How to Set Up Conditional Delivery on Inactivity (2026)
TL;DR
Conditional delivery of messages based on inactivity sends your stored messages only when you stop checking in for a defined period, not on a fixed schedule. Setting it up requires choosing an inactivity window, configuring escalation stages to prevent false triggers, selecting recipients, and deciding how your messages will be encrypted. This guide covers the full concept, the key decisions you need to make, the available approaches, and the pitfalls that catch people off guard.
Explore how MissCaps handles conditional delivery with encryption built in from the start.
What Does “Conditional Delivery of Messages Based on Inactivity” Mean?
At its simplest, conditional delivery of messages based on inactivity is a system that sends pre-written messages to chosen recipients only if you stop responding for a set number of days. The messages sit dormant, encrypted and waiting, for as long as you keep proving you’re alive and active. The moment you go silent beyond your configured threshold, the system treats your silence as a signal and begins the delivery process.
The concept traces back to 19th-century railway engineering. Train operators had to hold down a physical lever while driving. If they became incapacitated and released the lever, the train would automatically brake. The logic was elegant: safety through inaction. The digital version replaces the lever with a check-in prompt and replaces the brake with message delivery.
In modern software, this is commonly called a “dead man’s switch,” though that term carries dramatic connotations that don’t always fit. Other names include missed contact switch, inactivity trigger, and check-in system. Regardless of the label, the core idea is identical: if you stop confirming that you’re OK, the system sends messages, releases instructions, or hands off information to people you trust.
Why This Is Not the Same as Scheduled Email
This distinction matters more than most people realize, and almost no existing guide makes it clearly.
A scheduled email fires at a fixed date and time regardless of what you’re doing. You could be perfectly healthy, sitting at your desk, and the email goes out anyway. That creates obvious problems: confusion, embarrassment, or panic among recipients who receive a message that reads like a final goodbye while you’re still alive.
Conditional inactivity delivery adapts to your actual situation. It fires only when you genuinely go silent. If you check in the day before the timer expires, everything resets. Nothing sends. This makes it fundamentally different from any calendar-based or time-delayed email system.
For a deeper look at how this distinction plays out in practice, see how capsule-based delivery works in a purpose-built app.
How the Core Mechanics Work
Understanding how to set up conditional delivery of messages based on inactivity starts with understanding the check-in loop. Every system in this category follows the same basic pattern, with variations in how many safety layers sit between “missed check-in” and “messages sent.”
The Check-In Loop
- You prove you’re active. This could mean tapping a button in an app, responding to an email, or simply unlocking your phone (depending on the tool).
- The timer resets. Your configured inactivity window starts counting down again from zero.
- Nothing happens. As long as you keep checking in, your messages stay dormant.
The Trigger Flow
When you stop checking in, the system doesn’t immediately fire off your messages. Well-designed systems follow an escalation sequence:
- Warning stage. The system sends you a notification (push alert, email, SMS) reminding you to check in. This typically happens 24 hours before the inactivity window expires.
- Grace period. Some systems add an extra buffer after the warning, giving you additional time to respond.
- Delivery. If you still haven’t responded after all escalation steps, the system delivers your messages to your chosen recipients.
One open-source project called Posthumous formalizes this as a state machine: ARMED → WARNING → GRACE → TRIGGERED. A check-in from any pre-trigger state resets the system to ARMED. But TRIGGERED is terminal, meaning once delivery fires, it cannot be undone.
For a walkthrough of how these escalation stages work inside an encrypted app, the MissCaps features page breaks down configurable miss days, warning notifications, and the optional secondary confirmer.
Key Configuration Decisions
Setting up conditional delivery of messages based on inactivity involves several decisions that directly affect reliability, privacy, and safety. Getting these right matters more than choosing which tool to use.
Choosing Your Inactivity Window
This is the single most important variable. Set it too short, and you risk false triggers every time you go camping or get busy at work. Set it too long, and your messages might not arrive for months after something happens to you.
Here’s how the range looks across existing tools:
| Tool | Minimum Window | Maximum Window |
|---|---|---|
| Google Inactive Account Manager | 3 months | 18 months |
| DeadMansSwitch.net | 1 day | Years |
| MissCaps | 3 days | 30+ days (presets at 7, 14, 30) |
Funeral.com advises that longer windows are usually safer because short windows increase the risk of accidental triggers during travel, illness, or email disruptions. MissCaps adds a 24-hour warning notification before the inactivity threshold expires, giving you a final chance to check in.
One practitioner on a Google Play review described using a 90-minute inactivity window with a 30-minute SMS warning due to a chronic disability. That’s an extreme edge case, but it illustrates how personal the right window is.
Setting Up Recipients
Most tools let you designate multiple recipients. Consider what each person needs to receive. A spouse might get account credentials and personal messages. A business partner might get operational instructions. A close friend might get something entirely different.
The recipient experience matters too. In many systems, the recipient gets an email with a unique link and can download the message through an ordinary web browser with no app install required. MissCaps uses a per-recipient verification flow where the recipient answers a pre-set question to derive the decryption key, adding a layer of identity confirmation without requiring any software on their end.
Adding a Secondary Confirmer
This is the configuration variable that most guides skip entirely, and it’s arguably the most important one for preventing disasters.
A secondary confirmer is a trusted person who gets notified before your messages actually deliver. Their job is simple: verify whether you’re genuinely unreachable or just busy. If it’s a false alarm, they cancel the delivery. If they can’t reach you either, delivery proceeds.
MissCaps offers an optional secondary confirmer with configurable windows of 1, 3, or 7 days, giving your trusted contact time to investigate before anything irreversible happens. This human-in-the-loop step is what separates careful systems from reckless ones.
To learn more about how this safety layer works alongside encryption and blockchain tamper-evidence, the features page has the full breakdown.
Encryption: Zero-Knowledge vs. Plaintext Storage
Here’s a hard truth that the creator of DeadMansSwitch.net openly acknowledged on the Lobsters forum: “No matter how much encryption the server has, ultimately it needs to send your message in plaintext, so there will be a way to read it.” His recommendation was to encrypt messages yourself before uploading them to any service.
That’s a reasonable workaround for technically sophisticated users. But for everyone else, the better option is a tool that handles encryption automatically.
Zero-knowledge architecture means the service provider stores only ciphertext and literally cannot read your messages, even under legal compulsion. MissCaps uses AES-256-GCM encryption performed on-device, with RSA-2048 key wrapping and a PBKDF2-SHA256 derived privacy PIN. The server never sees your content in readable form. Recipients decrypt messages using answer-derived keys in their browser.
The trade-off is real, though. Zero-knowledge systems require users to manage their master keys strictly, because data recovery is impossible if you lose both your PIN and recovery codes.
Legal Boundaries
A conditional delivery message is not a will. It does not automatically create legal authority for someone to access your accounts, manage your estate, or act on your behalf. Security researchers have noted that these tools can send instructions, messages, account maps, or recovery material, but they cannot create legal authority by themselves.
Treat conditional delivery as a complement to formal estate planning, not a replacement for it.
Five Approaches to Setting Up Conditional Delivery of Messages Based on Inactivity
1. Platform-Native Tools (Google Inactive Account Manager)
Google’s Inactive Account Manager is a way for users to share parts of their account data or notify someone if they’ve been inactive for a certain period. Google checks multiple signals including sign-ins, Gmail usage, activity history, and Android check-ins.
Strengths: Free, backed by Google’s infrastructure, zero setup friction.
Weaknesses: It’s tied to your Google account, not your broader digital life. The minimum inactivity window is 3 months, which is too long for many use cases. It supports up to 10 trusted contacts, but it’s better for account handoff than for carefully staged message delivery.
2. Classic Email-Based Services
Services like DeadMansSwitch.net follow a straightforward model: you write emails, choose recipients, and the service periodically emails you to confirm you’re fine. If you don’t respond, it sends what you wrote. Intervals can range from one day to years.
Strengths: Simple to understand and configure.
Weaknesses: Messages are typically stored in plaintext on the provider’s servers. No end-to-end encryption by default. If the provider gets breached, your messages are exposed.
3. DIY Automation (Tasker, Scripts)
For the technically inclined, Android automation apps like Tasker can detect phone inactivity and trigger actions. The basic concept: if you don’t interact with your phone or unlock it for a set period, it sends a pre-written SMS or email. MacroDroid offers a free alternative for up to 5 automation flows.
Strengths: Full control over logic. No third-party servers.
Weaknesses: Fragile. Android battery optimization routinely kills background processes. No encryption layer. No recipient verification. One practitioner on Android Authority noted that testing a DIY dead man’s switch is “the most stressful part of the setup” and ran multiple trials to make sure the email actually arrived.
4. Self-Hosted Solutions
Open-source projects like Aeterna and Posthumous let you run your own conditional delivery server. Aeterna’s architecture uses three distinct phases: the pulse, the grace period, and the payload. The pulse is your check-in. If missed, the grace period begins. If that expires, the payload (your messages) deploys.
Strengths: You control everything. No vendor dependency.
Weaknesses: A single server is a single point of failure. If the server goes down, silence looks the same as death. You need to keep the server, domain, SMTP setup, and maintenance alive for the long term, which is especially hard to guarantee when you’re the sole operator.
5. Dedicated Encrypted Apps
Purpose-built apps represent the newest category and address most of the weaknesses above. MissCaps, for example, combines on-device E2E encryption (AES-256-GCM), a zero-knowledge server model, configurable miss days, an optional secondary confirmer, per-recipient browser-based decryption, and Solana blockchain proof for tamper evidence.
Strengths: Strongest privacy model. Designed specifically for conditional delivery of messages based on inactivity. Recipients don’t need to install anything.
Weaknesses: You’re trusting a specific vendor’s infrastructure (though zero-knowledge architecture limits what they can access). If you lose your privacy PIN and recovery codes, your data is gone.
To compare plan options and try the free Experience Mode, MissCaps offers paid tiers starting at $2.50/month.
Pitfalls and How to Avoid Them
False Triggers: The Number One Problem
This is not a theoretical concern. A widely shared story on Reddit’s r/tifu describes a user who missed a check-in email because work got busy. They completely forgot about their dead man’s switch. The emails went out. Their wife came home to find phones flooded with panicked calls from people who received messages starting with “If you’re reading this, then I am dead.”
The fix is layered safeguards. One Reddit user described setting up a two-step switch where the first email goes to a couple of close relatives, and they have to click a link to confirm the person is indeed unreachable before the real messages go out. Another commenter outlined a system that correlates multiple signals of inactivity and triggers “a series of multiple emails and texts looking for your response over at least 2 weeks” before sending anything.
If you want to understand how genuine silence verification prevents these situations, that guide walks through the logic in detail.
Spam Filters Eating Delivery Emails
If the delivery notification lands in your recipient’s spam folder, the entire system fails silently. Test your setup by running a trial delivery and confirming the message arrives in the recipient’s primary inbox. Some services let you do this without triggering the real payload.
Forgetting to Update Content After Life Changes
People set up their messages and never touch them again. Relationships change. Passwords get updated. Instructions become outdated. Build a habit of reviewing your stored messages at least once a year, or whenever a major life event occurs.
Losing Encryption Keys or Recovery Credentials
With zero-knowledge systems, there is no “forgot password” backdoor. That’s the whole point. If you lose your privacy PIN and your recovery codes, your encrypted data is unrecoverable. Write down your recovery codes and store them somewhere physically secure, separate from your device. Understanding how recovery codes work before you need them is worth the five minutes it takes.
Recipients Not Recognizing the Notification
When your message finally arrives, the recipient may not know what it is. They might dismiss it as spam or phishing. Tell your recipients in advance that they may one day receive a notification from whatever service you’re using. Give them enough context to recognize it and act on it.
Quick Glossary of Related Terms
Dead man’s switch: The colloquial term for any system that takes action when its operator stops responding. Named after the railway safety mechanism.
Check-in interval: The period between required proof-of-life actions. Also called “miss days” in some tools.
Grace period: An additional buffer between a missed check-in and final delivery, giving you extra time to respond.
Secondary confirmer: A trusted person who verifies your inactivity before messages are released. Acts as a human circuit breaker against false triggers.
Zero-knowledge encryption: An architecture where the service provider cannot read your stored data, even if they wanted to. The encryption and decryption happen on your device or in the recipient’s browser.
Tamper evidence: A mechanism (often blockchain-based) that proves a message hasn’t been altered after creation. MissCaps records a SHA-256 fingerprint on the Solana blockchain for this purpose.
Digital legacy: The broader category of planning for what happens to your digital accounts, messages, and data after death or incapacitation.
Kill switch: A different concept. A kill switch shuts something down (like wiping a device). A dead man’s switch sends something out. They work in opposite directions.
For a broader look at privacy-first message delivery terminology, that glossary covers additional terms.
Getting Started
Learning how to set up conditional delivery of messages based on inactivity is the first step. Actually doing it is what matters. Start with the simplest version: one message, one recipient, a reasonable inactivity window, and a secondary confirmer. Test the flow. Refine it. Then expand to additional messages and recipients as you get comfortable.
Ready to try it? Download MissCaps and use the free Experience Mode to test the full conditional delivery flow before committing to a paid plan.
Frequently Asked Questions
How is conditional delivery based on inactivity different from a scheduled email?
A scheduled email sends at a fixed time no matter what. Conditional delivery based on inactivity only sends when you stop checking in. If you’re active and responsive, nothing ever sends. This prevents the common problem of messages arriving while you’re perfectly fine.
What happens if I forget to check in but I’m not actually in danger?
That depends on how your system is configured. A well-designed setup includes warning notifications before the timer expires and, ideally, a secondary confirmer who can cancel the delivery if they verify you’re OK. Without these safeguards, a missed check-in can trigger full delivery by mistake.
Can my service provider read my stored messages?
It depends on the tool. Many email-based services store messages in plaintext on their servers. Zero-knowledge systems like MissCaps encrypt everything on your device and never send readable content to the server. The provider stores only ciphertext and cannot decrypt it.
Is a conditional delivery message legally the same as a will?
No. A conditional delivery message cannot create legal authority for anyone to access accounts, transfer assets, or act on your behalf. It can deliver instructions, personal messages, or account information, but it should complement formal legal documents, not replace them.
What if I lose my encryption PIN and recovery codes?
In a zero-knowledge system, your data is unrecoverable. That’s by design. The provider has no way to decrypt your content without your credentials. Store your recovery codes in a physically secure location and treat them with the same care as a safe deposit box key.
Do my recipients need to install an app?
Not with most dedicated services. MissCaps, for example, delivers messages through browser-based pages where recipients verify their identity by answering a pre-set question. No app installation required on the recipient’s end.
How do I know my message hasn’t been tampered with?
Some tools provide tamper-evidence through cryptographic proofs. MissCaps records a SHA-256 fingerprint of each capsule on the Solana blockchain. Recipients can independently verify that the message content matches the on-chain hash, confirming nothing was altered after creation.
What’s the right inactivity window to choose?
There’s no universal answer. A 7-day window works for people who use their phone daily and want relatively fast delivery. A 30-day window provides more buffer against false triggers from travel or illness. Start longer and shorten it once you’re confident in your check-in habits.