A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
Their site is just a landing page, there’s no login option or anything like that. Their business is a smartphone application.
Edit: Gmail uses SPF, DMARC and DKIM signing so spoofing is not possible if their email services are configured properly.
[This comment has been deleted by an automated system]