Deleting an email once it has been received could be against the European Data Protection Act (GDPR)?

Webmails and ISPs will probably have to collect consent from the recipient before deleting an email. This can be done in two ways: 
– Gather global consent on the principle of deleting emails that are past their expiration date.
– Requiring an action from the recipient before any email deletion (for example, by having an area in the interface where it says “You have 239 obsolete emails, click here to delete them”)

Spam and abuse

Is it safe to automatically delete spam and phishing attempts? This could prevent the provision of legal evidence.

This can indeed be a problem. In the implementation of the concept, two principles should be taken into account:

  1. An email that has arrived in the spam box is not deleted according to the expiration date, but according to the automatic deletion of spam as usually done. 
  2. In the webmail or email client interface, it must be possible to block the automatic deletion of an email for a specific email or for a sender.


Why did you abandon the use of microdata in favor of SMTP headers?

During the first proposals concerning expiration dates, two mechanisms were proposed. The first one was based on an SMTP header containing the expiration date, the second one was to use micro-data with Schema.org. The proposal was to integrate the expiration date directly in the HTML code in this way.

Code to place in the HTML header:

<script type="application/ld+json">
  "@context":           "http://schema.org",
  "@type":              "EmailMessage",
  "expires":     	"2011-03-23T10:00:00+00:00",

Or alternatively, the code to place in the HTML body :

<div itemscope itemtype="http://schema.org/EmailMessage">
	<meta itemprop="expires" content="2011-03-23T10:00:00+00:00" />

After many discussions, it seemed to us that it was better to work directly on the SMTP standard, and thus in the SMTP headers. Firstly because Schema.org is used by very few Mailbox Providers, and secondly because parsing an email header is much simpler and standard for them.

The SMTP “Expires:” is described in the following draft standard: https://datatracker.ietf.org/doc/html/draft-billon-expires