Snagging a simple account name can turn
from blessing to curse: Gmail's "invisible dot" could cause other
people's personal messages to land in your inbox.
Gmail's addressing scheme has created a new, potentially dangerous twist on the old telephone party line. Not only could some people with common names receive the personal messages of like-named strangers, but a Gmail alias of their account name could be used to sign them up for an unsavory service.
Since establishing the "doreilly@gmail.com" account in April 2004, I have received hundreds of e-mails intended for other "D. O'Reilly"s. The misdirected messages include receipts for computers, vacation rentals, and various services, complete with addresses, telephone numbers, and other personal information.
My January 2010 post "Gmail delivery errors divulge confidential information" summarizes Google's explanation for the errant e-mails, which boils down to "human error."
The problem took a more serious turn recently when the "d.oreilly@gmail.com" alias of the address was used to create an account on a hook-up site, and I don't mean trailers (necessarily). As shown in the screen above, the message indicates that Google considers it: "Important mainly because it was sent directly to you."
Because Gmail doesn't recognize dots and capitalization in its addresses, people often use an account name they believe is unique but is actually shared. Someone likely used "d.oreilly@gmail.com" to sign up for a service without realizing (or without caring) that confirmation messages and other mail sent to that address would go to the "doreilly@gmail.com" inbox.
I forwarded four examples of the misdelivered messages to a Google press representative. I was assured that no one else had gained access to my Gmail account, and that the names of other people appeared next to the address because the sender retrieved the address from their contact list, which included the name of the person who provided the sender with the "d.oreilly@gmail.com" address.
Google insists the solution to misaddressed messages such as this is public education to let people know dots and capitalization in address names are not recognized. However, other e-mail systems distinguish addresses with dots from the same characters without dots. A Google representative suggests the best way to prevent receiving other people's private mail is to avoid signing up for a generic Gmail account name such as mine.
The account has tremendous value as an e-mail archive, but its generic name has rendered it a security risk. I now forward the address's incoming messages to an ISP e-mail account and use the ISP address to reply or send new messages, as I explained in last week's post, "Deter phishing attacks by consolidating your contacts."
Gmail's addressing scheme has created a new, potentially dangerous twist on the old telephone party line. Not only could some people with common names receive the personal messages of like-named strangers, but a Gmail alias of their account name could be used to sign them up for an unsavory service.
Since establishing the "doreilly@gmail.com" account in April 2004, I have received hundreds of e-mails intended for other "D. O'Reilly"s. The misdirected messages include receipts for computers, vacation rentals, and various services, complete with addresses, telephone numbers, and other personal information.
My January 2010 post "Gmail delivery errors divulge confidential information" summarizes Google's explanation for the errant e-mails, which boils down to "human error."
The problem took a more serious turn recently when the "d.oreilly@gmail.com" alias of the address was used to create an account on a hook-up site, and I don't mean trailers (necessarily). As shown in the screen above, the message indicates that Google considers it: "Important mainly because it was sent directly to you."
Because Gmail doesn't recognize dots and capitalization in its addresses, people often use an account name they believe is unique but is actually shared. Someone likely used "d.oreilly@gmail.com" to sign up for a service without realizing (or without caring) that confirmation messages and other mail sent to that address would go to the "doreilly@gmail.com" inbox.
I forwarded four examples of the misdelivered messages to a Google press representative. I was assured that no one else had gained access to my Gmail account, and that the names of other people appeared next to the address because the sender retrieved the address from their contact list, which included the name of the person who provided the sender with the "d.oreilly@gmail.com" address.
Google insists the solution to misaddressed messages such as this is public education to let people know dots and capitalization in address names are not recognized. However, other e-mail systems distinguish addresses with dots from the same characters without dots. A Google representative suggests the best way to prevent receiving other people's private mail is to avoid signing up for a generic Gmail account name such as mine.
The account has tremendous value as an e-mail archive, but its generic name has rendered it a security risk. I now forward the address's incoming messages to an ISP e-mail account and use the ISP address to reply or send new messages, as I explained in last week's post, "Deter phishing attacks by consolidating your contacts."
No comments:
Post a Comment