14.5.1 Sample Output


A (very minimal) sample XML report generated with GDPRSCAN looks like this, when loaded into a browser:

14.5.2 What data is included in the LISTSERV GDPR report?


Reports generated by GDPRSCAN are a "best effort" attempt to create a report containing all references to the requesting user as of the time the report is run.  The report attempts only to determine the following:

    • A list of the lists on the server to which the target address is currently subscribed
    • A list of all postings found in each subscribed list's archives (if the list has archives) which were originated by the target address, including the post number, date/time, subject, and a GETPOST command for each 100 postings found for retrieval of those posts
    • A list of all lists on the server for which the target address is currently a list owner, a list editor, and/or a list moderator
    • A list of all list-level changelogs on the server which contain references to the target address
    • A list of registration data held by LISTSERV, which contains the target address and/or the registered full name associated with it, along with the originating IP address recorded for the user’s last web interface login.
    • (Optional) A list of all references found in the SYSTEM.CHANGELOG and any NOLIST-*.CHANGELOG files which exist on the server.

Note: There is no attempt made to search for the requesting user's email address in archived message bodies, nor is there any attempt made to "fuzzy match" the email address to other possible addresses used by the requesting user.  GDPRSCAN also does not attempt to search archives of lists to which the requesting user may have been subscribed in the past, although typically that information will be exposed in POST records found in the list-level changelog reports, if changelogs exist for those lists.


Tip: Each invocation of GDPRSCAN is intended to produce output for one unique email address only.  It would likely be possible to expand the script to cover other possibilities, but L-Soft believes that the script as it exists constitutes a reasonable search through LISTSERV data which does not potentially expose third-party personal information to the requestor.