First, I wasn’t blaming the user at all, I was blaming the software. Second, I don’t see any “victim” here. It’s an occasional email sent in error. It’s a special kind of privilege to be able to write 500 words complaining (and threatening retribution) for something like this.
Email clients do need to be able to successfully handle spam, it’s a pre-requisite for using email. I would absolutely blame the email client software before shouting into the void.
Talk about GDPR, ICO, SEC... calling it a “breach”. Calling out the CTO for deleting old tweets, the comment “I assume that JGC doesn’t like his personal data being misused.” could be interpreted as a veiling threat but it’s borderline.
Talk about the GDPR isn't threatened retribution. It's just something that happens when you violate the GDPR. That's like saying that talk about tax law and the tax office and calling something “tax fraud” is a threat.
I do understand about the tweets, though. Calling out perceived hypocrisy, especially when there are legitimate reasons it's not hypocrisy, is a threaty sort of thing.
Whether they keep sending you email or not, you should never see a message from the same address again.
A decent client would give you the option to block the whole domain.