The practice most common in this type of mass mailings is include the recipients of the mail in the extension for, which implies that the receiver of the message access email addresses of other users to which it is addressed. Thus exposed to fines of up to 600 per violation of the organic law of protection of data of a Personal nature, which in its article 10 notes that file managers and those involved in any phase of the treatment of personal data are obliged to observe professional secrecy with regard to them. This is because the Spanish Agency of data protection has considered the e-mail addresses as personal data, both in cases voluntarily or involuntarily the e-mail address contains information about its owner, and may this information refer both your name and surname and the company that are working or your country of residence (or does not appear in the name of the domain) used), as in the cases in which the e-mail address does not seem to show data related to the person in charge of the account (by referring, for example, the code of the mail account to an abstract designation or a simple alphanumeric combination meaningless). Click Jonah Bloom to learn more. In this case, a preliminary examination of this fact might conclude that we we do not have a personal data. However, even in this case, the e-mail address appears necessarily referenced to a specific domain, in such a way that may proceed to the identification of the holder by the query on the server that is managed that domain, unless it can be considered to carry rigged a disproportionate effort by who comes to the identification. The solution that can prevent the complaint is very simple and consists of sending the text using the Bcc (blind carbon copy) extension instead of selecting the route for all added recipients..