On Friday, April 12, 2019 08:23:01 AM Kurt Andersen wrote:
> On Thu, Apr 11, 2019 at 7:57 PM Scott Kitterman <[email protected]>
>
> wrote:
> > On Thursday, April 11, 2019 03:33:34 PM Kurt Andersen wrote:
> > > More substantively, in Appendix A, the case is being advanced for
> > > "concerns
> > > associated with Multi-organization PSDs that do not mandate DMARC
> > > usage".
> > > I'm not sure why "multi-organization" is an appropriate qualifier, nor
> > > as
> > > to what mandated DMARC usage has to do with any of the privacy concerns.
> > > Neglected DMARC usage is what leads to the spillage up to the PSD level.
> >
> > When you say "Neglected DMARC usage", it gives the impression that you
> > think
> > not participating in DMARC is somehow negligent. It's not.
>
> I'm using that term in the context of what you are deeming "mandated
> usage". Hence, not doing it is neglecting that mandate.
OK. I didn't get that.
Agreed that for an organizational domain in a PSD that mandates DMARC, not
having an organizational DMARC record is neglectful. In that context, I think
it's perfectly reasonably to say that if you don't follow the rules, you get
the consequences (in our case the PSO gets your reports).
Somewhat similarly, for a .bigcompany PSD, it's really an internal matter if
they want reports to the PSO or various subdomains.
So there are two criteria for is there a privacy risk in my view:
1. Is DMARC a requirement for organizations within the PSD?
2. Are multiple organizations represented with the PSD?
Hopefully this ASCII art truth table will come out OK (leading '/' represent
negation (i.e. not required and not OK):
|One | Multi |
|org | org |
------+-----+-------+
DMARC | | |
Req | OK | OK |
| | |
------+-----+-------+
DMARC | | |
/Req | OK | /OK |
| | |
------+-----+-------+
In the lower right corner of the table where I see the problem, there's no
mandated DMARC usage, so the opt-in/opt-out problem exists. I hope that makes
it clearer why I used multi-organizational as a qualifier.
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
