[theamk]

Isn't it kinda pointless because it will only work once per "enemy"? Sure, the first time it will waste a bunch of their time, but the second email will just get the same canned response.

I suppose you could make it a bit worse by asking to see the information collected - then simple copy-paste will be insufficient, they will have to run a script as well.

[jsty]

The truly malevolent thing to do would be to run a programme offering their customers a payout for sending in a GDPR request. Bonus malefactor points for using targeted ads to reach those customers.

[kreetx]

Ah, GDPR caching :)