For a lot of use cases, simply sending the address of the deleter to whoever sent the file would suffice. Next time, just don't send it to them, or apply real-world consequences.

Sure, it wouldn't work for a large public setting... but it'd work for many other settings.