I’ve just made this mistake of sending an e-mail to a few hundred people, revealing their emails to everyone else.
Usually we loop over the users and send a personalized email to each one of them, but for once the email was the same so I went with sending it once.
That’s why I did not even think about the fact that the emails would be visible to everyone.
The “fun” part of it is that I thought I was so clever to enhance performance by sending it only once.
Anyway, after having thought about my mistake I realized that most of the time when sending the same email to a bunch of people one would almost never want the emails to be visible to everyone.
The exception would be to allow people to reply to one another, like in some task management system, but again I think in the majority of cases one wouldn’t want that.
That’s why I think it’s best to be cautious by default, maybe by doing a BCC send by default unless some other option is provided (
reveal_emails: true ?).
I think it would be a safe bet because if I’d like others to see the emails I most probably will notice while working on the feature that they are not visible by default.
The opposite is not true. Proof is I just totally forgot about this “side-effect”.
What do you guys think ?