In most cases, when you are objectionably forced to supply an email address, the solution is to walk and take your business elsewhere. But what about the cases where you are trapped because you are forced (e.g. by law) into an interaction that demands an email address?
We need a fix. One idea is to designate a few universally shared email addresses for everyone to use:
- something like
nobodyhome@righttobeanalog.org, which simply rejects all connections. The rejection message from the mail server would be a lengthy canned response that mansplains to the sender: “You unreasonably demanded an email address from someone who objects under GDPR Art.18 to that kind of processing. Please note we kept a copy of your attempt and will serve as witness to the data subject’s express Art.18-protected objection.” (edit: would also be useful to detect the sending server’s ownership, and if MS or Google add an extra blurb about objections to surveillance advertising) - something like
blindverify@digitalrights.org, which accepts the message just to the extent necessary to see the body of the message and visit all the URLs therein, in case someone is filling out a required field on a form that will lead to a confirmation procedure. Then after visiting the links it perhaps does a rejection comparable to message too large refusals, ideally in a way that avoids backscatter if possible. Maybe withhold the final ACK after the last packet is read. blindverify-blackhole@righttobeoffline.org: same as blindverify but instead of signalling an error it accepts delivery, followed by an auto-response (comparable to a vacation responder) telling the sender that the msg was blackholed.
Of course whatever address gets designated will end up on lists and will be specifically refused by some forced-email pushers, but we could do the cat and mouse game with dynamic addressing a bit and in the very least have a solution that at least works for the less forceful less motivated forced email pushers.
Other solutions?
(update)
4. (Spamgourmet tweak) SG gives us a way to forward just the first X msgs and blackhole the rest. It would be useful to forward only the 1st msg (for verfiication) but instead of blackholing the subsequent messages, refuse them.
Snags identified with blind-verify approaches:
- The verification URL could lead to further interaction beyond simply visiting the link, which would leave the procedure incomplete.
- The verification email could have contradictory links; e.g. “click here to verify” and “click here to delete your account”, which would create a possible race condition and unexpected results.
I’ve been using both disposables and forwarding accounts for everything, for decades. They are very useful.
It’s really not ideal for senders to erroneously think an email address is usable. In some parts of the world, an email is regarded as a registered postal letter. Not joking. You are automatically legally responsible for having read the contents of an email in some parts of Europe. I still can’t get my head around why anyone thinks that was a good idea. There is an unmet need for filling out forms in a way that signals to the sender that the email address is actually unfit for communication (cases 1 and 2), but without disrupting whatever procedure demands the email address in the first place.
Case 3 helps slightly because the address would at least have a widely known purpose which would discourage senders from relying on it. They would at least be equipped to search the address and learn that it cannot be relied on.
Apart from signalling email address unfitness, there is also a free speech element to this. It’s useful to be able to voice your objection to inappropriate forced use of email within the mail server’s error message so that you can express yourself without the sending server tagging the delivery as successful.
(update) At the moment, what inspired my post is a paper form I am filling out which says: “* starred fields are mandatory and your submission will be inadmissible if left empty”. If a disposable address is given, the other party will assume they can use it and rely on it. Yet a bogus address could lead to claims of fraud/deception. So I need to supply a valid address that will be accepted when the data entry worker enters the paper form into a db, but it also needs to fail later and express my objection.
I appreciate the reference. I did not know about that one; however, they are Cloudflare. I’m always keeping an eye out for Cloudflare-free DEA services.
Great write-up, thanks. I didn’t consider those points, really appreciate you taking the time to explain your thoughts.