Re: Google threatens to break Gmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mark Rousell wrote:
>Martin Rex wrote:
>
>> Interestingly, there essentially is a legal requirement for rewriting
>> the From: header field for addresses that publish DMARC records when
>> delivering EMail to places where DMARC processing isn't outright
>> illegal (DMARC processing is clearly illegal in the EU), because
>> handing an EMail to an MTA that might be processing DMARC will be
>> illegal in the EU just as processing DMARC oneself. So one of the
>> alternatives to unconditionally bouncing a DMARC-impaired EMail, will
>> be rewriting the From:. -Martin 
> 
> I've been following the whole DMARC saga with some interest but I've not
> previously noticed any suggestion that processing DMARC might be illegal
> in the EU. Can you explain why you take the view that processing DMARC
> should be illegal in the EU? For the avoidance of doubt, when you refer
> to "DMARC processing" to what exactly are you referring?

I have been elaborating on this issue here before

http://www.ietf.org/mail-archive/web/ietf/current/msg87704.html

The issue is that an MTA operated by an ISP is a telecommunications
provider and subject to the telecommunication secrecy requirements
based on EU directive 2002/58/EC.

The sender of the telecommunication is the peer that connects the
MTA and sends the MAIL FROM ... of the SMTP transaction.

The receiver of the telecommunication is the identity (or multiple identities)
specified in the RCPT TO  of the SMTP transaction.

The publisher of a DNS DMARC policy record that happens to match
the domain part from the rfc822-From: from contents of an rfc5322
message that is conveyed within the SMTP transaction is a legal
third party to the telecommunication.

It is a criminal offence for the telecommunications provider to
tell legal third parties about telecommunications between senders
and receivers (such as what a DMARC policy p=report tries to achieve).

It is a criminal offence for the telecommunications provider to
take notice of the *Contents* of the telecommunication except for an
extremely narrow set of probable cause circumstances.  rfc822-From:
is part of the communication contents, not part of the "metadata".
(only the SMTP envelope is the communication metadata).

It is a criminal offence for the telecommunications provider to
suppress telecommunication for non-technical reasons of the
communication link from sender to receipient (such as processing
a DMARC p=reject policy).

Since these are all legal prohibitions, it is impossible to circumvent
these prohibitions through contract clauses.  Any contract clause that
tries to circumvent a legal prohibition is Null and Void from the start
(certainly here in Germany, Para. 134 BGB), and probably in several
other EU member states as well.


-Martin




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]