> it’s very common for services to have their verification mail blocked or sent to spam
So instead, there’s no verification mail and it’s the next message, the one that you actually wanted, that gets blocked or sent to spam.
The “privacy advantage” that the issuer can’t learn the identity of the application that wants to send mail seems to me to be a significant functional liability. If it instead produced a token that said to the email service provider “see, the message was invited”, now that would be useful. (It would raise concerns of its own, but it would at least be useful.)
Now THAT would be an interesting idea to implement... My gmail matches my username, and I can't even begin to count the amount of services, systems and people that don't understand how to get an email address that have entered mine.
Example: you can make orders from mlb online without verifying your email, and then you get marketing emails regularly. In that case, I was able to call the very senior citizen who thought he could just use any address he wanted.
I can't remember the dating app that let someone sign up mobile using my email address... I hijacked the account (password recovery) and changed the prompts to "I'm an idiot that doesn't know how email works." ...
So instead, there’s no verification mail and it’s the next message, the one that you actually wanted, that gets blocked or sent to spam.
The “privacy advantage” that the issuer can’t learn the identity of the application that wants to send mail seems to me to be a significant functional liability. If it instead produced a token that said to the email service provider “see, the message was invited”, now that would be useful. (It would raise concerns of its own, but it would at least be useful.)