9
Story
Google is 'gradually rolling out' option to change your gmail.com address
I wish they'd let me recover my original -- I lost my TOTP generator, and the codes I'd written down in a paper notebook were rejected. I even hunted down the electronic copy in case there was a transcription error -- seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.

Lost a decade and a half of correspondence dating back to my teenage years. I had imported my phone number I'd had since I was 16 into voice, and it doubled as my Signal number. I even had a Gsuite subscription so I could use their (admittedly decently) UI to power my firstname @ lastname dot com email address.

I will never use their services again, I was really digusted by this failure.

I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.
  • lurk2
  • ·
  • 11 hours ago
  • ·
  • [ - ]
This happened to me ten years ago. A while later they did the same thing with my Minecraft login that I had purchased before the EULA was in place; I’ve avoided their services like the plague since then.
  • thiht
  • ·
  • 2 hours ago
  • ·
  • [ - ]
I had the same issue with my Hotmail address. I know the address and password, but Microsoft won’t let me login. And they ask ridiculous things like, what emails are in the inbox. I haven’t used this address for 20 years, I just want to access the Hotmail address from when I was a teenager.
Send some emails to the address, then you'll know what is in the inbox :)
  • thiht
  • ·
  • 1 hour ago
  • ·
  • [ - ]
Haha that’s clever, I will try this
>I just want to access the Hotmail address from when I was a teenager.

Logging in doesn't solve your problem. It gets way worse after you log in [0]. At least now you still have hope.

[0] https://news.ycombinator.com/item?id=36000161

  • fosco
  • ·
  • 12 hours ago
  • ·
  • [ - ]
I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown
Maybe you should send it enough mail to fill it up and the it would reject emails? Send a bunch of emails with large attachments and avoid getting marked as spam.
I got mine when it was invite only too, I had it a very long time.

I use protonmail now -- I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)

>I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)

I also have paid services a lot of money where customer service was nonexistent until I did a credit card chargeback or raised an issue with government regulators.

I'm trying to figure out exactly what I want to push my state legislature to encode into law with regards to customer service minimums that would cover anyone doing business in the state, free or paid.

I'm in the camp that paying makes you a customer. Inversely using a free service makes you a user, not a customer.

And as you correctly note, there I'd no "user service" department.

You can of course push for any law you like, but I expect laws protecting "users" to be toothless. Basically the TOS will boil down to "we can do anything we like" - which I guess is more or less what they say now.

I find it helpful to think of users as distinct from customers because it let's you understand the provider company motivations.

For example, Google's customer's are advertisers. Hence they cull services not conducive to advertising.

Most startups see VCs as the customer. Their business model is to sell shares to VCs in round after round. Seen in that light their attitude to users is rational and users only exist as props to VC sales.

VCs (and founders) are chasing an exit, which is usually acquisition or aquihire. Your use of the service will thus rarely survive the exit.

These are not things to be outraged about. They are all completely rational and predictable outcomes. When you use a service, these are factors you should evaluate.

Gmail is a throwaway email. I lost my SIM and hence can't log in anymore.

Never ever rely on Gmail.

Huh? Are phone numbers tied to physical sims in your country? You can't just ask the phone company to give you a new sim with the same number?
  • dijit
  • ·
  • 1 hour ago
  • ·
  • [ - ]
If you’re on a contract that can work.

If it’s a PAYG sim card then you’re out of luck without the PUK code, which, if you’ve lost the sim then you have most assuredly lost (or never had).

PAYG is a lot more common in parts of western Europe than contracts.

People associate contracts with “overly expensive” phone deals.

  • exe34
  • ·
  • 9 minutes ago
  • ·
  • [ - ]
no, I got my puk code from my phone operator when I moved services before. at least in the UK it works that way.
I had this issue with my alternative account. Despite my main account being associated (not by recovery, I think this predates that feature), and most messages being forwaded to my main I was never able to successfully recover the credentials.
> I will never use their services again, I was really digusted by this failure

Isn’t this inherent to not choosing an (EDIT: external) account-recovery method?

The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)

You can have all the right details and recovery methods but if at some point they request you to provide the code they sent to the phone you don't have for the last 10 years......... That's it.
> if at some point they request you to provide the code they sent to the phone you don't have for the last 10 years

AFAIK once 2FA is up, you can remove your phone number from GMail.

I know it takes time to set up a recovery account (in case the account is inactive for x months), to remove a phone number, etc. but if one's GMail is important it could be worth doing both now if it hasn't already been done.

They did have a method to recover their account that they tried, though - they said that they used the account recovery codes, but that they were rejected. (Those would be the codes that Google gives you when you initially set up 2FA.)
When I first got the account, my cell phone was a recovery method. Later in life I imported the cell into google voice... thus when the recovery codes failed, there was no other option.
Sorry, I meant an external recovery method. Another e-mail address or a phone number.
Another email address is useless.

Another phone humber only works if you didn't lose that phone.

  • ashv
  • ·
  • 5 hours ago
  • ·
  • [ - ]
Why would another email address be useless?
  • ncann
  • ·
  • 4 hours ago
  • ·
  • [ - ]
I had email address X (gmail) that I hadn't logged into for a long time. One day I tried to log in to it. Correct password, but Google, for some reason, simply decided there's something suspicious about my login and blocked it. X had Y as the "recovery email", and I had access to Y, and I indeed received an email from Google sent to Y that it blocked a suspicious login to X. However, THERE WAS NO WAY TO USE Y TO GAIN ACCESS TO X. Google simply did not offer that option for X, and I had no idea why.
  • Flimm
  • ·
  • 3 hours ago
  • ·
  • [ - ]
Google doesn't allow you to recover a Google account using only your recovery email address. Despite its name, the recovery email address is not used to recover Google accounts AFAICT, it's only used to receive notifications about security-related events.
op said they had recovery codes but they didn’t work.
  • rr808
  • ·
  • 1 hour ago
  • ·
  • [ - ]
Wait a second - if you have gsuite it isn't a regular gmail account. Did you talk to gsuite team? If you even paid there is real support.
> seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.

I had the same problem with GitHub's backup codes not working: https://news.ycombinator.com/item?id=35735996

Whoa, I noticed something similar. I was updating my password or something a few years back and decided to test the backup codes too. They didn't work. I don't know what went wrong but that got me worried a bit.
Back up your seeds! Aegis for Android lets you do encrypted exports.
Or just write down the TOTP seed on paper backups instead of backup codes.
Works for google (should!) but man there are some platforms that don’t expose the Totp code, or let you redisplay it! Sometimes they make you remove the old one before you can make a new one, too.
Few, but screenshot the qr code and print it out.

Even Facebook supports totp it's just well hidden.

So don't put it off until it is too late -- if you haven't already, regenerate and copy TOTP seeds to paper now.

When you set up TOTP on a new account, copy the TOTP seed to paper then and there, resist the "I'll do this later".

If it isn't backed up it doesn't exist.

Corollary (likely unpopular I'd hazard) - hardware token implementations that I can't back up to paper don't exist as far as I'm concerned.

  • cuu508
  • ·
  • 43 minutes ago
  • ·
  • [ - ]
My policy is to enroll multiple WebAuthn keys and treat the second, third etc. key as the backup.
Yikes. This post is an unsettling reminder that gmail is a single point of failure in my personal and financial security.
  • cedws
  • ·
  • 12 hours ago
  • ·
  • [ - ]
Email services in general. My worst nightmare is my email provider (which isn't Google) going dark and losing access to everything.
You can use a custom domain with most providers, so when they go dark you can at least migrate to another one.
  • cedws
  • ·
  • 11 hours ago
  • ·
  • [ - ]
Two things about fronting with your own domain:

1. You have to own that domain forever, until or at least until you're 100% confident that an email intended for you will never be sent to that domain ever again. Even then, there are security risks with giving up the domain.

2. You give up some privacy. You can use mailbox aliases but it doesn't really matter if all the mailboxes are tied to a domain registered to your name and address.

For (1) you can prepay i think up to 10 years? And every year you just prepay 1 year again and you will have 10 years to remember that you forgot to pay a domain registration bill.
Whois privacy is basically standard these days, no?
Doesn't completely solve the problem. You now have to pay per (unaffiliated) alias since each requires an independent domain. You also become extremely vulnerable to data breaches because rather than learning that foo@provider is john.doe@provider with IP xxx you instead learn that foo@domain is John Doe, phone number, street address, credit card, etc.

This issue goes far beyond email alone. The ICANN domain system effectively rents a string out to you on a temporarily basis and mandates that an Impressum be attached to it. It's a deeply flawed scheme when viewed from the context of both historical hacker culture as well as the fundamental values of a free and open society.

Yes but all of your aliases would be under the same domain so one could surmise that the same person uses the domain.
You can usually setup several domains. Some domains are very cheap to register, so you can register some inconspicuous, universal, email provider-sounding domain and add aliases at will.
1. A little money solves this. You can register for 10 years at a time. Any decent registrar will blow up your email near your domain’s renewal date regardless of renewal status.

2. Whois privacy solves this. Free from any decent registrar.

That is moving the point of failure to the domain registrar. Which is probably less likely, but you are always relying on someone.
I think that the point here is that your domain registrar will pick up the phone if there is a problem, where Google clearly will not.
I use AWS to register the domain and AWS supports up to 8 different MFA factors. I have totp and 4 different passkeys registered
If you use a password manager like Keepass, you should still be able to log into your other accounts if you lost access and at least with financial institutions you can call, ask that no changes be made with without coming into the branch and showing ID.
  • cedws
  • ·
  • 11 hours ago
  • ·
  • [ - ]
Yes, but many companies will also drag their feet, refuse for "security reasons", or you'll just never be able to reach them in the first place because their only support is an AI concierge that tells you the same thing over and over.

As an example Anthropic and OpenAI don't let you change your email address.

  • fph
  • ·
  • 2 hours ago
  • ·
  • [ - ]
If you use a password manager like Keepass, you can put your TOTP into it as well. With both a password and a keyfile it's still two factors, technically.
Worst case you need to self host
Great when it works. Too many senders will only deliver to widely used hosts, and silently fail for anything outside their tiny allowlist.

Note that I'm not even talking about trying to send email FROM a self-hosted account, but trying to get someone else to send email TO such an account.

Realizing this is why I bought my own domain name and pointed the mx records at Gmail. This way I can change it to different mails servers if needed, even self hosted. One useful thing you can do is configure Gmail to forward mail to unknown address to a known one. So I can create addresses like Facebook@ultrasane.com or Amazon@ultrasane.com, etc
This is exactly what happened to me on Dropbox, where even the backup codes did not work.
I'm paranoid and print off my TOTP key for each account I make that might matter in any way.
> I will never use their services again, I was really digusted by this failure

Was there ever really an agreement that they'd be storing your cherished memories for decades? I still treat email the same way I've done since the 90s. Your email provider is just a cache but you download and backup the messages yourself.

Hopefully this has been a wake up call for you. If you care about data then you need a copy that you control and have a good backup plan.

You think that sucks, my childhood angelfire is gone.
Try contacting their support. They did help me regain access to my late 90s angelfire account, even though the original email address I had used was long dead.
Save a picture of the TOTP QR code and print it out.
> I will never use their services again, I was really digusted by this failure.

Without such measure anyone with your password could "reset" your 2FA.

The solution to "I may lose my 2FA" is not to make GMail a 1FA: it is to configure beforehand your GMail so that if your account is inactive for 6 months, access to your account is given to a person of your choice. It's so that a death spouse (for example) can eventually access the account.

  • khana
  • ·
  • 10 hours ago
  • ·
  • [ - ]
[dead]
This is so useful. a Gmail account is so much more than just an email account at this point. my first gmail account was made when anonymity and cool email was more of trend than your actual name - so i based upon my favorite book in 2006. 20 years later the account is tied to my oft used primary google voice number so lingers even with obscure and hard to spell email.

i could gave moved my google voice number, but it seems like a convoluted process and have had my number since about Grand Central acquisition.

in my experience, in/out porting with google is super quick and works great. It costs $20.00 IIRC. I port my primary phone number around to avoid unlawful surveillance, handy tool in the bag.
  • 9dev
  • ·
  • 11 hours ago
  • ·
  • [ - ]
Oh, finally. I’m one of the first.last@gmail folks, which I assumed would never change when I was 13 years old (hah!). Fast forward a few years, I got married, and am stuck with my old name in the address.
I have a first.last email, but it's created quite the interesting situation. Turns out some dude in Australia has the same first+last name as me, and he's been using firstlast@gmail.com. As far as I can find from Google's documentation, the email with no dots should be the primary and the one with dots an alias, but I'm guessing because I registered mine ages ago (back in 2006) it takes precedence. I have no idea how he hasn't noticed that his gmail emails are going to another inbox - maybe Google delivers them to us both or something? Regardless, I've gotten very personal emails (like from his therapist) and tried to reach out explaining the situation and asked these parties to let him know he needs to stop using that email, but to no avail.

Honestly the one who is at fault here is Google. If first.last and firstlast are treated as aliases, they straight up should not allow people to create them once the first exists, rather than just send emails to someone else. I've tried to respect my Australian brother's privacy (like not reading his therapist's emails and such), but not everyone is gonna do that.

I have exactly the same issue (I get an insane amount of email for other Firstname Surname people that isn't me from various other places in the world), but I'm 100% sure at this point that it's people using the wrong email address, as occasionally when I contact the people to let them know they've emailed the wrong address, they have actually told me the real email address they should have used, and they were missing a number, or in one case it should have been an initial instead of the full first name.

I used to also think that Google were screwing up by allowing a 'clash' of firstname.surname and firstnamesurname, and maybe they did a bit in the 2004-2009 period, but with lots of testing over the years (sending test emails to both), I'm confident now it's 'just' other people's emails getting 'simplified' too much when being told, and it ends up being sent to me.

I do however think Google shouldn't have allowed that alias situation to arise.

I also think (based on the fact that my 'un-dotted' email alias has been successfully used to sign up for various services for the other people) that many online services just have very poor sign-up validations of emails.

When I was a kid, I used to get a ton of emails for a guy who put the wrong email address on a dating site. It was always interesting at 13 to have to tell women that I wasn't the man they were interested in.
Are you sure he actually has that address? I get lots of emails mistakenly sent to me, some via a dotted version of my address, but I'm pretty sure those people (or the ones trying to contact them) have just misremembered or typoed their actual address. I'd be very surprised if Google did allow firstlast and first.last to exist as distinct addresses tied to separate acccounts.
He has a different address than yours and has given out an incorrect version to some people (perhaps a misspelling of his name).

The dots are ignored.

I have this same issue! But I can log in with or without dots… but it’s like someone else thinks their email is my email without the dots. I can’t really figure out what is happening. The volume is way too high for it to be spam though.
  • pests
  • ·
  • 7 hours ago
  • ·
  • [ - ]
It would be just he uses a similar email, say last+first@gmail and gives it out incorrectly at times. Or people assume it is his. My friend has a first+last@gmail and I constantly confuse the order (or was it last+first? idk), a decade later. So you two are just seeing a subset of incorrectly addressed email, imo.

I remember a decade+ ago when this was discovered as some issue and caused a bunch of drama in the blogosphere.

If Im not mistaken, periods are ignored entirely. I regularly sign up for free trials with variations on first.last@gmail.com, firstlast@gmail.com, f.i.r.s.t.last, etc and they all come to my inbox.
Oh god I have this problem with my firstlast@outlook.com address. I have a common english name so get the emails of other people from all over the world. The worst are subscriptions and regular invoices.

I had to give up using the address.

  • ·
  • 9 hours ago
  • ·
  • [ - ]
A bit off topic, but changing your name when getting married is so strange to me. It is not at all common where I live (Belgium), in fact I don't think I personally know a single person who did.
Different cultures, different traditions. Personally I think it's a beautiful symbol of unity for one person to take the other's name (though I'm neutral as to which party should change their name, and I was perfectly willing to take my wife's name if she had wanted that), but of course that's the culture I was born into so it seems normal to me.
Actually it's strange to learn that outside Spain and Portugal there are other countries in EU where you do not change your name when married!
I was very happy to take my wife's name when we got married. A free choice I made. And I think there is nothing weird about it.
Not only is it strange, it’s obviously very sexist in practice. In majority of the cases, it’s always the woman who changes her last name. The husband gets to keep his. I still find it very strange and shocking that powerful women with successful careers in modern society still keep changing their names after getting married.
By such a definition any tradition related to gender would be sexist. The tradition is that the wife will change her name. This tradition is why it makes up the majority of cases.
No, any tradition that favors one gender over the other is sexist. Which is absolutely the case with the tradition of women taking their husband's family name when they get married.
Not really - this “tradition” as you call it obviously started back in the day when women did not have equal rights in society and only the husband’s lineage mattered.
How do you propose fixing that? Let the kids take both parents last names? In few generations you end with kids having their entire family tree as their last name! It might even make marrying within the tribe attractive again to keep last name single word!
Portmanteaus
I changed my name to my wife's name when we got married. Where I live, everyone can choose if they want to keep their name or change it to either ones. So its a free choice.

AND: Hope gmail will rollout this feature asap, so I can FINALLY adjust my email address too.

It is not sexist at all, let alone "obviously very sexist". Don't impute malicious motives to people like that, it's extremely rude.
Come on man, I think it's safe to say a tradition that favor's men over women is reasonably sexist, especially given the time the tradition established women were property.

I don't think Belgium's feelings will get hurt, besides wait until you learn about all the other things that Leopold II did.

What last name do your kids use?
Last name of father and mother, respectively.

  let motherLastName = "Carter Hughes"
  let fatherLastName = "Miller Thompson"
  let childLastName  = "Miller Carter"
  let childFullName  = "Jean Paul Miller Carter"
Or so that is how it works in many countries around the world.

You might ask, —“Why does the father’s last name go first and the mother’s second?”— That’s an old tradition, and it can change whenever enough people in our society agree. As it stands, the father’s family name tends to persist down the family tree, while the mother’s family name often disappears in each generation.

Or so that is how it works in many countries around the world.

You should have given a more complete example, where the parents themselves have long names to demonstrate that something does have to get dropped when you have children.
  • pests
  • ·
  • 7 hours ago
  • ·
  • [ - ]
Hughes and Thompson were both dropped in their example.
My bad, I misread the parents' names as their full names.
> What last name do your kids use?

In the country where he lives (Belgium), the parents get to decide which family name the kids get.

But I think you only get to decide for the first kid? All following kids will have the same family name. At least that's the rule in the Netherlands.
  • revax
  • ·
  • 10 hours ago
  • ·
  • [ - ]
While optional, it's very common in France.
Its from the days when women were property of their man.
  • B-Con
  • ·
  • 10 hours ago
  • ·
  • [ - ]
It hails from when family lines were important, and you can practically only have one line reflected in a name. Unsurprisingly, most societies considered the male's name to be the dominate lineage of interest, although that doesn't hold true 100% of the time.
> you can practically only have one line reflected in a name

Not true at all. You can trivially have two family names in a full legal name. In fact many cultures do exactly that to this day.

Also worth noting that the male's name being preferentially propagated makes a lot of sense in a society where the best off frequently inherited their vocation from their fathers.

Yahoo Mail had (has?) a feature that allowed you to set an alternative email address while keeping your original email address intact.

you could be first_last@yahoo.com but also have rando_waldo@yahoo.com or ymail.com receive emails in same mailbox. And you could choose the "From" address form a drop-down when sending outbound emails or replies.

Oh man, I hope they'll eventually also allow to use this to depart your account from Workspace into GMail. This would prove especially useful to GSuite Legacy people.
As someone who has been stuck with an email address I created when I was 13, this would certainly be a welcome change!
Yeah, I imagine this will help a lot of people who created retrospectively-cringey email addresses in their youth, but kept them over the years because of inertia

> After changing, Google details that your original email address will still receive emails at the same inbox as your new one and work for sign-in, and that none of your account access will change.

> people who created retrospectively-cringey email addresses in their youth, but kept them over the years because of inertia

I feel seen in threads like this one.

Boss move that I learned under great difficulty: a new temporary gmail alias for every jobsearch.
You can take this to an extreme (like I do) and use a different email address for every party with whom you communicate. It makes it rather obvious who leaked your email address, and also easy to shut them out (looking at you ActBlue!). It also leads to some amusing personal interactions. I once rebooked a cancelled flight on JetBlue at the ticket counter. When the agent saw my email she said “wow, you must really like JetBlue.” I just nodded but I was laughing inside because it’s definitely the opposite!
I do this as well, and occasionally people get confused and think I work for the company I'm interacting with (enterprise@myname.com is close enough to myname@enterprise.com, I guess.) I usually don't bother to correct them, in case it gets me better treatment :)
The problem is that's guessable. I add a nonce/salt/bit of random chars; enterprise_jeje38@example.com to compensate.
This is how iCloud's "Hide My Email" (suggested to you by Safari at online account creation or filling out any email field basically) works. And then it remembers those random chars for that domain. Also ensures the email delivers to you.
You're dealing with a different type of actor if that's necessary.
the problem is you don't know which actor you're going to be dealing with so you have to start off on that foot with everybody.
I do this too, though sometimes it leads to confusion.

FWIW, Firefox's Relay integrates into Bitwarden so you can generate emails on the fly when creating new accounts. Downside and upside is that I never know what my email address or password is.

The huge benefit is I can write down an email that'll work because I own @somedomain.mozmail.com and it'll always redirect. I do the same thing with cloudflare because I also own myrealname.com

But honestly I hate all this because the real problem is that email is a bottleneck and it is stickier than phone numbers. But my email is floating around on a bunch of lists because I've had it for years. Frankly, gmail is pretty bad about removing spam. There's a lot of spam I catch using simple filters from Thunderbird.

The extra benefit is that I'm planning on moving away from gmail and all these relays make it easier to redirect everything to a new location. So I still recommend it. You can shutdown addresses that are being abused or shared more easily but that's hard to do with your long term email address.

Aka iCloud "Hide My Email"
As a hiring manager, I just want to give you a heads up that we are getting tons of fake applicants—like 5–10%—that end up being a real person on a video chat isn’t some AI assistant that uses a teleprompter interface to tell them what to say.

Usually by that point you catch them, but your recruiter screen might not etc. So now all the main HR tools are using “age of email” as one possible signal to detect fraud.

I’m sure you’re fine if your email is real (in my experience they all resolve to Onvoy LLC instead of a real cell provider), but just something to watch out for. Wouldn’t want to get overlooked because your email is brand new.

(If you’re curious about motive as I was, since of course it’ll be obvious when you start—in a lot of cases it’s that procuring an offer letter helps you obtain a visa.)

How would you determine or estimate "age of email"? It isn't really public info. Does it imply that you are by now expected to be doxxed by data brokers to not be judged suspicious?

> I’m sure you’re fine if your email is real (in my experience they all resolve to Onvoy LLC instead of a real cell provider),

Email is expected to be resolving to "a real cell provider"? Wut?

> How would you determine or estimate "age of email"? It isn't really public info. Does it imply that you are by now expected to be doxxed by data brokers to not be judged suspicious?

There are services that let you do that. Imperfect ofc as they rely on data brokers like you said. You can thank all the spammers and carders for that

What does it mean for an email address to "resolve" to a cell company?
Stay tuned I have a pretty cool project I plan on launching very soon. It takes the email alias to the next level, using them as meta tags to actually allow users to trace the source of shady data exchanges. I'm working on the guide and I'm hoping to actually start a community effort here to hold companies accountable for responsible use of PII
I'm interested. How does it differ from using:

name+service@gmail.com or service@myowndomain.com

...to figure out where the spam originated?

> service@myowndomain.com

Just be aware that this may be very confusing to customer support agents: https://news.ycombinator.com/item?id=32475178

  • rsync
  • ·
  • 10 hours ago
  • ·
  • [ - ]
FWIW, I have been using the companyname@mydomain.com auto-alias for many years now and I've never had it challenged nor rejected by a human or a machine.
I’ve also been doing it for quite a few years, and I think I had it rejected by a machine once, and I had it questioned by a human once.

I’ve had way more problems from systems that think TLDs are two or three characters (which has never been true).

Everybody knows name+something@ maps to name@ so it’s trivial for bad actors to strip the plus part and just spam you directly, losing the per-correspondent distinction.
Which is covered by GP's second suggestion. I add short random password-like strings to these aliases to thwart spammers who might be trying obvious aliases, turning e.g paypal@example.com into paypal.nsi873g@example.com
I probably didn’t explain myself well.

On Gmail foo+bar@gmail.com is an “alias” for foo@gmail.com. So if you give someone foo+randomstring@gmail.com hoping that will help you map random string to that particular sender, you’re fucked - because anyone who sees foo+randomstring@gmail.com knows it’s an alias for foo@gmail.com, they can just email that directly and bypass your cleverness.

If you’re using a sane alias provider like you described, then it’s likely not an issue.

  • ·
  • 9 hours ago
  • ·
  • [ - ]
In the latter specifically it doesn't differ except for the specific methodology and what we do with the results.
Hm interesting, do you want to tell why this helps out a lot perhaps?
;) I was a by-invitation-beta in 2004, trust me. Even then spammers knew about the +1234 trick too. The earliest throwaway forwarders suffered from explosive growth and spam netblocks and their queue times varied greatly. The golden age of Viagra and recruiters selling prospect lists to randos. I retreated to gmail for the SPOP and because my original address was Tech Contact for 100+ domains from 1994-2000. Thousands a week. If I was smart I'd have used it as a honeypot to feed a spam blocking service.
Don't you get these spam mails either way ?

I have a separate email I only use to get government and public services (gas, electricity) stuff and it still receives a few hundreds of spam a week. At this point I kinda feel whitelisting the mail I want to read is the only sane option, so getting hundreds or thousands of spam mail makes little difference, while managing a portofolio of addresses is a chore.

It might be an iCloud+ feature only, but if you're on a Mac - you've already got the ability to generate virtual email addresses on the fly.

https://support.apple.com/en-us/105078

I love this feature and wish something like it would come to Gmail.

I can't rely on iCloud Mail anymore due to its overly aggressive silent spam filtering. Not great if you're trying to log into an account, and you can't receive the recovery emails for that account.

That's funny, as it's the same reason I moved off Gmail. Most egregious was a reply to my message ending up in spam, and the other party was someone also on Gmail
That's where the in:anywhere search is your friend. It searches all mail.
What I mean is, the mandatory spam filter was so braindead it sent a reply to my own message to spam, which is itself absurd, but even moreso because the other party was also using Gmail
You don’t have to use an iCloud account as a target for your real email address or even for your Apple account.
  • pram
  • ·
  • 12 hours ago
  • ·
  • [ - ]
iCloud Hide My Email is pretty good for this.
I switched to fastmail, it imported all my gmail mail quickly, and it gives me virtual emails.
myjobapplicationhasbeendenied-1582-timesalready@gmail.com will certainly end well.
I am sure I am not the only person to have a somewhat juvenile email that has become the center of their digital lives. I would be very happy to change my email.
  • aszen
  • ·
  • 12 hours ago
  • ·
  • [ - ]
Seems useful. But what I really want is a way to merge google accounts, over the course of history I created 3 of them and would really prefer just a single one
  • leobg
  • ·
  • 2 hours ago
  • ·
  • [ - ]
Why not just set up forwarding on 2 of them?
I don't understand why they don't allow different domains. "gmail.com" is running low on email addresses; if they added more domains, they'd be able to really scale up their email offering.
Branding and marketing. It makes it crystal clear how popular it is.

And gmail.com isn't "running low" on addresses, I don't even know what that means. Whatever TLD you'd prefer, just append it to your username instead. Exact same amount of uniqueness.

That would have been nice to have during transition. Creating a new account and updating 3rd parties was a huge pain and never got close to 100% completion.
I wonder if they’ll make it work like Outlook.com’s support for multiple email addresses on the same account which they made a fully first class feature.

Although I primarily use a Gmail for my personal email, I still have a Hotmail address from the 90s.

For at least 10 years now Outlook.com and Microsoft accounts have supported multiple aliases.

This has allowed me to keep my old cringey box name at Hotmail address, but also have a name.surname@outlook.com on the same account, which looks nicer for Microsoft services I use, like Windows login with OneDrive.

My gmail address is first.last@gmail.com. From time to time (and for years) I get someone else’s at firstlast@gmail.com. I thought that a Gmail account that was first.last@gmail also allowed for email sent to firstlast@gmail (no period) to reach my inbox as well.

I’ve received some sensitive/PII content over the years.

I’ve wondered if this person has access to any of my information?

Not necessarily related to this post, but wonder why and how this could happen.

No it isn't.. it's firstlast@gmail.com [Dots don't matter in gmail addresses](https://support.google.com/mail/answer/7436150)
No, I think what's happening is someone else is confused what their email address is. With Gmail, dots are not significant; any email address with dots is equivalent to the email address without any dots. (So you may have signed up as first.last@, but your email address under the hood is really firstlast. You can also send mail to your f.i.r.s.t.l.a.s.t@gmail.com, and it will be delivered to you.)

I expect that someone else with the same name as you occasionally (or all the time) forgets that their actual email address is flast@gmail.com or lastfirst@gmail.com or some other similar combo, and enters your email into signup forms. Or has friends who guessed their email address and got it wrong. Or something.

That other person doesn't have access to your information.

  • jibal
  • ·
  • 10 hours ago
  • ·
  • [ - ]
> I thought that a Gmail account that was first.last@gmail also allowed for email sent to firstlast@gmail (no period) to reach my inbox as well.

Yes, and you've received email that was addressed like that ... so what's your issue?

> I’ve wondered if this person has access to any of my information?

Yes, because "this person" is you.

  • ·
  • 10 hours ago
  • ·
  • [ - ]
Handy tip for software testing - Gmail ignores everything after a “+” in the address. So when you’re testing different accounts in your software you can use <youremail>+1@gmail.com, <youremail>+2@gmail.com, <youremail>+3@gmail.com etc. to create many different accounts in the software that all go to the same email address.
That's not just a Gmail feature. It's part of RFC 5233. See "Subaddressing."
Indeed, also works at outlook.com / hotmail and others.
> I’ve wondered if this person has access to any of my information?

No. They have just told someone your email address and that someone has sent you stuff. Anyone can do that, if they dream up your email address. People having the same name are a lot more likely to do that.

Happened to me as well. I was the first one of the 50 people or so carrying my name to register "first[.]last@gmail.com" back in 2004. At least two of my namesakes have since mistakenly used my email address. Some people just aren't very detail-oriented.

  • neilv
  • ·
  • 10 hours ago
  • ·
  • [ - ]
I bet this is it.

I have a first.lastname@gmail.com, and my namesake has firstmlastname@gmail.com (with middle initial, and I think they originally created the GMail username without periods).

So, I sometimes receive emails intended for him, by people who saw firstmlastname and think it's firstlastname.

Maybe around a hundred emails so far, over the years.

I've gotten good at telling at a glance that an email is for him, without reading it, and forwarding and deleting.

Fortunately, my namesake is a very accomplished good-guy, so I'm happy to help.

I still control my first name @gmail.com from very early on, but have never been able to put it to use because of the relentless torrent of misdelivered email.
I still own and use mylastname@gmail.com. Yeah I get a ton of misaddressed mail, even some from a relatively famous person with the same last name.
Maybe their email is lastfirst@gmail.com, and people occasionally misremember your address and send your correspondence to them. In that case, yes.

More likely their email address is firstlastnumber@gmail.com or firstlast@otherprovider.com though, in which cases the types of mistakes people make are likely asymmetric.

  • jibal
  • ·
  • 10 hours ago
  • ·
  • [ - ]
periods are ignored in gmail addresses so there's no difference between firstlast@gmail.com and first.last@gmail.com
  • ·
  • 8 hours ago
  • ·
  • [ - ]
Fun fact, if someone knows your email address and clicks “forgot my password” it sends a push notification to the Gmail and YouTube apps asking to confirm or deny the sign in request. They can click that hundreds or thousands of times per day. I know because it happened to me, so I moved all of my accounts off of the email and deleted my YouTube account. :) peace out Google. Thanks for tolerating a completely insane UI, and not allowing me to turn this setting off. I can’t imagine what it’s like for the elderly who have to navigate this completely enshitified landscape.
I really want unlimited aliases for signing up to sites and tracking who is leaking my data.
I sign up with a different email address on every website. (I have a catchall at my domain, rather than using plus-addressing.)

The results are more boring than you think. Almost no one leaks my address. A couple have been hacked, but almost all of those are widely known. (I did discover one early and help Troy Hunt validate a leak.) At least one Kickstarter campaign has shared my address, as has a local business. But that seems to be the extent of it.

I still do it, because I did manage to catch those things, and because it reduces cross-site correlation. But yeah, there's less skeevy behavior than you might think.

You can do something like email+site@gmail.com and it'll be delivered to email@gmail.com with the site in the To field
mailbox.org hooked up to Thunderbird allows you to do so using custom domains. You can send and receive email as any string @ your domain.
I find that just about everybody is leaking my data. Either on purpose or accidentally. But at the end of the day I do want to order those online exotic vegetables and have very little choice of sites to do it in my country. At this point I don't care anymore. Maybe I should but in a sense it's too late. It's been decades of leaked information, I'm certain the advertising companies know me better than my friends. And still royally fail at selling me stuff. They likely use this info for more nefarious things.

I hate that 90% of the effort on the internet is about stealing information from users and serving invasive ads.

I’m tempted to change from peter.clark@ to something more obscure; i get SO MANY emails directed at other Peter Clark’s, it’s bizarre and makes my inbox unusable.
Huh. I have come to find the information about other tclancys across the world an interesting insight. Plus there was the time I was mistakenly sent a resume to review for a guy applying to become bank president; he didn't get the gig, but it wasn't because of the three or four paragraphs I sent him on spiffing up the thing.
I once got an email — addressed to some other pclark@ — which was simply a photo of a duck and the message “what duck is this?” I was so disappointed that he never thanked me for replying accurately and expeditiously.
What's stopping you?
Could this be a sign that Google is starting to think again?

For an organisation that often does deeply intelligent things, they spend such a lot of time treating their users unnecessarily poorly because obvious implications seem not to occur to them.

I think they know about them they just don’t care enough to spend money on fixing them. They are still primarily an ad company today and their users are still primarily the product not customers.
There’s a class action suit about g suite free accounts that eventually become not free.

Wonder if this will be used for that at some point

It definitely sounds like it would make an easy way out for them.
Wow this is massive, but will come down to whether you switch to another existing address you have. That is you have example1@gmail.com and example2@gmail.com. The first one has all your decades of data and second is name you've reserved etc. With handles you can release one and use on another account so hopefully option to do the same. Or if they could just update their account migration to support migrating all historic data that would accomplish the same.
One of my email addresses is {MyNameKP}@gmail.com. “KP” were just random letters I picked years ago and they don’t mean anything. I also own {MyName}@hotmail.com. Someone once asked why I don’t use {MyName}@gmail.com, so I went home to try to sign up for it, but Gmail said the address already exists. I figured someone else had it and might sell, so I emailed them. Gmail auto-replied that the address doesn’t exist. Why can’t I register an address that isn’t there? Who knows ¯\_(ツ)_/¯
Aren't email addresses reserved once you delete an account? Maybe that's what happened?
It's incredible that in 2025, Google has sprung for "basic competency" after operating a bad email service for 24 years.

In my case, many years ago I changed my last name. (Turns out a lot of women also do this when they do things like... get married. But also for a progressive company everyone's purchases being permanently locked to their deadname seems... bad.) But all of my Android apps, my entire digital life at the time, was permanently locked to my old name. I had another account I created as a mail forwarder but if people sent an invite to it for a Google thing it wouldn't connect to my real account, and obviously there was an added security risk of someone stealing my forwarding account.

I remember talking to Yonatan Zunger about this problem during the Google+ era and it seemed to be renaming an account wasn't something the company was capable of.

an here I am still grinding on a mid-90s iname.com handle
Hah, I had one of those. I paid $50 for a "lifetime email service" that later they wanted me to pay monthly for, so I had to bid goodbye to my null.net address
Terrible idea. Will lead to nothing but chaos
  • xchip
  • ·
  • 11 hours ago
  • ·
  • [ - ]
gmail sucks, I'm getting 2-3 spam emails a day, am I the only one?
I have almost zero spam (that isn't filtered properly). Once in a while I catch a false positive in the spam folder but that's about it.
If you only get 2-3 you are lucky :)
I wouldn't know, I don't look at my spam folder.
  • gkbrk
  • ·
  • 2 hours ago
  • ·
  • [ - ]
Gmail spam filtering is poor enough that a lot of obvious spam reaches the inbox as well. The quality of the spam filter alone is a good enough reason to move off gmail.
Maybe 10 annually.
  • EGreg
  • ·
  • 12 hours ago
  • ·
  • [ - ]
I never really had this issue because I used Google Suite with a domain. (That’s what it was called back then.)

So I can have email aliases under that domain, and even choose the alias for outgoing email.

However! This creates an extra security hole. Once I was SIM-swapped (when the attacker calls up a phone company and convinces them to redirect sms to their SIM). I had used it as a second factor at GoDaddy and had to act fast. GoDaddy had already allowed the attacker to authenticate with the sms (dumb!) and port the domain name. I realized what was happening only because the attacker sent “test” emails to my email at the domain. Had they not done that, I might have been none the wiser. I called GoDaddy and got them to cancel it, thankfully. Otherwise they’d have reset passwords armed with email AND phone number.

Since then I use the non-SMS SECOND FACTOR on most services, as NIST had been recommending for a decade now.

I personally recommend using a username+alias@gmail.com which gmail and others support, with a different but easy-to-remember alias per site, so social attackers can’t even correctly say your email to the dude on the phone.

Michael Terpin, a guy I know, got $27 million dollars in crypto stolen a decade ago by a SIM Swapper and sued AT&T for it. Not sure if he won… he moved to Puerto Rico to avoid taxes and brought Brock Pierce and other crypto bros with him LOL.