Mark Rousell wrote:
Martin Rex wrote:
Interestingly, there essentially is a legal requirement for rewriting
the From: header field for addresses that publish DMARC records when
delivering EMail to places where DMARC processing isn't outright
illegal (DMARC processing is clearly illegal in the EU), because
handing an EMail to an MTA that might be processing DMARC will be
illegal in the EU just as processing DMARC oneself. So one of the
alternatives to unconditionally bouncing a DMARC-impaired EMail, will
be rewriting the From:. -Martin
I've been following the whole DMARC saga with some interest but I've not
previously noticed any suggestion that processing DMARC might be illegal
in the EU. Can you explain why you take the view that processing DMARC
should be illegal in the EU? For the avoidance of doubt, when you refer
to "DMARC processing" to what exactly are you referring?
I have been elaborating on this issue here before
http://www.ietf.org/mail-archive/web/ietf/current/msg87704.html
The issue is that an MTA operated by an ISP is a telecommunications
provider and subject to the telecommunication secrecy requirements
based on EU directive 2002/58/EC.
The sender of the telecommunication is the peer that connects the
MTA and sends the MAIL FROM ... of the SMTP transaction.
The receiver of the telecommunication is the identity (or multiple identities)
specified in the RCPT TO of the SMTP transaction.
The publisher of a DNS DMARC policy record that happens to match
the domain part from the rfc822-From: from contents of an rfc5322
message that is conveyed within the SMTP transaction is a legal
third party to the telecommunication.
It is a criminal offence for the telecommunications provider to
tell legal third parties about telecommunications between senders
and receivers (such as what a DMARC policy p=report tries to achieve).
It is a criminal offence for the telecommunications provider to
take notice of the *Contents* of the telecommunication except for an
extremely narrow set of probable cause circumstances. rfc822-From:
is part of the communication contents, not part of the "metadata".
(only the SMTP envelope is the communication metadata).
It is a criminal offence for the telecommunications provider to
suppress telecommunication for non-technical reasons of the
communication link from sender to receipient (such as processing
a DMARC p=reject policy).
Since these are all legal prohibitions, it is impossible to circumvent
these prohibitions through contract clauses. Any contract clause that
tries to circumvent a legal prohibition is Null and Void from the start
(certainly here in Germany, Para. 134 BGB), and probably in several
other EU member states as well.
-Martin