We would like to close this ticket by Dec 23, two weeks from now, so please get
on it.
The ticket text is:
It has been asked for a new report type (perhaps a subset of failure
reports) that provides minimal data from the email (specifically, the
initial ask is for the to: and from: email addresses only) in order to aid
identification of the email's destination (and hence, the owner who can
help with getting it authenticated) without providing other PII.
This is a significant use case for large organizations, where the
departments or other sub-organizations run their own emailing
infrastructure. This has been specifically requested by multiple
universities.
DMARC failure reporting is based on Authentication Failure Reporting Using the
Abuse Reporting Format (RFC 6591), which in turn is based on An Extensible
Format for Email Feedback Reports (RFC 5965). DMARC adds five fields for the
second MIME part of the report. The third part can be either the full message
of just the rfc822-headers. The latter is defined in The Multipart/Report
Media Type for the Reporting of Mail System Administrative Messages (RFC 6522),
which mentions that Received: fields can also be useful for diagnosing
failures. In any case, private data such as the local part of email addresses
can be redacted according to Redaction of Potentially Sensitive Data from Mail
Abuse Reports (RFC 6590).
In order to be useful, reports should contain enough data to discern whether
the failed message was abusive, and what stream does it belong to if it wasn't.
Should DMARC Failure Reporting (our document) include some guidance about
what parts of the failed message to include and which ones to redact?
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
