ietf
[Top] [All Lists]

Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

2014-07-18 14:32:43
On Fri, Jul 18, 2014 at 10:48 AM, Martin Rex <mrex(_at_)sap(_dot_)com> wrote:

Article 2 "Definitions" of this EU directive (page 7 of above PDF)

  The following definitions shall also apply:
   (a) "user" means any natural person using a publicly available
       electronic communications service, for private or business
       purposes, without necessarily having subscribed to this
       service;


I am certainly no lawyer (are you?), but it seems to me that a corporate
domain owner that chooses to use DMARC to protect its brand might have
users within that domain -- employees, for instance.  I would claim that
such an employer's email servers do not comprise "a publicly available
electronic communications service", so I don't think employees using a
protected domain are "users" under this definition.  And even if that
doesn't wash, an employment contract (here, at least) typically grants the
Article 5 consent that makes this point moot, and is not typically a "Click
OK and forget" situation.

I imagine email service providers could secure the same sort of consent
through a privacy policy, though "I had no idea" might be a more successful
counter-argument there because nobody really reads those.

-MSK
<Prev in Thread] Current Thread [Next in Thread>