Henrik, Two observations, the first in the "in case we ever need to do something like this again" category. First, I'm glad it is possible to do this by logging into one's account. Giving phishing concerns, it would be good to include an explicit instruction in the note that, as an alternative to clicking links in an email message, one can do that. Perhaps not a big deal and almost certainly not worth going back and trying to re-doing things at this point, but worth keeping in mind as good practice. Second... --On Wednesday, September 26, 2018 15:29 +0200 Henrik Levkowetz <henrik@xxxxxxxxxxxxx> wrote: > Hi Riccardo, > > On 2018-09-26 14:11, Riccardo Bernardini wrote: >> I, too, received this e-mail, but on my work account >> (bernardini@xxxxxxxx or riccardo.bernardini@xxxxxxxx). I >> followed the link, but it says that my e-mail is not >> known.... Funny. > > In your case, things are a bit more complex. The datatracker > knows of your email <riccardo.bernardini@xxxxxxxx>, but you > don't have a login. This means that the information in your > account is derived from submitted drafts and other IETF work. I got a large number of messages, some addressed to addresses that probably appear in RFCs but that I have not actively used in a decade or two. My plan had been to respond only to the one associated with the address I now use in the tracker and just let the automated processes clear the others as offered/ threatened. Is that plausible, or do those old addresses have some other value to the IETF? In particular, if someone is maintaining a database that links old addresses to current (or at least newer) addresses, it would be a pity to have that database damaged by this cleanup. IANAL, much less a GDPR specialist, but I have trouble believing that such a database could compromise personal privacy if (i) the addresses were already published somewhere, such as in RFCs, (ii) no information other than the address mappings was present, and ideally (iii) the database could be queried only "forward" (i.e., "what is the current address associated with the old address xxx@yyy ?") and not downloaded so that "what are all the other addresses belonging to whomever is now using xxx@yyy ? is hard or impossible to ask. I also can't give permission for inclusion in an address mapping database because there are addresses for me in the database for which I can no longer receive mail (and hence might have missed even more announcement messages), much less create an account and log in. best, john
