Having a firstnamelastname address will subject you to a truly baffling level of false accounts and misaddressed email. The worst was probably the time I got emailed an excel sheet containing the names, personal details, and logins for an entire layer of middle managers for a small banking chain.
> Having a firstnamelastname address will subject you to a truly baffling level of false accounts and misaddressed email
First initial and last name it even worse. John, Jonathan, Julie, Jacob, James,and more all start with "J." I've gotten rental agreements, investment reports, appearance contracts, song demos, family pictures (not my family), and more.
At my second job, there was quite a commotion in the office one week, when my boss started receiving a steady stream of random people's CVs. It turned us a moment to figure out what's going on - turns out, there was an ad for seasonal fruit-picking work, which listed [lastname].[firstname]@gmail as the contact address; my boss had a [firstname][lastname]@gmail address, and a subset of wannabe fruit pickers were reversing address components for some reason (with the dot conveniently being an ignored character in GMail).
Don't remind me. I spent forever trying to figure out why I was still being charged for an Xbox account I'd already canceled. Turns out Microsoft had one account with the dot and one without.
> Having a firstnamelastname address will subject you to a truly baffling level of false accounts and misaddressed email
You're so right.
This is a big reason I'm looking forward to Apple's iCloud+ custom domain names. Outlook.com already supports custom domain names for paying customers in a very limited way, but hopefully Apple's move will light a fire under Gmail product management to offer this, perhaps through Google One.
Google's support for custom domains is strictly for Workspace (formerly GSuite) customers. It's analogous to Microsoft 365 business plans[1].
Other providers are moving beyond this, i.e. offering custom domains to a wider set of (paying) users. Outlook.com already supports this in a limited way (domain must be with GoDaddy, kind of silly), for Microsoft 365 Family and Individual users. And Apple is apparently going to offer it to everyone as part of iCloud+ too.
Not everyone needs the full Workspace offering. In fact Google has Google One for exactly that kind of customer, and a custom domain name would fit neatly into the Google One proposition.
I received a 1500€ quote for urinals and "bio boxes" (?) in Belgium just yesterday. Two weeks ago I received a boarding pass for the next day for a Spanish island. I think the worst is that since I share the same name, I imagine I could have used the boarding pass.
I seem to share a name with a beef farmer in Australia. I get regular emails about prime Aberdeen Angus sperm I can buy, and once I even got sent details of his farm financing with an Australian bank.
Apparently Virgin Mobile doesn't verify email addresses nor does it let you reset your password by email. I assume they send you a text or something. So I've been getting billing notifications and other garbage for someone else's account for years.
My email address is temporal at gmail.com. "Temporal" was my teenage gamer tag. It also turns out to mean "temporary" in Spanish. Ever since the Spanish-speaking world started using gmail, people have been signing up for stuff with my e-mail address every single day. Any new service I want to register an account with, I first have to hijack the existing account holding my address and delete it or change the email address.
But it gets worse!
Someone working at AT&T Mexico apparently decided to start entering my address as a placeholder when signing up customers that didn't have one. So I started getting phone bills -- with complete call histories -- for people all over Mexico. After several unsuccessful attempts to contact AT&T, I set up a filter to delete them.
Once a Spanish telecom did even worse, and populated seemingly their entire database with my address, so I'd get hundreds of phone bills all at once on the first of the month. I think they fixed it after two billing cycles.
Once a school in Chile made me an admin of their paid Zoom organization. I was actually unable to remove myself from their org or change the account's address, meaning I basically couldn't use Zoom until they removed me. (I'm unsure whether the school fixed it or Zoom fixed it after I made an angry tweet that went viral; whoever fixed it never bothered to follow up with me.)
If you run a web service, PLEASE VERIFY ALL EMAIL ADDRESSES.
PS. Just now as I write this, someone in Spain scheduled an appointment for car service using my address. The e-mail contained a link to cancel the service, which I clicked. Oops.
I got a common Hispanic name a my address is (nane first letter)surname at Gmail
I receive a lot of information from many people from Patagonia to Toronto, and there are systems that I CANNOT BELIEVE what they send without confirming the account.
Worst offender, by far, is Chilean companies. Total disregard of privacy practices. Almost none from Spain (GPDR effects I guess)
> (I'm unsure whether the school fixed it or Zoom fixed it after I made an angry tweet that went viral; whoever fixed it never bothered to follow up with me.)
If it was someone at Zoom: getting past the company's lawyers and PR people might have been too much of a barrier to bother.
It can be an attack vector, to scan for placeholder addresses and register them and start receiving email with valuable information. For example something like navy-recruiting@donotreply.com.
Not exactly the same, but some time ago some woman from Texas changed her email on Netflix to mine, seemingly without confirmation.
My email address has a very particular custom domain that can't be explained with a typo, and I don't know anyone in Texas. Very weird. Netflix support was like, whatever, why do you care?
A few years ago my dad got an email saying he'd bought something on Amazon, using an account none of us had created. Turned out someone used his email address to make a purchase. We reset the password and logged in. It looked like a legit purchase and seemed plausible, based on the person's name (we saw the shipping location), that it could have been a mistake.
I doubt it. What if it's a typo? There are at least 3 people who I get emails (and bank statements) for in my first.last@gmail.com address, and from what I can tell it's because they dropped the middle initial when signing up or the person mailing them did it manually and messed it up.
And because Gmail treats that dot differently else I have some interesting cases like where I have 2 Instagram accounts under my email, one with it and one without, and it's not always clear which one the email is for until I expand the details. I have been tempted to log in and shut these down, but I'm pretty sure that is illegal. However some sites require me to log in to unsubscribe or contact support so into the spam they go.
> tempted to log in and shut these down, but I'm pretty sure that is illegal
Ehh. Intent matters a lot. I'm not saying someone couldn't go after you, but as long as you weren't actively trying to make off with their data or impersonate them I think you'd be in the clear.
Imagine you got such an email and were confused. So you went to log in but couldn't. So you reset the password in confusion. That's not illegal, it's a very reasonable response to being notified of an account that you don't remember creating. If contacting the service provider fails, closing the account would seem to be the only remaining reasonable course of action. It's not your fault the service provider doesn't verify things.
I highly highly recommend against doing this!!!! By doing a password recovery you are on the hook for any illegitimate content that the person might have uploaded/shared and might get you in real legal trouble. Instead I recommend filing a complaint without claiming the account.
No, you aren't. Certainly someone might try to claim that it had been you. Worst case I suppose you could actually end up in court but that's true for pretty much any accusation.
I doubt it would be an issue in practice though. Far more likely is that you might inadvertently get caught up in a ban from the service due to the illicit content being linked to the account you recovered which would now be linked back to your metadata (IP address & etc) since you recovered it which would in turn link to your regular account.
It's amazing the number of systems which don't verify email before giving out an account.
I've taken control of:
Disney
DropBox
Redbox
...