINaH1YD6a6DvIPQezqUPaRzUCi5Xix6N1PPpKIcdvFAi9koMVnQdhn8I41ikD3ZQhCvEdLrrsHsC4tdytlZi3nPsVHyn1my1elK9ZMK102fxAnmhhKYz79aG0IW0s4AH6GzJEviKFR6kl0V2QmNrr3CjrOYOvQzXSFghSdy5nG2TEi6VSrHPEGqkUh5+8WSo5LVtYKfUM/2PfrKPVJEBk0xmgjT2xVpb57UteCWweDlxQoaX5PvAZa+9c0I8zUEPk4qORQ6xJFjgEGZyHoFTgWP3SZb9BEBxvFZTaWXH7CPNfxpolDHk5nvb68mT/T4kA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=c54d.5fe10d39.k2012; olt=johnl-iecc.com@submit.iecc.com; bh=DxcSO4B433abeG6/SFn3Iz2jldlYc03rh2jyY0wq61k=; b=QijfuSTCVWygAWcuhSrqn/KewSf8MAiTY6oizMi2fgSr6X1got3qn+SZu76E/neBXy8yPBjSDDfi7TGicWH+sEsOGDuX33MlRlY9s+KvRCiklgu3K3H+bupaXsWKuKGULzDqYTNwPxEilMDoDN4BIpEr0+wVyqASahPVR/IEGCCRssMBqrzQIWnEZ3g5gDVmdz29O5aTn4I4u+JwvDGhQEIIkuWlCeQ/7/fmwRooomu4Ab8KVvB/yaBA22i5Br2HaldaoES6ln4RgKkfV4Aolo5C903LEZ9tHB18EOonxECy1rtca76m9CusHmMaHKa7lb6VrPbl5ehd4KGhqRKP3Q==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 21 Dec 2020 21:01:44 -0000
Date: Mon, 21 Dec 2020 16:01:44 -0500
Message-ID: <46339b38-3b24-bcb7-5e73-8a97038ed69@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Alessandro Vesely <vesely@tana.it>, John R Levine <johnl@taugh.com>, dmarc@ietf.org
In-Reply-To: <3034face-b6fc-0ce2-fa1b-f59210bd6f5b@tana.it>
References: <20201218023900.E73B82ACBB2B@ary.qy> <4a43ffaa-3987-c892-cce7-56f18888cdf5@tana.it> <39125012-e356-d62d-36fd-a7ff25a9f59f@taugh.com> <e6880ba9-f5f3-1050-25c0-658551187512@tana.it> <6bba023-d3d9-63a5-8441-11dac9a05e28@taugh.com> <74051a64-871a-db72-b5d9-1be374e23015@tana.it> <a323077-9b64-555b-3561-62cdc93819fd@taugh.com> <a8281e16-9417-5189-df73-79ea0a865fbd@tana.it> <c713b9ae-a364-1ae0-e79-55f61624aa3d@taugh.com> <3034face-b6fc-0ce2-fa1b-f59210bd6f5b@tana.it>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WbQwU4uIi71Cm3aHUktAONdraFE>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2020 21:01:48 -0000

> Sorry for my lack of details.  I was considering the cases where a bounce or 
> a failure report reveal that user@example.com forwards to 
> user@secret.example. That is, a user may want to receive mail destined to her 
> (old) address, but does not want (old) contacts to become aware of her new 
> one.  The address she uses to subscribe to a mailing list is obviously 
> revealed to the MLM.  It is not secret in that sense.

You keep confirming what I am saying.

The failure report from user@secret.example would go to the report 
receiver of whoever sent the message in the first place if the MLM doesn't 
munge From, or to the MLM if it does.  Either way, it's leaking PII.

> What is evident is that, as conceived, failure reports break privacy enough 
> to make an admin's skin crawl.

Right.

> I think we should convey the fact that failure reports are (to be) sent in limited circumstances and with due 
> circumspection.

Yes, that is more or less what I have been saying, only I'd say you 
probably don't want to send them at all since they have turned out not to 
be important.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email