Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII Concerns
Seth Blank <seth@valimail.com> Fri, 12 February 2021 21:27 UTC
Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 16A663A0EE6
for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 13:27:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6Xu_N59Of5H4 for <dmarc@ietfa.amsl.com>;
Fri, 12 Feb 2021 13:27:17 -0800 (PST)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com
[IPv6:2607:f8b0:4864:20::e30])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 30D873A0EE5
for <dmarc@ietf.org>; Fri, 12 Feb 2021 13:27:17 -0800 (PST)
Received: by mail-vs1-xe30.google.com with SMTP id y123so317107vsy.13
for <dmarc@ietf.org>; Fri, 12 Feb 2021 13:27:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=valimail.com; s=google2048;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=yGo4J8zevOuhOlNM6+fuGXsebTzN9yKOPoZRgzr64Ao=;
b=LT+ilJsrIFoWD4jDPYH7AjJ4YKK5J1KAXPUvPA8g+zf18yUCNrscatFZ1WkBJQ7QTB
Ei8NO/RiiWWMF2TptMzj+vq/Nvh15n8eShdNFipvJh0GmwHJdCOZ69uegM8EbWIm4FEK
EWvjnD6Eu/i0oc5/RprARgiMJvegUbLFYZ4cGbdRZwMfR7NePiHjXesyF5QDl3TK8Zu+
YHamojC3MFWhahIuCvtAogdJLfwy23P3T7+XZQtAJcseIZ9WcAWPUBps/C1H///h0LlM
QvkL8CXK1xsdoFm9AjezaiaIv0RuVzX7hesoKld5qYW//rXcbiiH2ciUL+cbCbLr91GO
slXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=yGo4J8zevOuhOlNM6+fuGXsebTzN9yKOPoZRgzr64Ao=;
b=hM7GExJfSAkJ32CSW3FNRJSFvYExKHP+ryhFBIEbU9W615/tQgXwj+1jrgcxvZSEAg
fCQISoI7OW48RosTPXPoRnCr2ACGlhOF+z/JxRIJYMAFwncn79PGwTeGRt+C+Q9fK+SA
HRt7W2rSGuh0fjyNy5sFAopid4caPtaJvrXNm6TgPDfXWR42B9CuJpx4RlNBPDMq9MRH
YgyagPSoAt3H8wqNkzz9CyPvy5tWAXgjyffgdoJfYakGSTl+zHYsGsVk55fwsa1ENScr
xeYX4UZ0P6LCY07UVJhnzhkxjA13LH8ffcJ8FtyXiMasUJZiwWeICmiHqwETPwRMCT7z
l6SA==
X-Gm-Message-State: AOAM533Cam9Y/R3/8MmBd+3vtKIfBbFMmTaRvVPezzJfnnOJKpm3mmmx
YgBc33FTJH5dfzvYq4gaAT8BzfUHAtVsNEeyeWz1ng==
X-Google-Smtp-Source: ABdhPJzVf3oShNpTsC2aocEACiYG+q0Zn8LnataiEAgwzLEXbz7jfz0G/O/Px3r+QOBM90gt14e+JyU2x5Bzmhmp4y8=
X-Received: by 2002:a05:6102:a1c:: with SMTP id
t28mr3341416vsa.56.1613165234674;
Fri, 12 Feb 2021 13:27:14 -0800 (PST)
MIME-Version: 1.0
References: <MN2PR11MB435185A171029EF4282A2BF4F78B9@MN2PR11MB4351.namprd11.prod.outlook.com>
<20210212204624.BD53A6DDB3F5@ary.qy>
<MN2PR11MB435180303B5EAD3349B189F1F78B9@MN2PR11MB4351.namprd11.prod.outlook.com>
<CAOZAAfPOW6DC3q0pusF4pZr5+OwdEBWWg284RFPfEEUv5_uQOw@mail.gmail.com>
<9ca2792f-d7d2-70b6-a814-a08bfc31d9ba@taugh.com>
In-Reply-To: <9ca2792f-d7d2-70b6-a814-a08bfc31d9ba@taugh.com>
From: Seth Blank <seth@valimail.com>
Date: Fri, 12 Feb 2021 13:27:03 -0800
Message-ID: <CAOZAAfOBE9Dt+a7i1U83tpA4hVGcfZfDcd_8wDpH2opVoi-R0g@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c6f41e05bb2a4cbc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/sdV-_Tt3TYCkV7d7ZyhbOQzjb64>
Subject: Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII
Concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 21:27:19 -0000
Yes, very true. Again as an individual, I think it's worth calling out explicitly in the draft, simply because it does seem to cause friction with implementations. On Fri, Feb 12, 2021 at 1:23 PM John R Levine <johnl@taugh.com> wrote: > > In the data itself, there are summaries of IP addresses and > authentication > > statuses of mail that fall into three categories: 1) mail that is > > authenticated by the domain, 2) mail that fails to authenticate as the > > domain, and 3) mail that is wholly unauthenticated. From a domain owner > > perspective, this means they get reports of mail that is 1) authorized by > > them, 2) not authorized by them, or 3) broken by forwarding or other > > rewriting by an intermediary. ... > > All true, but more to the point, the reports include IP addresses and > domain names of mail servers and DKIM signers, not IP or e-mail addresses > of individual users. There's no PII other than in the extreme case that > the domain has only a single user so all of the mail can be attributed to > that user. > > R's, > John > > PS: updated the ticket title to say aggregate reports > > PPS: that extreme case lets me tell things like how many NANOG subscribers > get their mail at gmail. > -- *Seth Blank* | VP, Standards and New Technologies *e:* seth@valimail.com *p:* 415.273.8818 ` This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [dmarc-ietf] Ticket #64 - Contained Data PII Conc… Brotman, Alex
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … John Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… Brotman, Alex
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… Seth Blank
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… John R Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… Seth Blank
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Alessandro Vesely
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Brotman, Alex
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Ken O'Driscoll
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Douglas Foster
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … John Levine
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Ken O'Driscoll
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Ken O'Driscoll
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Kurt Andersen (b)
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Alessandro Vesely
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Brotman, Alex
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Dotzero