Sending single custom emails is much more effort than bulk-mailing a huge list operationally. Sending bulk can be accomplished by uploading a csv of emails to some enail bulk sender versus code to run at the correct time for the correct user... way easier in bulk and way cheaper
> Providing expiration notification emails means that we have to _retain millions of email addresses_ connected to issuance records. As an organization that _values privacy_, removing this requirement is important to us.
A mailing list. Is still retaining emails somewhere. Doesn’t matter if it’s stored in a text file on a usb drive in a vault. It’s still retaining an email list.
I think the key part is what you didn't emphasize: "connected with issuance records." A list of email addresses is just a list of email addresses. A list of email addresses with domains over which the recipient has control is far more interesting data.
Is it truly much more difficult? At worst you could batch them by week and registered email, a one-liner can generate the list of destinations, and then you send that to your newsletter-sender-service and call the email "your cert is expiring next week".
You are talking of a volume of around 600 000 000 domains (based on a plot on their website) that try to renew at best after 8 weeks. And that's just default profile, there are 160h certs profiles now [0].
You think they will ever send nearly as much as (at least) 75 million newsletter mails weekly? Sendgrid's highest value in their pricing slider is 1,25 mil a week.
It is easy to think something like this is easy until you attempt to do it.
Are you really questioning a free SSL Certificate system when it says something is too complex and not worth it?
If you ever set up a free SSL before LetsEncrypt, you'd know they're amazing and you can trust them not to lie to you, especially about this where they've outlined the reasons clearly.
