A short note on email as an identity signal and how context creates risk.

Most people think of email as a messaging tool.

In reality, it quietly becomes something else: an identity signal. Over time, it links together your name, habits, relationships, purchases, and recovery paths across the internet. It’s how organisations recognise you, how accounts are recovered, and how financial or legal notices are issued.

Because it sits so quietly in the background, people tend to treat email casually. That’s where problems begin.

One small example shows why.

A common mistake

When people sign up for newsletters or forms, they often use an email address like:

firstname.lastname plus a number that’s clearly a birth year.

In a single line, that leaks a full name, an approximate age, and often a cultural background. When someone signs up with a work email, it discloses even more: employer, profession, industry, and often a rough income band — before a single word of content is read.

On their own, those details seem harmless. Combined, they create context.

And context is what makes messages feel believable.

How this becomes real

Recently, my family did a flying fox activity. As our harnesses were being fitted, we filled out the usual check-in forms — including an email address. Afterwards, I noticed those forms sitting out in the open.

Anyone nearby could casually see or remember an address without doing anything suspicious.

If your name is baked into that address, a stranger now has two things:

• an identity signal

• a shared, real-world event

That’s often enough.

Imagine receiving an email like this:

Subject: Outstanding payment for your recent flying fox activity

Hi Jenny,

Thank you for joining us last Monday for the flying fox experience.
Unfortunately, there was an issue processing your payment. Please see the attached invoice and arrange payment at your earliest convenience.

Kind regards,
The flying fox team

There’s no hacking here. No passwords. No technical breach.

Just enough familiarity and courtesy to make your brain hesitate:
Do I know them? Is it rude not to reply?

I’m not talking hypothetically. I know real people who have lost real money through exactly this kind of moment.

This is social engineering — exploiting small pieces of real information to sound legitimate and lower your guard. It works not because people are careless, but because they’re polite, busy, and accustomed to trusting familiar cues.

Why email matters more than it feels like it should

Email doesn’t feel as risky as other tools.

A browser feels technical.
A phone feels personal.
Email sits quietly in the background — until something goes wrong.

And when it does go wrong, recovery often relies on email.

That’s why how you use it — and how much context it carries — matters far more than most people realise.

The goal isn’t paranoia. And it’s not technical perfection.

It’s judgment.

If you can see how email quietly accumulates meaning over time, you can start making proportionate decisions about when and how it’s used — and when it shouldn’t be.

In Weekend Anonymity, I explore this in more depth and show how to structure email so a single mistake doesn’t cascade through the rest of your digital life. The focus isn’t on doing everything, but on doing enough — calmly and deliberately.

→ Weekend Anonymity