Why no-reply email could get you in trouble.

As the world slowly starts taking privacy seriously and legislation is applied to ensure that companies behave (the least bit) ethically there are quite a few remnants of not caring about customers that could get a company into hot water.

From GDPR to CCPA, there are many reasons a business needs to know when personally identifiable information ”PII“ ends up in the wrong hands. One of the easiest ways to be alerted that you are making a mistake is if the person receiving it can get in contact.

Because a lot of people do not understand how email addresses work I get many emails confirming my loan details, doctor's appointment, test results, bank statement, gas charges, cable bill and on and on - but none are actually for me.

Out of the last handful of emails, a total of one had any ability for me to let the company concerned know they were emailing customer data to the wrong person.

IMVU_confirm_email.png

All of the emails use a no-reply, but at least IMVU had both an option requiring me to confirm the email address, and an opportunity to say I have no idea what the email is about - forcefully removing it from the incorrect account.

If there were enough hours in the day, I'd find each person for which the email was intended and get them to lodge a privacy complaint. It wouldn't be difficult - most of the emails include at the very least the full name but more often than not a phone number and a street address, and often a lot more.

There is a lot at play here beyond just the improper use of the no-reply email address.

Emails sent blindly open the sender up to civil and criminal penalties every single time an erroneous message is sent. A valid defence of sending PII to the wrong person via email doesn’t exist.

If you are a developer, then don't ship code that potentially exposes your user's private information. Confirm email addresses and better yet - never email PII at all.

Previous
Previous

The Risks of Using Secrets for Security

Next
Next

Cut out clearing cookies