Standards for Protection of Email Address Information

What This Is

An expectation for people given personal email address information is to respect the private nature of the information. Care should be taken to avoid use in a manner that results in "sharing" the data. As with other personal information, this particularly includes "sharing" the information with 3rd party organisations or commercial entities.

Email address information, as personal data, should only be distributed according to the permission of the user. As with other information, it would be unreasonable to substitute the personal preferences of the recipient for permission from the owner of the information.

Sophistication in email use is not a prerequisite for using email; only email etiquette. Therefore an attempt has been made to avoid technical descriptions. (Technical descriptions can be found in the appropriate RFCs.)

The following presents a Universal "Best Practices" Protocol for Private Email Addresses. It describes communication and address "sharing" other than for direct email addressed to a single addressee or addressees known to each other:

Basic Use

Do not provide the address to others without permission from the email address holder.
It is permissible to forward the text of messages upon the request of the originator. Similarly, it is permissible to forward the message with address information upon the request of the originator to forward the email address as well.

If in doubt, ask the person with the address.

Do not publish or post someone's personal email address on the web.
This includes "unlisted" webpages, forums (including forums requiring logon) and similar postings. Reasonable measures to assure privacy occur if the actual directory or file is password protected. A logon requirement (with or without password) is not "password protected" because a logon does not otherwise restrict access.

Do not post documents with email addresses visible without obtaining prior approval of the email address holder.

Do not provide someone's personal email address to a third party organisation or business without the address holder's permission.

Providing someone's personal email address on a web form that includes a location to insert a private email address, is providing someone's personal email address to the third party organisation.
This includes mail distribution companies and social media invitations and "evites". The level of trust one individual has in an organisation should not be substituted for the preferences of the address holder. There are a number of well-known commercial entities who engage in abusive tactics including forging email headers, sending repeat "nag" messages, "subscribing" people to newsletters and advertising circulars without confirming permission (i.e., without a "confirmed opt-in" requirement), etc. to make concern for email privacy relevant. Some people who willingly participate in such activities may do so only with a dedicated email address for the purpose.

In some cases, the purpose of the message involves a third party organisation or commercial party (e.g., "evites"; requests to join social media). In those cases, the intended message should be sent to the individual sending the request, and then forwarded via personal email. (i.e., Send it to yourself and forward it from your own email.) The commercial third party should never be given the email address without permission.
In some cases, e.g., Paypal, the email address is part of a transaction. In such cases permission should first be obtained from the email address holder, in part because that person may select a different address for the transaction.

Do not send email to multiple addressees unless:
The addressees know each other; or
The addresses are in the "bcc:" header.
The "bcc:" header is different from the "to:" and "cc:" headers in that separate copies of the email are sent out without information concerning other "bcc:" recipients.

If you are not able to use a "bcc:" header, do not send the message to multiple recipients.

Remove email address information from the text of forwarded messages.
If a message includes multiple email addresses visible, it probably should not be forwarded.

Do not attempt to substitute your trust of other individuals or organisations for that of the email address holder.
People have different opinions of an organisation's privacy policies. In the case of individuals this becomes a matter of trusting each and every recipient's technical sophistication.

People do not want to receive advertisements, circulars, "newsletters" or other types of spam as a consequence of doing business with you.   People do not want to be put on a spam list because they ask someone a question by email.

Commercial Access to Addressbook Data

Do not allow a commercial entity to access your addressbook unless the addressbook is limited to people who have expressed a desire for such access. In most cases, this means to not give access.

This issue comes up with commercial entities who request access for "inviting" people to participate in their service (typically some form of "social media"). Invitations which include a personal email address should be direct and never through a commercial third party.

Commercial  Invitations 

Certain commercial "social networks" have been known to hack into user's addressbooks and webmail accounts if the user happens to be logged into their email account. By doing so, an unscrupulous entity is able to obtain access without passwords. One particular pernicious spammer routinely masquerades as the user endorsing the spammer's "social networking" service, followed by multiple "reminders" intended to harass people who refuse to sign up. If the user objects, the user is required to manually "withdraw" each of the so-called "invitations" one at a time. The user is not permitted to withdraw some or all of the "invitations" in a block.

If a web service displays names or email addresses which you had not directly provided to them (or are otherwise obviously linked as "friends-of-friends") presume that the web service has hacked into your addressbook. Do not accept any "invite to connect" request. If you do so by error, the only way to correct this is to manually remove the "invitations" from each target. As of this writing (2014) requires that you do this individually, one at a time.

If it is important to send an "invite to connect" request, do so manually through your own email, and without providing access to other people's identity to the commercial third party.

Chain Letters, Virus Warnings and "News Alert" Announcements

Many people object to receiving these, and prefer to receive this type of information from conventional sources (not via email). Most of these are hoaxes and false information; therefore people have a generally negative opinion of such messages. If in doubt, ask if the recipient wants to receive these.

If sending this sort of thing, be careful to avoid including email address information either in visible mail headers or the text of the message.

Visible headers are the "to:" and "cc:" headers. If a message includes multiple email addresses visible, it probably should not be forwarded.



On occasion it is desired to send email to a large number of recipients, e.g., an announcement. Care should be exercised in doing so.

While not part of an email privacy standard, it is a good idea to talk to your web host to let them know what you are doing.

Mail should be sent as separate items or with all recipients unknown to each other in the "bcc;" header. Alternatively send separate emails to each group of recipients whose constituents are known to each other (e.g., employees at a small business).


If people voluntarily sign up for an email list or listserv, mail can be sent according to the list policy. Generally these utilise commercial email services.

Messages to Multiple Mail Lists

If cross-posted messages are permitted by the list, it is permissible to show all lists receiving the message in the same header. (These are names of lists; not the names of the individual recipients.)

Trusted Individuals

The individual trusts another person to administer the email account (formally or informally). The person managing the system should use the same care as with other private information.

Commercial and Organizational

Transactional Email vs. Non-Transactional Email

Email addresses should only be used for the purpose for which the address was provided. In particular, non-transactional emails should not be sent to addresses provided for transactional or other purposes.   ("Transactional" means existing transactions. Offers and announcements are not "transactional".) " Non-transactional email is presumed to be spam unless specifically requested.

Non-transactional email (advertising circulars, "newsletters", marketing announcements) should not be sent without confirmed opt-in (sometimes called "double opt-in").

Mailing list checkboxes should not be pre-checked on a web form unless the sole purpose of the web form is signing up for non-transactional email. This avoids the very real possibility of the user accidentally not clearing the checkbox or not noticing the checkbox.   (If the user does not notice the checkbox or it does not show up on the user's browser, that is clearly not an expression of a desire to receive bulk mail.)

It is sometimes useful to include a statement identifying the email as "transactional" in order to avoid the email being mistaken for spam by the recipient. This can be used by filtering software to recognize "transactional" email. Alternatively, if abused, a "transactional" tag can show the malicious intent of the sender.


Maillists should be limited to affirmative, intentional subscriptions. Typically this involves "confirmed opt-in" (sometimes called "double opt-in").
"Confirmed opt-in" involves:
  1. An affirmative request for a subscription, for the specific type of communication intended (e.g., advertising circular, promotions, organisation news)
  2. A confirmation email requesting the recipient to confirm the subscription request
  3. Receipt of a confirmation. Non-receipt of a response is always regarded as declining the subscription.
No "nag" messages should be sent after the first subscription request. If the recipient does not wish to confirm, that decision is accepted unconditionally.

"Confirmed opt-in" should also be used in cases where paper or web maillist signup forms are used because of the possibility of mischief.

A response to an unambiguous link within a personal email (and subscribing to the identical email address) is confirmed because the link was clearly within an email addressed to that individual. This would have the effect of a double confirmation because the original email necessarily went to an authorised address of the same individual, even though there is only one confirmation.

Note: An unambiguous link within a personal email is a good way to build "clean" mailing lists.

If a generally clean email list becomes contaminated with unwilling recipients, a single confirmation email request is generally considered acceptable. People who do not respond should be immediately removed. Since ongoing contact can be expected, a "subscribe" link can be included in webpages and individual email communications. This approach decreases the size of an email list but builds trust with the people with whom you have established relationships.

Web Forms

Web forms are often used to collect personal data. This can be very useful in maintaining customer relations and the like, because it allows direct communication such as order confirmation and delivery information.

Some customers or users prefer to receive bulk mail communications, for which a checkbox may be provided.

Mailing list checkboxes should not be pre-checked on a web form unless the sole purpose of the web form is signing up for maillists or other non-transactional email.

Contrary to marketing assertions, people do not like to be surprised by a spam attack from someone simply because they have trusted the business with personal information. It is not "good business" for a customer to open their email and find their personal information has been abused or they have been forcibly subscribed to an advertising circular.

Avoiding "forced" bulk mail is good customer relations because it builds trust and avoids the possibility that the business is acting in a hostile manner. Notices of availability of advertising circulars and the like can be included on webpages and as trailers on user-specific email messages.

General Good Practices

Use an antivirus software program and keep it updated.

Do not block the "plain text" version of emails.
Most email software (email clients) provide a "plain text" version by default even if formatted text is used. This should be left on because some readers do not render formatted text well and because it gives the reader the option to select the plain text version.

back to privacy index

This page first posted 6-Nov-11; revised 2-Apr-14.

Comments about this site: email me