[feedback-report] redaction (was Re: Let's get started)
jdfalk-lists at cybernothing.org
Wed Dec 30 11:44:18 PST 2009
On Dec 30, 2009, at 12:02 AM, John R. Levine wrote:
>>> Content-Redacted: Yes
>> I think it is. And we don't need to register it because it exists in a format we're defining ourselves, not in the message header proper.
>> Anyone object, or shall I add this and adjust various wording accordingly?
> I don't have any theological objections, but it might be interesting to
> ask RR, AOL, and other ARF senders who redact whether they'd be likely to
> add it.
Of the FBLs we run (including RR), some partners redact messages before sending 'em to us and others require that we redact before generating the outgoing ARF report. It's up to them.
I think we'd take a similar approach with this Content-Redacted line: if they redact and are okay with us including the line, we will (and that's what we'll recommend.) But if they say no for some reason, we won't.
I'd propose that ARF generators who intentionally redact any content from the original message SHOULD include "Content-Redacted: Yes", and MUST NOT say "Content-Redacted: No" -- but the Content-Redacted is optional whether they redact or not.
As for whether to indicate that content was redacted at all...it's almost entirely a political-layer issue:
1. some ARF generators redact content from the original message before generating ARF, usually citing legal/privacy concerns
2. many ARF recipients don't think that's fair
3. years of arguing has not changed the practice
Thinking about automated processing when receiving ARF reports...if the report were known to be missing some content, I might not attempt a DKIM check or other hashing on the message part. Other than that...not sure it matters.
Truly, I think the primary reason to include this is so that people stop asking us to include it. And I know that's not a good enough reason.
J.D. Falk <jdfalk at returnpath.net>
Return Path Inc
More information about the abuse-feedback-report