Reply to thread

Thanks for your answer!



Well the label and the description of that option are rather confusing then, as that reads:


is clearly talking about submission, not just about doing so when checking against the SFS DB.


And yeah, SFS is definitively the actual place that would need to improve. For one allowing to submit hashed emails, e.g., full and the domain part so that basically all relevant checks would be still possible without compromising user PII, false positive or not (GDPR has no exception about spammers or the like IIRC). And for another any plain text mail should not be listed in public, but only accessible with API key so that scrapers have a harder time to phish any false positives.


For now, we probably have to disable SFS completely, as this is rather a grave PII leakage and thus GDPR breach.


Back
Top Bottom