Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII Concerns

Seth Blank <seth@valimail.com> Fri, 12 February 2021 21:27 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A663A0EE6 for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 13:27:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Xu_N59Of5H4 for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 13:27:17 -0800 (PST)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30D873A0EE5 for <dmarc@ietf.org>; Fri, 12 Feb 2021 13:27:17 -0800 (PST)
Received: by mail-vs1-xe30.google.com with SMTP id y123so317107vsy.13 for <dmarc@ietf.org>; Fri, 12 Feb 2021 13:27:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yGo4J8zevOuhOlNM6+fuGXsebTzN9yKOPoZRgzr64Ao=; b=LT+ilJsrIFoWD4jDPYH7AjJ4YKK5J1KAXPUvPA8g+zf18yUCNrscatFZ1WkBJQ7QTB Ei8NO/RiiWWMF2TptMzj+vq/Nvh15n8eShdNFipvJh0GmwHJdCOZ69uegM8EbWIm4FEK EWvjnD6Eu/i0oc5/RprARgiMJvegUbLFYZ4cGbdRZwMfR7NePiHjXesyF5QDl3TK8Zu+ YHamojC3MFWhahIuCvtAogdJLfwy23P3T7+XZQtAJcseIZ9WcAWPUBps/C1H///h0LlM QvkL8CXK1xsdoFm9AjezaiaIv0RuVzX7hesoKld5qYW//rXcbiiH2ciUL+cbCbLr91GO slXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yGo4J8zevOuhOlNM6+fuGXsebTzN9yKOPoZRgzr64Ao=; b=hM7GExJfSAkJ32CSW3FNRJSFvYExKHP+ryhFBIEbU9W615/tQgXwj+1jrgcxvZSEAg fCQISoI7OW48RosTPXPoRnCr2ACGlhOF+z/JxRIJYMAFwncn79PGwTeGRt+C+Q9fK+SA HRt7W2rSGuh0fjyNy5sFAopid4caPtaJvrXNm6TgPDfXWR42B9CuJpx4RlNBPDMq9MRH YgyagPSoAt3H8wqNkzz9CyPvy5tWAXgjyffgdoJfYakGSTl+zHYsGsVk55fwsa1ENScr xeYX4UZ0P6LCY07UVJhnzhkxjA13LH8ffcJ8FtyXiMasUJZiwWeICmiHqwETPwRMCT7z l6SA==
X-Gm-Message-State: AOAM533Cam9Y/R3/8MmBd+3vtKIfBbFMmTaRvVPezzJfnnOJKpm3mmmx YgBc33FTJH5dfzvYq4gaAT8BzfUHAtVsNEeyeWz1ng==
X-Google-Smtp-Source: ABdhPJzVf3oShNpTsC2aocEACiYG+q0Zn8LnataiEAgwzLEXbz7jfz0G/O/Px3r+QOBM90gt14e+JyU2x5Bzmhmp4y8=
X-Received: by 2002:a05:6102:a1c:: with SMTP id t28mr3341416vsa.56.1613165234674; Fri, 12 Feb 2021 13:27:14 -0800 (PST)
MIME-Version: 1.0
References: <MN2PR11MB435185A171029EF4282A2BF4F78B9@MN2PR11MB4351.namprd11.prod.outlook.com> <20210212204624.BD53A6DDB3F5@ary.qy> <MN2PR11MB435180303B5EAD3349B189F1F78B9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAOZAAfPOW6DC3q0pusF4pZr5+OwdEBWWg284RFPfEEUv5_uQOw@mail.gmail.com> <9ca2792f-d7d2-70b6-a814-a08bfc31d9ba@taugh.com>
In-Reply-To: <9ca2792f-d7d2-70b6-a814-a08bfc31d9ba@taugh.com>
From: Seth Blank <seth@valimail.com>
Date: Fri, 12 Feb 2021 13:27:03 -0800
Message-ID: <CAOZAAfOBE9Dt+a7i1U83tpA4hVGcfZfDcd_8wDpH2opVoi-R0g@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c6f41e05bb2a4cbc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/sdV-_Tt3TYCkV7d7ZyhbOQzjb64>
Subject: Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII Concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 21:27:19 -0000

Yes, very true. Again as an individual, I think it's worth calling out
explicitly in the draft, simply because it does seem to cause friction with
implementations.

On Fri, Feb 12, 2021 at 1:23 PM John R Levine <johnl@taugh.com> wrote:

> > In the data itself, there are summaries of IP addresses and
> authentication
> > statuses of mail that fall into three categories: 1) mail that is
> > authenticated by the domain, 2) mail that fails to authenticate as the
> > domain, and 3) mail that is wholly unauthenticated. From a domain owner
> > perspective, this means they get reports of mail that is 1) authorized by
> > them, 2) not authorized by them, or 3) broken by forwarding or other
> > rewriting by an intermediary. ...
>
> All true, but more to the point, the reports include IP addresses and
> domain names of mail servers and DKIM signers, not IP or e-mail addresses
> of individual users.  There's no PII other than in the extreme case that
> the domain has only a single user so all of the mail can be attributed to
> that user.
>
> R's,
> John
>
> PS: updated the ticket title to say aggregate reports
>
> PPS: that extreme case lets me tell things like how many NANOG subscribers
> get their mail at gmail.
>


-- 

*Seth Blank* | VP, Standards and New Technologies
*e:* seth@valimail.com
*p:* 415.273.8818

`

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.