In most cases, when you are objectionably forced to supply an email address, the solution is to walk and take your business elsewhere. But what about the cases where you are trapped because you are forced (e.g. by law) into an interaction that demands an email address?
We need a fix. One idea is to designate a few universally shared email addresses for everyone to use:
- something like
nobodyhome@righttobeanalog.org
, which simply rejects all connections. The rejection message from the mail server would be a lengthy canned response that mansplains to the sender: “You unreasonably demanded an email address from someone who objects under GDPR Art.18 to that kind of processing. Please note we kept a copy of your attempt and will serve as witness to the data subject’s express Art.18-protected objection.” (edit: would also be useful to detect the sending server’s ownership, and if MS or Google add an extra blurb about objections to surveillance advertising) - something like
blindverify@digitalrights.org
, which accepts the message just to the extent necessary to see the body of the message and visit all the URLs therein, in case someone is filling out a required field on a form that will lead to a confirmation procedure. Then after visiting the links it perhaps does a rejection comparable to message too large refusals, ideally in a way that avoids backscatter if possible. Maybe withhold the final ACK after the last packet is read. blindverify-blackhole@righttobeoffline.org
: same as blindverify but instead of signalling an error it accepts delivery, followed by an auto-response (comparable to a vacation responder) telling the sender that the msg was blackholed.
Of course whatever address gets designated will end up on lists and will be specifically refused by some forced-email pushers, but we could do the cat and mouse game with dynamic addressing a bit and in the very least have a solution that at least works for the less forceful less motivated forced email pushers.
Other solutions?
(update)
4. (Spamgourmet tweak) SG gives us a way to forward just the first X msgs and blackhole the rest. It would be useful to forward only the 1st msg (for verfiication) but instead of blackholing the subsequent messages, refuse them.
Snags identified with blind-verify approaches:
- The verification URL could lead to further interaction beyond simply visiting the link, which would leave the procedure incomplete.
- The verification email could have contradictory links; e.g. “click here to verify” and “click here to delete your account”, which would create a possible race condition and unexpected results.
One issue you will run into is commonly email verification requires an additional interaction, typically a form submission, once the page loads. Other times services will use email as a second or only login step.
Pretty much every service that demands an email; sends a verification email with a link you must click.
You do actually need to receive those emails.
I just use my own domain linked to outlook. <servicename>@<mydomain> delivers to me, where I can filter and block easily, as well as see when someone’s given my info to someone else as the sender doesn’t match <servicename> in the ‘to’ address.
Pretty much every service that demands an email; sends a verification email with a link you must click.
I think you mean specifically services for which you register online. Of those, some impose email needlessly (by their own design), which is often verified by visiting the link. Of the other services (offline procedures and paper forms), there is usually no verification in my experience.
You do actually need to receive those emails.
Most verification links have no further interaction in my experience. They just send back a “verified” ack screen. But when it’s the variety where the verification screen brings in more steps, then the auto-visiting service would not work and the process would indeed have to be restarted with a different address.
I run my own mail server. Every business gets a unique address. Easy to filter. Easy to know if they were compromised or sold your info.
You can use dot/plus addresses/aliases with some providers to do the same.
Unless you go further and get more creative, your configuration locks you into the responsibility of having been informed of the contents of inbound messages, which can be used against you in court. Unless you are in a jurisdiction where email is not considered equal to a registered letter.
The other problem is if the sender’s mail server is hosted by a surveillance advertiser (MS or Google), the sender continues treating your email address as usable on a sustained basis, which means the surveillance advertiser gets a continuous feed of email traffic pertaining to you.
Use an email alias, iCloud+, proton are examples of companies that provide that service. Essentially it makes you a usable address that forwards to your email you can even reply and it will say from your alias.
Duckduckgo also offers an email service that can generate aliases on the fly.
I’ve been using both disposables and forwarding accounts for everything, for decades. They are very useful.
It’s really not ideal for senders to erroneously think an email address is usable. In some parts of the world, an email is regarded as a registered postal letter. Not joking. You are automatically legally responsible for having read the contents of an email in some parts of Europe. I still can’t get my head around why anyone thinks that was a good idea. There is an unmet need for filling out forms in a way that signals to the sender that the email address is actually unfit for communication (cases 1 and 2), but without disrupting whatever procedure demands the email address in the first place.
Case 3 helps slightly because the address would at least have a widely known purpose which would discourage senders from relying on it. They would at least be equipped to search the address and learn that it cannot be relied on.
Apart from signalling email address unfitness, there is also a free speech element to this. It’s useful to be able to voice your objection to inappropriate forced use of email within the mail server’s error message so that you can express yourself without the sending server tagging the delivery as successful.
(update) At the moment, what inspired my post is a paper form I am filling out which says: “* starred fields are mandatory and your submission will be inadmissible if left empty”. If a disposable address is given, the other party will assume they can use it and rely on it. Yet a bogus address could lead to claims of fraud/deception. So I need to supply a valid address that will be accepted when the data entry worker enters the paper form into a db, but it also needs to fail later and express my objection.
For example: Maildrop
I appreciate the reference. I did not know about that one; however, they are Cloudflare. I’m always keeping an eye out for Cloudflare-free DEA services.
Great write-up, thanks. I didn’t consider those points, really appreciate you taking the time to explain your thoughts.