Two days ago I got an annoying email from a person who identified himself or herself only as 'a5467845'. It was sent via Proton Mail.
At first it was the message itself that stirred me up. It went:
I came across your website after Google search, just to let you know that you shouldn't be sharing your national trust membership number online as it can be used by anyone to be used at any National Trust site...
That was it, three-dot ending and all. No name. A rather spiky message I thought. A bit of finger-wagging, telling me off. Well, how dare they, regardless of whether mentioning one's NT membership number on the Internet is a good idea or not! I am not taking advice from some officious anonymous person who is implying that I have broken some important rule, or at least violated good practice.
In any case, are they right? So far as I know, you absolutely can't get into a NT property without showing a valid membership card - or by paying a non-member's admission charge. Merely knowing someone else's membership number isn't going to get you in. So nobody can impersonate me just by reciting my number. Nor will knowing that number give anybody direct access to, say, my home address in the NT's records. They'd need my NT password as well.
When did I 'share' my membership number? It must have been in a blog post. I did a search of past posts and found only two which discussed my NT membership card. One was The National Trust tells me that I will die at age 74, published on 4th February 2017; and QR code woes! published on 8th May 2018. The latter was written nearly eight years ago. It's most unlikely to be found and read by accident in 2026. 'a5467845' came across it in a deliberate search, or so they say. Two things here: first, if I committed an online offence, it's an old offence. Second, why didn't this person just take it for granted that in the space of eight years several people might already have pointed out to me the error of my ways? (Incidentally, this was the first time anyone had)
I decided not to write back and vent my indignation. Let it ride.
Then, curious now, I read this email again. It was an odd message. No 'Dear Lucy' or other salutation. Nor was it written in normal English. Why no 'a' before 'Google search'? Why the unnecessary 'to be used' after 'anyone'? As if somebody had constructed the message by stringing together various phrases, but neglected to edit the result for redundant or nonsensical words.
Did a human being write the thing? And if it was some bot, what was the purpose of the message? To prompt me into responding? With what outcome?
Then I looked up Proton Mail. This turned out to be (in their words) 'Secure email that protects your privacy' and 'an encrypted email service based in Switzerland' - therefore not subject to English law or any kind of control. And, no doubt, an email account with Proton Mail would be as secret and hard to trace as a Swiss bank account.
My gut feeling was that anyone needing to hide behind an encrypted email service was a person best avoided. So I've reported this as spam, and have blocked the sender.
