On Thu, Jun 26, 2025 at 04:48:19PM +0200, Jaroslaw Rafa via mailop wrote: > As the whole process is designed to be performed on paper (often it's > required by law), it's obvious that the email will be collected on paper as > well, along with all other needed data. There is no way to verify the email > at the time of the collection, as you suggest.
It's true that lots of financial/legal/etc. processes ask for email addresses either on paper or in an online form. But if those processes don't include timely checking of those email addresses, then they're broken -- because (a) sometimes email addresses are misread (b) sometimes they're mistyped and (c) people botch their own email addresses *all day every day*. (That last one's been true since forever. A more recent development is that some people *do not know* their own email addresses, as in a recent conversation with someone who thought they were @google.com, but of course were really @gmail.com.) To put it another way: if it's important enough to ask for an email address, then it should be important enough to verify not merely that it exists, but that it's the correct address for the person who provided it. Not doing so risks privacy/security problems, and we've already got a basket full of those. One simple way to do that (and there are of course many others) is to provide the user with a one-time code at the time they fill out the form. Ask them to send it (via email) to the company/etc. in question, and check that the sending email address matches the one that was provided. If so, that verifies that the person who provided the email address has control over it and they have at least enough email acumen to send a message to the specified address. If not, then flag it and call in the humans to figure out what's wrong. ---rsk _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
