Comment by abound
8 days ago
Wouldn't a hash work great for this purpose? I.e.
1. User requests for email alice@example.com to be removed from database
2. Company removes "alice@example.com" from 'emails' table
3. Company adds 00b7d3...eff98f to 'do_not_send' table
Later on, the company buys emails from some other third-party, and Alice's email is on that list. The company can hash all the email addresses they received, and remove the emails with hashes that appear in their 'do_not_send' table.
You'd have to normalize the emails (and salt the hashes), but seems doable?
No need to salt individual hashes, just one hard coded salt for all.
So in the end, they have a list of emails that match the hashes in their blacklist? What's the point?
Any entry that matches a hash needs to be deleted. The point is presumably to minimize the retention of PII.