I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.

I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown

> seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.

I had the same problem with GitHub's backup codes not working: https://news.ycombinator.com/item?id=35735996

I had this issue with my alternative account. Despite my main account being associated (not by recovery, I think this predates that feature), and most messages being forwaded to my main I was never able to successfully recover the credentials.

Gmail is a throwaway email. I lost my SIM and hence can't log in anymore.

Never ever rely on Gmail.

Whoa, I noticed something similar. I was updating my password or something a few years back and decided to test the backup codes too. They didn't work. I don't know what went wrong but that got me worried a bit.

> I will never use their services again, I was really digusted by this failure

Isn’t this inherent to not choosing an (EDIT: external) account-recovery method?

The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)

This is exactly what happened to me on Dropbox, where even the backup codes did not work.

Back up your seeds! Aegis for Android lets you do encrypted exports.

Yikes. This post is an unsettling reminder that gmail is a single point of failure in my personal and financial security.

You think that sucks, my childhood angelfire is gone.

I'm paranoid and print off my TOTP key for each account I make that might matter in any way.

Save a picture of the TOTP QR code and print it out.

> I will never use their services again, I was really digusted by this failure.

Without such measure anyone with your password could "reset" your 2FA.

The solution to "I may lose my 2FA" is not to make GMail a 1FA: it is to configure beforehand your GMail so that if your account is inactive for 6 months, access to your account is given to a person of your choice. It's so that a death spouse (for example) can eventually access the account.

in my experience, in/out porting with google is super quick and works great. It costs $20.00 IIRC. I port my primary phone number around to avoid unlawful surveillance, handy tool in the bag.

I have a first.last email, but it's created quite the interesting situation. Turns out some dude in Australia has the same first+last name as me, and he's been using firstlast@gmail.com. As far as I can find from Google's documentation, the email with no dots should be the primary and the one with dots an alias, but I'm guessing because I registered mine ages ago (back in 2006) it takes precedence. I have no idea how he hasn't noticed that his gmail emails are going to another inbox - maybe Google delivers them to us both or something? Regardless, I've gotten very personal emails (like from his therapist) and tried to reach out explaining the situation and asked these parties to let him know he needs to stop using that email, but to no avail.

Honestly the one who is at fault here is Google. If first.last and firstlast are treated as aliases, they straight up should not allow people to create them once the first exists, rather than just send emails to someone else. I've tried to respect my Australian brother's privacy (like not reading his therapist's emails and such), but not everyone is gonna do that.

A bit off topic, but changing your name when getting married is so strange to me. It is not at all common where I live (Belgium), in fact I don't think I personally know a single person who did.

Yeah, I imagine this will help a lot of people who created retrospectively-cringey email addresses in their youth, but kept them over the years because of inertia

> After changing, Google details that your original email address will still receive emails at the same inbox as your new one and work for sign-in, and that none of your account access will change.

You can take this to an extreme (like I do) and use a different email address for every party with whom you communicate. It makes it rather obvious who leaked your email address, and also easy to shut them out (looking at you ActBlue!). It also leads to some amusing personal interactions. I once rebooked a cancelled flight on JetBlue at the ticket counter. When the agent saw my email she said “wow, you must really like JetBlue.” I just nodded but I was laughing inside because it’s definitely the opposite!

As a hiring manager, I just want to give you a heads up that we are getting tons of fake applicants—like 5–10%—that end up being a real person on a video chat isn’t some AI assistant that uses a teleprompter interface to tell them what to say.

Usually by that point you catch them, but your recruiter screen might not etc. So now all the main HR tools are using “age of email” as one possible signal to detect fraud.

I’m sure you’re fine if your email is real (in my experience they all resolve to Onvoy LLC instead of a real cell provider), but just something to watch out for. Wouldn’t want to get overlooked because your email is brand new.

(If you’re curious about motive as I was, since of course it’ll be obvious when you start—in a lot of cases it’s that procuring an offer letter helps you obtain a visa.)

Stay tuned I have a pretty cool project I plan on launching very soon. It takes the email alias to the next level, using them as meta tags to actually allow users to trace the source of shady data exchanges. I'm working on the guide and I'm hoping to actually start a community effort here to hold companies accountable for responsible use of PII

Hm interesting, do you want to tell why this helps out a lot perhaps?

It might be an iCloud+ feature only, but if you're on a Mac - you've already got the ability to generate virtual email addresses on the fly.

https://support.apple.com/en-us/105078

iCloud Hide My Email is pretty good for this.

I switched to fastmail, it imported all my gmail mail quickly, and it gives me virtual emails.

myjobapplicationhasbeendenied-1582-timesalready@gmail.com will certainly end well.

Branding and marketing. It makes it crystal clear how popular it is.

And gmail.com isn't "running low" on addresses, I don't even know what that means. Whatever TLD you'd prefer, just append it to your username instead. Exact same amount of uniqueness.

No it isn't.. it's firstlast@gmail.com [Dots don't matter in gmail addresses](https://support.google.com/mail/answer/7436150)

No, I think what's happening is someone else is confused what their email address is. With Gmail, dots are not significant; any email address with dots is equivalent to the email address without any dots. (So you may have signed up as first.last@, but your email address under the hood is really firstlast. You can also send mail to your f.i.r.s.t.l.a.s.t@gmail.com, and it will be delivered to you.)

I expect that someone else with the same name as you occasionally (or all the time) forgets that their actual email address is flast@gmail.com or lastfirst@gmail.com or some other similar combo, and enters your email into signup forms. Or has friends who guessed their email address and got it wrong. Or something.

That other person doesn't have access to your information.

> I thought that a Gmail account that was first.last@gmail also allowed for email sent to firstlast@gmail (no period) to reach my inbox as well.

Yes, and you've received email that was addressed like that ... so what's your issue?

> I’ve wondered if this person has access to any of my information?

Yes, because "this person" is you.

Handy tip for software testing - Gmail ignores everything after a “+” in the address. So when you’re testing different accounts in your software you can use <youremail>+1@gmail.com, <youremail>+2@gmail.com, <youremail>+3@gmail.com etc. to create many different accounts in the software that all go to the same email address.

> I’ve wondered if this person has access to any of my information?

No. They have just told someone your email address and that someone has sent you stuff. Anyone can do that, if they dream up your email address. People having the same name are a lot more likely to do that.

Happened to me as well. I was the first one of the 50 people or so carrying my name to register "first[.]last@gmail.com" back in 2004. At least two of my namesakes have since mistakenly used my email address. Some people just aren't very detail-oriented.

Huh. I have come to find the information about other tclancys across the world an interesting insight. Plus there was the time I was mistakenly sent a resume to review for a guy applying to become bank president; he didn't get the gig, but it wasn't because of the three or four paragraphs I sent him on spiffing up the thing.

What's stopping you?

I sign up with a different email address on every website. (I have a catchall at my domain, rather than using plus-addressing.)

The results are more boring than you think. Almost no one leaks my address. A couple have been hacked, but almost all of those are widely known. (I did discover one early and help Troy Hunt validate a leak.) At least one Kickstarter campaign has shared my address, as has a local business. But that seems to be the extent of it.

I still do it, because I did manage to catch those things, and because it reduces cross-site correlation. But yeah, there's less skeevy behavior than you might think.

mailbox.org hooked up to Thunderbird allows you to do so using custom domains. You can send and receive email as any string @ your domain.

You can do something like email+site@gmail.com and it'll be delivered to email@gmail.com with the site in the To field

I think they know about them they just don’t care enough to spend money on fixing them. They are still primarily an ad company today and their users are still primarily the product not customers.

Aren't email addresses reserved once you delete an account? Maybe that's what happened?

Hah, I had one of those. I paid $50 for a "lifetime email service" that later they wanted me to pay monthly for, so I had to bid goodbye to my null.net address

If you only get 2-3 you are lucky :)

Maybe 10 annually.

I wouldn't know, I don't look at my spam folder.