• The forum software that supports hummy.tv has been upgraded to XenForo 2.3!

    Please bear with us as we continue to tweak things, and feel free to post any questions, issues or suggestions in the upgrade thread.

Gmail

  • Thread starter Thread starter Deleted member 473
  • Start date Start date
D

Deleted member 473

Did you know that gmail ignores dots inside the custom part of your email address but many sites don't? It helped me once reregister with an awkward site by inserting a dot. Also gives you another free way get more email addresses to use without really changing your email.

Another useless fact!
 
Yes I did know, and that has somehow allowed other people to use my email address to register with eBay and elsewhere (I don't know how, I presume the sites are not verifying properly). I had a bill from Uber for a journey taken in Poland (or similar) on a variation of my GMail address, and they wouldn't converse with me because my "From" address didn't exactly match the address they had on record for the account.

I pointed out I had never been to Poland and could prove it, and the matter seemed to drop.
 
Bummer. I had wondered if there were security issues but most sites send a confirmatory email these days.

I wonder if it is only gmail that treats email addresses like this? I feel as though there was more that gmail did to equivalence emails, too.
 
Mike2 said:
I had wondered if there were security issues but most sites send a confirmatory email these days.
Click to expand...
I don't understand what the exploit is, and possibly the loophole has been closed now, but I have also had false identity incidents from eBay and another. My Gmail address is only a backup - I have a completely different email address for my general communications.

Mike2 said:
I wonder if it is only gmail that treats email addresses like this?
Click to expand...
I doubt it. The curious thing is that Gmail itself doesn't (or didn't) check when trying to set up an address with them whether the requested string was equivalent to an existing account.
 
I'm not sure I understand the original exploit.
I use GMX mail with an address like: firstname.lastname@gmx.co.uk. I also have registered another name to that email anothername.lastname@gmx.co.uk. Both addresses arrive at my mailbox. If I try firstname.lastname.2@gmx.co.uk I get an error message about mailbox unavailable.
Not sure whether that answers Mike2's question about other email providers.
 
The point is that in the Gmail system, emails addressed to firstname.lastname@gmx.co.uk, firstnamelastname@gmx.co.uk, or even f.i.r.s.t.n.a.m.e.l.a.s.t.n.a.m.e@gmx.co.uk are seen as equivalent and end up in the same inbox, but outside Gmail they are seen as unique addresses and therefore do not sound any alarms.
 
Last edited:
Black Hole said:
The point is that in the Gmail system, emails addressed to firstname.lastname@gmx.co.uk, firstname.lastname@gmx.co.uk, or even f.i.r.s.t.n.a.m.e.l.a.s.t.n.a.m.e@gmx.co.uk are seen as equivalent and end up in the same inbox, but outside Gmail they are seen as unique addresses and therefore do not sound any alarms.
Click to expand...
I'm struggling to find a difference in your first two Email address examples
 
I'm sorry, I'm being really thick here, but I don't understand.
Is the problem:
  1. A person from a non-GMail account can email a GMail user validuser@gmail.com, valid.user@gmail.com and va.lid.u.ser@gmail.com and they all get through to validuser, or
  2. A person from a GMail account can email a non-GMail user as in BH's post at #7?
I would have expected the answer to be (1) but BH's explanation suggests (2) - and I can't see how that could work.
 
EEPhil said:
I'm sorry, I'm being really thick here, but I don't understand.
Is the problem:
  1. A person from a non-GMail account can email a GMail user validuser@gmail.com, valid.user@gmail.com and va.lid.u.ser@gmail.com and they all get through to validuser, or
  2. A person from a GMail account can email a non-GMail user as in BH's post at #7?
I would have expected the answer to be (1) but BH's explanation suggests (2) - and I can't see how that could work.
Click to expand...
1 G.mail ignores the " . " and see's them all as the same address but elsewhere they would all be classed as different addresses because of the addition or lack of . Mailing from that account would only show one address.
 
Last edited:
Let me try again:

Suppose I "own" black.hole@gmail.com. Obviously I will receive emails addressed to black.hole@gmail.com, and all my outgoing mail will have black.hole@gmail.com in the "From" field, but I will also receive any emails addressed to any email address with any combination of dots (or none) inserted into the string "blackhole", appended by "@gmail.com". Gmail regards them as equivalent.

eg: blackhole@gmail.com; black..hole@gmail.com; b.l.a.c.k.h.o.l.e@gmail.com

I don't know whether this also applies to @googlemail.com, I presume it does.

Now suppose I have an eBay account linked to black.hole@gmail.com. Somebody else (or me) could register another, different, eBay account to black.ho.le@gmail.com, and eBay would see that as a separate email address and accept it, but I would receive the email traffic resulting.

Generally, situations like that are now more tightly controlled, and a confirmation email is sent to the target address to ensure the applicant has control of that email address, but it used to be common that there was no check - particularly if an existing user changed the address in their user profile rather than setting up a new account, and there could still be a lot of less-sophisticated websites that are not carrying out those tests.

There was an instance when I was assured it was a genuine mistake, but I find that difficult to believe unless black.hole is only one letter different from another bona fide address. The obvious reason is fraud - like Uber, obtaining goods or services with the bill going to somebody else. It can then be difficult to resolve, first to convince the supplier you are the injured party (because your email address is similar but not identical to the registered address) and then that you are not the account holder and not liable.
 
You must log in or register to reply here.
Back
Top