Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Martin,
At 10:48 18-07-2014, Martin Rex wrote:
The issuer of a DMARC policy (who publishes the DNS records) is
a legal third party to the transfer of an EMail message from an SMTP sender
to an SMTP receiver.  Revealing information about communication between
two parties (including unsuccessful communication attempts) to an outside
third party (such as a "domain owner who issues DMARC policy records") is
unconditionally illegal for telecommunications service providers.

Looking at the communication contents will also close to always be illegal.
The telecommunication service provider is only entitled to process the
"traffic data", which in case of SMTP EMail is strictly limited to the
IP addresses and TCP ports of the communication peers _plus_ the SMTP
Envelope (aka MAIL FROM: and RCPT TO:), the rfc5322-From: is part of
the communication content and off-limits to the telecommunication service
provider.  Processing of the contents for any other purpose than what is
necessary for transfering the bits from sender to receiver will be
unconditionally illegal, collecting such data and reporting it to an
outside third party doubly so.

The proposed charter mentions "privacy issues". I guess that the above issues would be considered as privacy issues. The side topic would be the surveillance stuff. The existing IETF RFCs about email basically say that content is transparent to whomever wants to read the communication between the ends. The proposed charter does not set that topic as out of scope. My interpretation of the proposed charter is that these are the sort of issues which the proposed working group will be working on.

Regards,
S. Moonesamy




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]