[jdludlow]

I'm not sure how that would help. They would have to generate a matching hash on their end, giving them a lookup table to work backwards from hash to email address.

Now if they wanted to supply a list of hashes to the public, then you could check your own without knowing any of the other addresses used to generate the remaining hashes.

[kevinoconnor7]

Yes, but they would already have your e-mail address anyway. Lookup by hash precludes the case where you're giving them information they didn't already have.

[jdludlow]

True. I was more referring to it being a confirmation that this is an email address that anyone cares about.

If I wanted to be truly malicious I'd have my online checker return a "Nope, you're all good" and then add that email address to the short list of accounts to go after.

[bitJericho]

But you're still feeding into the "this is a good working address" and "this is a security newb" email lists.