Stopping email address validation is, I think, impossible for a company like Coinbase, but revealing the name doesn't have to happen.
On the other hand, providing the first and last name could be very valuable to the users, though. If I send coins to bob@example.com, I'd like to see the real name behind that address.
On the other other hand, if anyone can make any first and last name they wish, then the safety of that goes away. Maybe I make b0b@example.com with the same real name.
EDIT The users agreed to have their names given to people they transact with. Does that include strangers attempting to transact with them? I'm thinking "no" but can see the other side.
If you want a service that allows the sender to verify name before sending, make it a feature that both:
(1) is opt-in on the recipient's side and fails with something like "that recipient email address doesn't have an account, the name doesn't match, or they haven't decided to allow name verification"
AND
(2) is only available on payments above your highest guess at the expected value of matching an account-email-name triple for spearphishing, and the error messages (and timings) are identical if the name doesn't match or the given email address doesn't have an account.
I imagine there are few profitable attacks where an answer "yes, email_address with name has a Coinbase account" costs a minimum of 100 USD to an attacker and getting an answer "Either email_address doesn't have an account, that name doesn't match our records, or they've chosen not to share their name" costs 0 USD. However, I'd have to think a bit more about that 100 USD minimum.
Stopping email address validation is, I think, impossible for a company like Coinbase, but revealing the name doesn't have to happen.
On the other hand, providing the first and last name could be very valuable to the users, though. If I send coins to bob@example.com, I'd like to see the real name behind that address.
On the other other hand, if anyone can make any first and last name they wish, then the safety of that goes away. Maybe I make b0b@example.com with the same real name.
EDIT The users agreed to have their names given to people they transact with. Does that include strangers attempting to transact with them? I'm thinking "no" but can see the other side.