Netflix doesn't verify email address. Thanks to the person in Mexico that signed up and paid for Netflix with my email address :-)
Many companies have no mechanism to deal with a common problem: when users open accounts using someone else's email address, either by accident or design. "I have had a barrage of account creation requests that will fail ... also a large number of invoices, warranty emails and so on for purchases, from furniture to electronics …
I should be so lucky! There are a number of people around the world who either use my email address to sign up for stuff, or who wants to steal my address (I have had my address since GMail was still by invitation only and I am not interested in relinquishing it).
I return appropriate messages when it was clearly sent in error (e.g. if I were Jay Citizen and my address jaycitizen, but the other person's address was jcitizen or jeycitizen).
What I do not understand, though, is when you want to sign up for a service where you will have to verify you e-mail address, why would you use an address that does not belong to you?
I have received Airbnb reservations, hire car reservations, ailrline reservations and on and on, that the person who booked need to respond to. Ditto for pizza and other items of food ordered for delivery (and not even in the same continent, let alone the same country or city).
Recently someone registered on a number of dating sites, using my address. I receive multiple responses on a daily basis from (desperate/horny?) girls, which all go unresponded to. The poor guy must by now have a severe inferiority complex, since it would seem to him as if even on-line girls do not want to go out with him. My heart bleeds.
It is most annoying.
Anon for obvious reasons, but if I could I would have selected the Paris icon, for all the heavenly promises I keep receiving from these girls (well, I assume they are, given that all the names are (Western/English) female names, like Sarah, Linda, Lilly, et cetera). Some of them are also eye-wateringly frank and forthright about said delights that await me, all in countries and continents far away, alas...
(Just joking, I am far too old to indulge in such irresponsible activities, even if I were not already happily involved).
"What I do not understand, though, is when you want to sign up for a service where you will have to verify you e-mail address, why would you use an address that does not belong to you?"
Fat fingers? They typed it in wrong and the activation e-mail went off to the misspelled e-mail account. Which you will never see. The account owner just said "Oh bother!" and deleted it without sending a 'negative acknowledge' message back to the service (if this option even exists).
Many sign up pages do not have a second 'verify address' field which might catch some of these.
You all would be talking about Copy+Paste, this leaving the first field in touched.
however even that is an issue as there are plenty of web designers out there that code the fields so that you have to manually enter the information again to match you it doesn't allow you to copy paste or cut and paste, and it's definitely an easy enough thing to do.
I recently came across a form that forcibly PREVENTED pasting anything. Bizarrely enough, the "I forgot my password" form was quite happy to let me paste that same email address (you know, in order to, oh, say, make sure it was really the address I actually signed up to that site with...) and let me reset the password on a rarely-used account.
Sure adding +whateverthefuk is simple enough to do but in practice if you don't remember to go into Gmail and add send as with that plus in there you might find yourself screwed when a company is telling you they can't verify you because your email address on file doesn't match what you're sending your documents from.
So make sure you do that if you're using the plus and also there are some websites that don't allow the use of plus or dash in an email extensions, yeah you're stupid and it is done deliberately because the default is to allow the dash and the plus in an email extension string but there are those who believe it's a security risk and they're even some who erroneous believe that spammers often use the dash or the plus in email names which is, of course comical and absolutely not true.
as a matter of fact that belief doesn't make any sense at all when you just think it logically through you'll know that that's kind of not what spammers do and it certainly not what fishers do.
I have never done address verification (directly) but if I were to do it I would:
* have user enter email address (phone, XMPP, etc.)
* send verification link
* verification page requests a PIN which is only obtainable by logging into the service
* no further messages get sent (except new verification links) until link has been verified
* the subscribed service may otherwise work for the user if the email address / contact info is not critical
* when the verification link is visited, the PIN must be entered, otherwise the account becomes inaccessible, even if it were accessible until that point.
So it is effectively a one-off 2FA with the factors reversed. The novelty is in the third step, which catches misdirected emails where the recipient followed the link anyway. Because he doesn't know the corresponding username / password, he cannot unwittingly validate the account (which could be indeed a mistake or just as well, the first step of a scamming attempt).
"What I do not understand, though, is when you want to sign up for a service where you will have to verify you e-mail address, why would you use an address that does not belong to you?"
Woman in Florida using her husband's email addy that is 1 letter different from mine. 30-50 times. I called a gynocologist office in Florida to inform them that they broke HIPAA laws, and please inform their patient to get her own email addy as I was tied of receiving emails from various Cadillac dealers she was test driving at, house development realtors, etc. Clearly she's dreaming of big money while her son is still in prison and husband not long out in the free world.
I was on the other side of this - signup to a service was only possible via phone and the agent misspelt my email address.
Thus all account notifications go to the wrong address, it cannot be changed without verification, which cannot be done without access to the email address or snail mail.
Now if they had misspelt both addresses but got the billing info right? :D
""[...] and the agent misspelt my email address."
Over the decades both my Demon domain names gave occasions of verbal transcription errors. When Namesco forced the recent change I pondered a long time - and tested various possible new ones on people verbally. Nice and short - and no one has managed to get it wrong yet.
Not that it is totally fat-finger proof.
@AC - "Thanks to the person in Mexico that signed up and paid for Netflix with my email address :-)"
You lucky s*d! All I get from Netflix is that they're going to cancel my (non-existent) account unless I pay immediately, sent from their well-known firstname.lastname@example.org address.
As somebody (occasionally) in tech support you get to see both sides of this coin. If I need to speak to somebody, I REALLY need to speak to them to sort the problem out. I've already exhausted all the `autofix` options. Conversely, almost everyone who calls me could have solved the problem with a bit of googling or looking at the help pages or even, God forbid, a bit of elementary knowledge. It's these people that make companies hide their telephone support at the end of a very long and convoluted maze. Otherwise people wouldn't even look at all the self-help ideas, they would just pick up the phone...
Early on in all the fun and games I had occasion to call Comcast tech support. While we were waiting for the set top box to reboot for the nth time, idle conversation revealed that all their tech support people were working from home as much as possible, presumably if they all had Comcast lines themselves then the company was presumably able to plumb in the corporate phone system out to individuals and let them sit at computers at home and talk to customers. So tech support, especially at this point, should be relatively easy for most companies if only they made an effort.
In South Africa just about everyone I phoned - at least in the first 5-6 months after lockdown started - was working from home. The barking dogs and wailing children in the background (sometimes foreground) kinda gave it away. We had a 3-day notice period from 26th - 29th March during which every notebook PC at every distributor I deal with was snapped up by the bigger corporates for use by their staff not deemed 'essential workers'. Some people made a l-o-o-o-o-o-t of money.
This post has been deleted by a moderator
I had that about six years back and then again just recently. In the first case someone misspelled their own email address. A single character omission meant that all mail relating to their Next online account was coming to my domain. I tried to notify Next that the mail was not being delivered. And all I could get was autoreplies that they are not authorised (DPA) to talk to me about someone's personal details. They were particularly obtuse and refused to recognise that if mail is sent to my domain then it's my mail. I solved that problem in the end by configuring my mail server to auto-forward all of the mail for that account to their CEO, CFO and postmaster, adding a note to each email to tell them why they are f*cking idiots. It took a year before they did something, during which time I accumulated many demands for payment, threats of court and bailiff action etc. Presumably their poor customer never received a request for payment. They has interesting tastes in wellingtons and big knickers.
The second time was weirder still. I started to get lots of mail to my .eu and .it domains. All of it about the funeral trade, adverts for coffins, cremation devices, shrouds etc. At first I thought someone was taking the p*ss but then one mail arrived with an invoice that had an address and I recognised the address as being in the same city as one of our offices in Italy. Next time I was over at the office I walked around to the funeral director and asked why they were issuing accounts that were using our domain. Their IT guy looked puzzled and said that he assumed that since their business was named after the city he could just use that name in their domain and mail would mystically be routed to their servers. I stared at him and suggested that either they get their own domain or I'd start charging for their use of our servers. Oh and BTW what did he want to do with all the mail that we had ended up with? I told him I was going to charge him if we had to forward it to them. It all ended up being deleted.
Demands for payment, threats of court and bailiff action? All unsolicited, and with no valid reason whatsoever? If it was done to your postal address, then I believe that there would be grounds for legal action over harassment. I suspect investing in a small-claims court appointment, and a few letters to their legal department, would put a stop to it, and possibly net you a small windfall.
"Demands for payment, threats of court and bailiff action?"
I've received a few over the years. Hit delete after the first sentence. Same for emails from the bank. Anything important must come by post on headed paper. Any such crap by email will be ignored, which considering I didn't owe money in another country or have an account at HSBC is exactly what all those emails were - crap.
Unfortunately HSBC allows someone to set up an account int eh UK with only one piece of identification, such as a stolen utility bill. I only found out when the PIN-mailer arrived for my new plastic card. I phoned them immediately and got the card stopped. HSBC did not close the account however, and it was used to siphon about £80k from various of my accounts as it was in 'my' name. I got the money back, but as in the UK identity theft is not a crime, I am not the victim of a crime (according to the Police and ActionFraud).
I believe the law requires anyone to open a bank account in the UK even if they have no ID documentation. So that even homeless people can get access to basic banking. IDK how they verify the person though to avoid crime, maybe you need a third party such as doctor, police, etc to verify they know you first?
"I believe the law requires anyone to open a bank account in the UK even if they have no ID documentation."
Interesting, due to FACTA, banks outside the US are required to notify the IRS about accounts held by US persons (not citizens exactly. much looser). If they don't, they can be cut from the SWIFT payment system and not be able to exchange US currency/US currency transactions. This is why smaller banks will not open an account for an American. They don't want to deal with all of that.
No ID would be even better than the mythical Swiss numbered account.
> I bet if somebody hijacked Priti Patel's identity
In Germany, the Chaos Computer Club has made that into a bit of a tradition, copying the fingerprints of both Federal Interior Minister Wolfgang Schäuble¹ in 2008 and then Federal Defence Minister Ursula von der Leyen in 2014 (yes, that Ursula von der Leyen).
¹ Helpfully, they distributed a silicon film copy of the fingerprint with the next issue of their club magazine.
" copying the fingerprints "
I don't think it would be that hard to get people to give up their finger print or iris scan with some good social engineering skills and some hardware. You can get the rest of their info by handing them a form on a clipboard. Works a fair bit of the time.
@ AC. "Identity theft / fraud is still a crime in the UK"
Not according to Thames Valley Police. I have had several conversations with them and online chats with Action Fraud on this matter and they are adamant that identity theft, i.e. calling yourself by someone else's name is not a crime in UK law. Now Fraud is a crime, as is obtaining a money transfer by deception (Theft (Amendment) Act 1996), but the UK legal authorities are adamant that identity theft is not a crime. If you believe otherwise, please provide a reference to the relevant Act of Parliament so that I can record the crime and get someone in law enforcement to take it seriously.
I believe this is because under UK law your name is whatever you say it is. Yes there are official documents, and getting the name on those changed requires things like deed polls and other official looking documents. But actually they do not represent your name, only your official identity as recognised by some government department or other. So If I said my name was Eclectic Man, then my name is legally Eclectic Man, as long as I am not doing so to defraud someone (fraud is definitely a crime) then I have done nothing illegal.
But not being a lawyer this is not sound legal advice on the matter, and before you do anything with this that may need legal advice do consult a proper legal representative!
" i.e. calling yourself by someone else's name is not a crime in UK "
That sounds about right. The only time a crime is committed is if you use that alias for fraud. Simply representing yourself using somebody else's name and information in itself isn't a crime.
That loophole needs to be closed up. There isn't a good reason for claiming to be somebody else unless you plan to commit some sort of fraud. That said, if somebody walks up to me that I don't recognize and asks my name, I'll lie as a matter of course. I'll make a name up if a clerk wants one to put it on a take away order (I always pay cash). That sort of thing is different than saying I'm Bob Smith and I live at 123 Main St. when I'm not the "real" Bob Smith.
You'd think the police would take more interest in reports of identity theft as that's the first step in pilfering somebody's money and the faster they get on it, the less damage that might be done. It tells me that I need to look to see my accounts have been dipped into or a new credit card has been issued, etc. I might even be tempted to clear out and close accounts as a preventative measure.
DPA (text from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/accuracy/)
At a glance
You should take all reasonable steps to ensure the personal data you hold is not incorrect or misleading as to any matter of fact.
You may need to keep the personal data updated, although this will depend on what you are using it for.
If you discover that personal data is incorrect or misleading, you must take reasonable steps to correct or erase it as soon as possible.
You must carefully consider any challenges to the accuracy of personal data.
I raised a complaint with the ICO late last year about an error Vodafone made in continuing to use my house address for someone who had moved away. VF refused to correct the error as I wasn't the person they help data on. I pointed out that they must take reasonable steps to correct the error that I had "discovered" to them. The ICO upheld my complaint.
TL/DR; refusing to act "because DPA" is in itself a breach of DPA.
I set up a website recently - for COVID-related reasons, to manage reduced capacity in a series of venues by taking advance booking.
Sign-up results in a verification email being sent. A significant number of those emails go into the spam trap. Not because they are phrased in any spammy way - online checkers confirm that they are not - but apparently because they don't like new email addresses with confirmation links in them.
It's all very well asking people to check their spam folders, but many less experienced Internet users (and COIVD has made a lot of people use the Net in new ways) don't actually know what that means, or how to do it. Email providers hide what they judge to be spam away, for good reasons.
So I have to send a reminder/offer of help out to a sizeable batch of people weekly, and manually confirm a lot of accounts when they respond. It's a pain.
Perhaps the email giants could come up with a better system!
I think you'll find a fair number of them are treated as spam more because a lot of them seem to be sent with an envelope address of <> ie they're pretending to be a bounce message; BATV will identify they aren't and treat them as spam. If they were actually sent fro ma valid email address then the company sending them could do something useful with any bounces/replies of this isn't me etc. but that would cost them money, so most prefer just to fire off non-returnable emails.
"Email providers hide what they judge to be spam away, for good reasons."
my Namesco MS 365 email account came with several mandatory folders under IMAP. I quickly disabled the "Clutter" folder after missing several important emails that MS had helpfully sorted into there. They still put presumed Spam into the "Junk Mail" folder - so it has to be checked for invoices.
The snag is that the "Junk Mail" folder is only visible on IMAP - not on POP3.
I get this a lot, sometimes I manage to resolve, or end up going down the GDPR right to remove route. Other times I end up deleting 'my' account (according to the company/website) as the only possible alternative is to call an american phone number to try to resolve.
Then there's a few medical/financial websites that I've utterly failed to resolve, a couple denying they have a record with my email address even though it's provably them...
That reminds me of a database I was required to maintain at one point. Whoever built it first decided that email address was the primary identifier for a 'customer' -- one email address per customer, ok, fine.
It was not long before they ran into customers wanting to change their email address, as happens. Not a huge problem, right? Just impose a new key on the table, making the email address column changeable, a little bit of pick-and-shovel work on the history tables to line up the new arbitrary IDs with their old keys, problem sorted!
Except that's not what they did. Instead, they just added another column that tracked the email address. And modified the front end so it used that column instead of the former one to let customers log in.
Fast-forward to when I was handed this pile of crap, and I discover that somewhere along the line the person responsible for their email notifications had no idea what was going on, they just used a 'report' generated by 'the system' to feed their automailer -- and that report happily provided both email addresses for every customer.
Of course their (third-party) automail address didn't accept replies.
And *of course* they didn't want to pay for me to fix it. I was just supposed to admin the server and keep things running. It worked perfectly as it was, clearly if I was recommending these unnecessary fixes I was just trying to pad my bill.
EON rang me one day about Smart meters - and the conversation ended when they said my email address wasn't in their records. I couldn't be bothered to look it up them - as it is unique for their emails. A few minutes later I received a "review our service" email - to the email address which they said wasn't in their records
I get tons of crap in my google mail for community play support in Arkansas. Dentist appointments in South Carolina. Government job applications for jobs I've never even heard of. I even had someone's retired mother sending me her itinerary to visit her son in the far east. I had a nice exchange with the nice woman and explained she should call her son and verify his email address l e t t e r b y l e t t e r.
At least two other people have given my email address instead of their own very similar ones. In the first case I get many emails, including once a request for a job reference for that person. I telephoned the would-be employer and explained the situation, so I hope the sloppy emailer did not get that job. In the second case it was theatre tickets in a remote town. I phoned the theatre, and later the person contacted me and apologised.
I am sure a lot of people have similar problems. "Something should be done", as they say. We have seen the mobile phone system go through several revolutions, and something similar is needed with the Internet. A system created by remote and ineffectual dons is not fit for public and commercial use No, IPV6 is not the answer. Nor are the proposals from the various secular and religious dictatorships of this world.
No, switch to email numbers instead of names <G>.
The actual problem with email is there is basically too few providers for non-business addresses. Most people use GMail addresses in the Western world, so the "address space" is very limited. Moreover as email was designed to use usuallly names and surnames it's clear after a while all are taken inside a single huge domain. Had GMail created different domains at national level, for example, it would have created a larger address space. Yet there's a reason why postal addresses use a larger set of identifiers (hard to duplicate in a mail system) and telephone still uses numbers - even if SIP could use email alike addresses. A number is portable, an address with a SIP provider within is not.
Even domain with a meaningful name and short enough are not infinite.
"Had GMail created different domains at national level, for example,"
I have a .net domain. It confuses people when I give than a <some name>@domain.net. Many will ask if that's .com. Few of the confused wonder why it's not .co.uk. I suspect most people when given an email address will unthinkingly auto-instert .com at the end. In particular, people in the US who seem to think .com is the US TLD.
After all, The register was generally UK oriented originally so used .co.uk but is now far more global and has gone .com to reflect that.
Had GMail created different domains at national level
IIRC in the UK, they started off with addresses @googlemail.com, because of another company already owning the 'gmail' trademark.
Eventually I assume they threw enough money at the trademark holder that they sold up to Google, and everyone went back to their @gmail.com addresses.
(Reminds me of Sony finding out that my boss had trademarked 'PSP' in the UK)
So what happens when someone with a long-established email address keyed to their country wants to move to a different country? Do they have to give up the old one and get a new one?
I admit to getting a .org over 20 years ago, and have moved country since getting it, so I guess that paid off. I figured out even back then that a demon.co.uk address wasn't readily portable and might not last.
It was just an example built on the fact there are country TLDs available. Other solutions could have been used. Anyway, when you change country you usually need to change your phone number as well (unless you like to pay a lot...), and many other identifiers (i.e. my Italian "Fiscal Code" is useless in US where a SSN is needed). The number of people who change country is still smaller than those who don't.
Yet I have a domain inside the Italian TLD, and I would keep using it even if I had to move abroad.
The real problem is too many people using a single worldwide domain - something that probably those who designed email could not envision. They tied email addresses to organizations, so people changing organization had to change email address too (unless the organization graciously let you keep it...). For academic/business environments it made sense.
They didn't think about the need of almost the whole world population having a personal, private, portable email address. Otherwise, a different address schema should have been designed - allowing a far larger space and reducing collisions.
"A system created by remote and ineffectual dons is not fit for public and commercial use"
If the likes of Doug Engelbart, Ivan Sutherland, Bob Taylor and Larry. Roberts are ineffectual in your view I'm puzzled as to how many people in this world you would categorise as effectual.
None of which has anything to do with the inepts who set up the sort of commercial departments described in the article assuming that everyone will type in their correct address and fail to ask themselves "what could go wrong?".
This is simply corporate obtuseness and not confined to email. One delivery company whose name is a TLA persistently fails to deliver here. My house doesn't have a number, just a name - carved 6" high on a block of stone beside the gate - and they seem unable to get their heads round this despite long exchanges of emails. They have, apparently confirmed that they have the address in their system but, despite having been send GPS coordinates seem to send their drivers to an address a hundred metres away, just out of sight round a corner. Only one recent attempt has succeeded, possibly because the driver had the initiative and sufficient command of English to phone up and ask for directions. I will no longer order from businesses whom I believe will use them for deliveries.
Businesses that have no mechanism for correcting errors in the data they hold will fail repeatably indefinitely.
I had a problem with a delivery that they tried to deliver to the same door number in an adjacent street. Couldn't find any way on their web site to contact them (since I was not the sender I had no account with them). Fixed it by finding their Facebook account and sending a Private Message.
I get the same, despite my garden wall having the Street Name Plate attached. Heck I also get mail from the centre of my city where there is a similar street name, the post code is identical for the first 3 characters - but they all appear to be for foreign students. I politely (for me) stamp them (it is often enough that I had a stamp made) Not Known at This Address and add Post Code Incorrect, and often Return to Sender. This includes; bank letters, medical letters, tax letters - because the intended recipients never correct anything and I am not a mail redirection service.
And that is just Snail Mail and Deliverys - as for emails......
"despite having been send GPS coordinates seem to send their drivers to an address a hundred metres away, just out of sight round a corner"
GPS is only accurate to about 100m, unless you spend a lot of time sitting in one place with a high quality receiver (the sort the UK's Ordnance Survey uses and which used to come in a backpack). I regularly run* from my front door to a crossroads and back, tracked with my Garmin Forerunner. I wait until it has found the start location (all green indicators) before I set off. Sometimes I run 2.4km, other times it is 2.42km, 2.46km, once nearly 2.5km. The same route, although I confess I do avoid pedestrians, trees, dogs, and the occasional vehicle parked on the pavement.
You are fortunate that only your post is misdirected. One family's home was demolished due to a GPS error.
*OK I call it running, you might consider it more an asthmatic stagger.
I actually have the opposite problem - I keep getting deliveries that aren't for me. My house number is 15 and the next town over also has a 15 with the same street name, which is literally 0.4 miles to the west of me on the same street! After years of getting their packages I finally gave up and told Fedex that I was fed up with being their delivery person and would consider any future packages to be gifts, thank you very much. Strangely enough we only got one more package via Fedex that was misdelivered....
But since the pandemic has caused a rise in food delivery services, I've started getting food deliveries left outside my front door. My wife even called one of the restaurants that had a company misdeliver to us to try and be good pseudo-neighbors. That netted us free food and the other folks supposedly got their food a bit late, but at least not cold from sitting out on the wrong porch.
It's gotten so bad I now have a large notice on my front door giving my address and in BOLD letters the name of the town they are standing in, it also informs them that they might want to look west if they are delivering to that other town. Still got one misdelivered order in the 2 weeks since putting up the notice. Sigh.
Hmm, if BobSmith@gmail, is receiving emails for Bob.Smith@gmail..... is Bob.Smith@gmail receiving emails for BobSmith@gmail??
If so - has BobSmith (or Bob.Smith for that matter), done the sensible thing and moved all their online accounts away from that email address? Because if not, BobSmith is relying on Bob.Smith to be as morally well adjusted as himself.
>> Hmm, if BobSmith@gmail, is receiving emails for Bob.Smith@gmail..... is Bob.Smith@gmail receiving
>> emails for BobSmith@gmail??
No, BobSmith@gmail wouldn't have been allowed to create an account with that address as it's already taken by Bob.Smith@gmail. He probably tried but got told he could only have bobsmith8729@gmail. However he has bobsmith@workdomain and got confused entering his gmail address.
He'll also happily give out BobSmith@gmail to all and sundry (and all and sundry will happily mistype BobSmith@gmail instead of bobsmith8729@gmail) so that Bob receives mail intended for Bob8729.
I get lots of mail for BobSmith0 to my BobSmith@gmail account, most of it destined for the same person in Australia who either doesn't know his email address or doesn't care. Some interesting stuff in there at times.
I relented and signed up for a Gmail account, put in my name either full with or without middle initial etc and all came back with joeblogs2567 type suggestions. I don’t have a common surname even. So I’m signed up as Drjoeblogs since I’m entitled to that title and it wasn’t taken. It seems to be uncaring about drjoeblogs or Drjoeblogs both work. I use the latter to make it clearer.
I can see how your scheme would work though. Switching from my old isp address (changed suppliers for price reasons) takes concentration.
When I was working for $BIG_PLC I had an internal email address with the suffix 9 (I have a relatively common name - at least it lets me hide in the phone book).
I lost count of the number of times vendors would send <item> to the person who did not have any suffix but the same name. We eventually set up an email group for everyone with the same name in the company so we could ask if such and such was meant for someone else with the same name.
It's ambivalent about case and periods/full stops so use them anywhere in the first section of the address, potentially for figuring out who's sending to what version of your address. Building on that, it features the ability to add a + after BobSmith to see who's doing what with your address (I think some other services may offer this too).
E.g. if for whatever reason he were mad enough to sign up to them, giving TalkTalk this form of his address BobSmith+TalkTalk@gmail would still allow mail to reach him but - by seeing who else uses it - he'd be able to track who TalkTalk had been selling his address on to. Various features in Gmail would make it very easy to filter all inbound crap to this address.
I suspect some spammers are probably wise to the feature now, but it has its uses.
I should warn you that some email forms will refuse to accept an address with a + in it and others will cheerfully use it but are smart enough to realize that they can chop off the part after the + and it'll still work. If this feature is useful to you but this is getting annoying, I recommend using a custom domain set to forward things to another address. Anything@mydomain will go to me, but since there's no + in it, the addresses don't get blocked in ill-designed forms nor do automatic spammers figure it out. Also, I can redirect a specific alias to forward somewhere else, such as /dev/null or the original place's postmaster.
"I will definitely be using that in future to use asa spam filter and also see who is selling my email address."
I've used my own domain reserved entirely for communication with retailers etc for a couple of decades. Each retailer gets <theirname>@mydomain as an address. That way I can tell very easily who is selling email addresses. So far none of the companies I deal with for banking, insurance, travel, or retail has sold my address to anyone. Sadly the same is not true for conference organisers. Those b*stards sell email addresses to anyone, the spammier the better. All of the spam that gets dumped in the bit bucket has an email address previously used to register for a conference. No, I don't want the once in lifetime opportunity to buy an apartment in Dubai. I think I'd rather remove my nipples with a cheese grater.
I have been receiving everything from ‘Welcome to AT&T - want to know how to use your phone?’ To monthly bills for years for the same account. AT&T refuse to accept that I’m not a customer despite living in the UK and keep routing me onto their ‘login here to talk to us’ system or call this number from your AT&T phone which clearly I can’t as I’m not and never have been a customer (who the hell would be?). And it’s not just bills, I get non-return messages saying ‘They are here for me during this difficult time etc. Via Twitter they insist it’s spam although every single link resolves back to AT&T so that’s particularly interesting spam to an email address only shared with friends.
It’s a small thing - I can delete it every month but it’s just so bloody annoying that some clown has used the wrong email address (in the Georgia Mall I believe) and I’m stuck seeing his $140 bills each month.
Edit: I don’t use GMail
It's never happened to me on gmail, but I have an old Hotmail account that also works as an @outlook.com address and *that* one keeps getting given out by someone in Germany.
Fortunately as the emails I get are from German companies they seem to be a bit more efficient (stereotype, I know), so I can usually find a working email address to reply/forward the mails to along with text saying something like "I am not your customer, you have the wrong email address on this account" in both English and German.
That sorted everything except an American company he/she was dealing with (can't remember who), but they eventually stopped, so I guess the person worked out their mistake and sorted it themselves.
This is the cause of a lot of problems. Basically it is a company that does not want to perform its due diligence on sending out email. They are trying to bully the rest of the world into operating as they want us to. Why should I do a lot of work because they do not want to pay the cost of doing it themselves ?
As far as I know there is no special legal privilege in such an email address, so I will reply to say "No I do not agree to XXX". I keep a copy of the email that I sent. This is somewhat akin to me sending them paper mail/letter to one of their offices - how they route it internally is not my problem.
Paypal Automatic payment Google Contact is a do not reply.
Also it's added automatically if you add paypal as a payment method on playstore. Then you have to use a Chrome based browser to delete the payment method, can't inside Playstore app. Then you have to get Paypal to remove the Google Automatic payment via chat.
Do Not Reply is TOTALLY evil. Especially when you are a customer.
It wouldn't be so bad if the DoNotReply at least had a bounce filter on it so it would flag rejected mail as such, either for automatic removal or flagging for a human to check after enough bounces. I also wish spammers were smart enough to take out the email addresses that bounced rather than accepted and quietly dropped.
I have a similar issue.
I'm lucky enough to have a fistname.lastname gmail address, my first name is alan
A couple of years ago I started getting emails from companies thanking me for my business, email receipts, invoices, even booking conformation and boarding details for a 21 day Caribbean cruise, and more than once I've had blueprints sent.
These should be sent to allan, with two Ls
At first I forwarded them on, but after the real recipient failed to ever thank me for my kindness I've started deleting them.
I took great pleasure in deleting his boarding passes for the cruise...
I've got the same issue. There is a twat in Texas who can't unlock his apple account, never receives job offers or the urgent recall notice for a truck. I know a bit about him - he's out of work, has worked as a truck driver and rigger in the past. He's single and likes porn. That's the most irritating - the vast number of porn sites he registers with - and I get all the spam.
Thankfully gmail has good filters and not much gets through to my inbox now.
This isn't the first time - ten or so years ago Gloria bought a new PC and I got the email - but that time it actually has a postal address so I sent a postcard and got a reply thanking me :)
Signed up at mweb.co.za for an email account and a dial-up account (yes, it was that long ago).
Username was email@example.com (not my real name, but used it to illustrate what happened).
All went well until gmail comes along, and I set up a gmail address for my use, and forwarded my mweb.co.za emails to my gmail (to inform people of the switch who'll still use my mweb.co.za email address).
All fine and dandy so far. Now on the mweb.co.za email portal you could set up a couple of aliases for your email. Cool. Great feature. <borat thumbsup.gif>
Some blithering idiot tried to get firstname.lastname@example.org set up as his alias, and probably failed, but tested it and saw that there was no bouncies coming back, so all must be good? Distributed his "new" alias far and wide...
...and I got allsorts of junk, most memorable was from a middle-aged woman in Russia displaying her fanny for world+dog to see. Decided to pull the trigger on my mweb email account as it was probably not worth fighting it, and besides, gmail was free (hollow laugh).
So far no funny business yet. *touch wood*
Yup I can't get rid of an Apple account someone signed up and set their phone to.
Why don't websites verify emails instead of blindy using them and why have an online support which tells you to phone only to be told use the online support.
I just click the report spam button on every Apple email I now get.
but on my mobile.
I received a text saying my order at Argos Cheadle would be available for collection the following day. It came in the same message thread of an Argos order I had made personally so it was clearly coming from the right source but it wasn't my order. Got through to Argos who were very good about it and confirmed it was a real order but the person had mis-entered their mobile number and let me know there would be other texts but to ignore them. They seemed pleased I had thought to check this out and not only were they easy to contact but they did what seemed to be all the right things to check this was not a scammer.
Why do I feel I have now used up all my luck with telephone support?
Got through to Argos who were very good about it ...
That is because Argos are sane guys who have people who you can 'phone/email. Recently I received a set of things in the post from Ebay, opened the package before I realised that it was addressed to Kevin, not Alain, so I could not put back into the post, ... no way to contact Ebay without spending money or registering an account (which I won't do) muppets!
I had something similar happen, but with my actual, physical address. I got a message from my energy supplier saying "Sorry you're leaving us", and it turned out that someone had opened an account with a different energy supplier and given my postal address. It took a fair amount of to-ing and fro-ing between the two companies to sort it out, because the second company initially said they couldn't do anything because the account was in a different name to mine, so they couldn't discuss it with me!
I had something similar at a previous address. A Capital One credit card turned up to my address to someone I'd never heard of. A couple of days later the pin number and a couple of days after that a bank statement used as evidence of ID by the person who wanted the card. I noticed Capital One had corrupted the address on the person's bank statement and changed their postcode to mine. I tried to phone Capital One but they refused to talk to me as I wasn't the card holder. I sent the whole lot back to them 'return to sender, not known at this address' and a few days later got another letter asking me to confirm my address. FFS.
I had that with an ISP. Had the "thanks for joining us" letter turn up, wrong name, but definitely my address. I contacted them to say it wasn't me, they said just ignore it. A few days later my ISP emails to say sorry I was leaving. I phone my ISP, they say phone the other ISP who says phone my ISP who, to their credit, did stop it. Then a week or so later I come home from work and there's a parcel by my front door: a router. I phoned, said no way was I paying to send it back. They said keep it. It was one of those crappy Thomson things. Meh.
I left the UK and closed my account with my energy provider. That provider subsequently got sold to another energy provider who setup an account for me and 12 months later started sending me emails saying that my account was overdue to the tune of £280
I'm still working through trying to convince them that I do not live in the UK and just because they automatically created an account for me, I am not going to logon to it.
I don't know how the account has been accumulating so much, maybe the person who now lives in my old place hasn't setup new utility accounts - or the energy provider is just incompetent.
So much this. And lazy arse people.
I have a firstname.surname AT gmail.com account, and I use the dot. You don't need to use the dot.
I also have a few people with "my name" who have "similar" accounts, i.e. email@example.com - and do they use the initial?
Do I get the emails?
I've had someone's flight tickets to Australia (STA did sod all - I considered actually pitching up for a free holiday) - emails from the police on a crime, from Westminster on a political topic, pictures of someone's family, home extension details, washing machine repair info, invites to a stag do, photo print order etc - and various other crap.
I've also (maybe helpfully) clicked the "Not me" links (when provided) and/or logged in and "closed" the account. So far, none of the accounts have contained any information beyond the name & email address. I then setup a FB group and invited people with "my name" to it, to try and nail a few down - but most have buggered off since. Ah well.
The other joy is that I share a name with a couple of IT professionals, and I've had agencies call me thinking I'm one of the others, and they spill plenty of info before I shut them up....(I'm assuming they search for a name in whatever CRM they use (Excel?!) and ignore multiple results...)
I don't know whether they verify emails on signup, but they certainly don't when you change it in the profile.
I get a surprising number of them delivered to a catchall address. I've started logging in and deleting the accounts (they all seem spammy anyway) but did initially wonder as to how the account was created without verifying the email address.
My catchall address just leaves them dangling in the breeze until they die. I used to bounce them back but a certain 'Blacklist Provider' deems NDRs to be SPAM and adds you to their blacklist. They have a very aggressive response to people who push back and so thanks to them I had to stop being quite so helpful
I’ve been on the receiving end of this thanks to my gmail account and other gmail users sharing similar first names (and a common last name) presuming they could use first.last@gmail (or even firstlast@gmail, etc) rather than their actual gmail assigned address (which often seems to have a middle name or initials in).
There’s a couple of UK residents whose eBay purchases I’ve had their invoices for (and more!), but the biscuit has been taken by an Atlanta, USA resident with strong religious and Democratic Party leanings (I’ve had personal emails and group chats from their church, plus a whole heap of election organisation stuff lately), for whom I know their bank details (bank won’t accept my complaints of being a uk resident and to remove my email address from their systems because “GDPR doesn’t apply to them” and I’m “not their customer so they can’t amend their records”), their lawn care contract, their kennel and vet arrangements.... and most ironically, found this is someone who’s claiming (via LinkedIn) to be a computer UX consultant (whose response to an application to a large well-known IT firm I received when they were asking for interview details).
Let’s ignore the various dating and more porn oriented signups I’ve received (and profiles plus pictures I’ve had access to) from yet another USA resident with marital issues (not our UX “expert” this one!)
Whilst deleting and filtering their spam is eternally ongoing, attempts to get either the responding organisations to correct their records has been almost universally ignored or actively rebuffed, and the identified user seems oblivious to my direct pleas.
This seems like an absurd situation to be in, especially when the likes of GDPR were aimed at improving organisations data validity and not abusing others by proxy.
Only most of this is US based entities, who don’t have such cares, but for whom this isn’t even a bottom line issue because I don’t (or can’t) use their services because they imagine their operations stop at the Atlantic shores :-/
I can’t see any end to this without giving up my long held gmail account, and even then, the problem could just resume because as the article notes, signup processes are fundamentally broken in many cases.
If only I could ever find out what these peoples _real_ address actually is...
I've had email intended for a great many Americans (it's almost always Americans) who share my surname and initial.
I've had parental consent requests from their children trying to create accounts on Disney sites.
I've had invoices, reminders, receipts, spam, confirmations, delivery time slot reminders, reference requests for job applications, job offers from recruitment "consultants"... and requests from their landlord to enter their flat and fix the plumbing.
But worst of all pictures of their relatives every Christmas... it seems they misuse my email not only with web signup portals but with their own family!
Thank you to - Mike, Michael (at least two different Michaels, but one of them moves around for work so it might be more), Mark (three of those I think), Melanie, Morgan, Michelle ...
Oh, can we do that?
@Tracy in Canada, your kid is failing in school and if you don't stop eating pizza then online dating won't help you.
@Tom in Florida, because you signed me up for Home Depot spam, I've cancelled your rental car bookings and I'm considering either reporting your college to the US authorities for divulging PII even after I'd alerted them to the issue, or just diverting your college grant to my own bank account.
Love, Tony.SharedSurname in the UK
I operate multiple email addresses on my own domain. If I'm dealing with someone I don't know or a one-off purchase etc I use a throwaway email address on my domain. If spam starts to build up I delete it and create a new throwaway email address. I get very few mistaken name emails as I'm using my own domain so someone would have to mess up big - one advantage of not using a common domain like gmail for your email. I recently started receiving invoices and statements to one of my less used email addresses, so rather than trying to contact the sender I just binned the email address, so anything will just bounce back to sender - their problem, they can sort it out.
Someone added my Gmail address, with a dot I don't use, to her PayPal address. So far exactly as the reader mentioned in the article. The difference is that I succeeded in speaking to a PayPal support agent and he told me that, Gmail rules notwithstanding, PayPal considers the address with a dot different than the address without it. And that my fellow sharer of my email address is more than able to operate and use her PayPal account logging in with her mobile phone number. And that I have to live with it till she decides to correct the error herself. So I do, for several years now, receive her PayPal communications and promptly delete them.
I have to confess that I tried once to login to her account to correct the error myself and cannot do it as she has second factor authentication activated. Good for her! But I have her phone number, included in every receipt.... if I ever became too tired of this I would incursion onto SMS spoofing!!
I have firstname.lastname@example.org
I get emails set up as email@example.com
Some Yank who keeps getting desubscribed from university and disentry news letter.
And to think over 20 years ago we considered the domain name
So I logged onto his email my password then tested lots of combinations, google sends anything similar.
"Email is perhaps the nearest thing to a universal identity system for the internet, but if it is such a thing, it is much flawed."
Apart from those behind the corporate firewall, and maybe pushfraud victims, (who often don't have the insight), I didn't think anyone took an email address as any sort of ID seriously any more.
The total lack of authentication is kind of a red flag.
I get occasional emails in Spanish from people who forget to put '.ec' on the end of my .org address. I've notified firstname.lastname@example.org but had no response and the emails are still coming. At first I responded telling them they had the wrong address but I can't be bothered now, they just get deleted.
I also used to get emails to my xxxxin.com address intended for xxxxinc.com (i.e. xxxx Inc) but that eventually stopped after I emailed the postmaster.
Don't get your hopes, up - nothing salacious! Can't remember if I have posted this before, but a woman who works at the same company as me was emailing her husband (who has same name as me) and her system picked up my internal address instead of his external one the first time and kept reusing it as default autosuggest.
First email I got was because she had booked return train tickets with the source destination the wrong way round and asking what could she do? I helpfully sent her the website link of the train company page where tickets can be adjusted if you have the right traveller info, thinking it was someone just asking for help. When she then wanted ME to change the tickets for her, I realised the mixup and set her right - she was most apologetic.
A few weeks later I got got an email suggesting a BBQ that weekend? I politely turned it down as I was in another city and that her husband might get jealous? She replied that she had realised her mistake as soon as she hit send and apologised again.
Another few weeks later, she emailed me to say she was going home sick as she had an upset stomach. I told her I was sorry she was not feeling well and that maybe the food at the BBQ may not have been cooked properly?
She was even more mortified by that exchange - I then pointed out that when Outlook (which is what we use at work) starts suggesting an entry, a little cross will appear at the far right of that line. Click that cross and Outlook won't suggest that one again until you have typed it in full again. Haven't had another email from her since, hopefully because the suggestion worked but maybe the stomach upset was more serious than we both thought?
I used to work in government. There were three of us with exactly the same name separated in the GAL by putting a number after our names with no other indication of who did what. So as an IT security person I got questions about getting visitors passes (no idea, ask #2) and about some light engineering jobs (see #1). It gets so tedious that at times it's tempting to pretend to be the other person and make up the advice.
her system picked up my internal address instead of his external one the first time and kept reusing it as default autosuggest
I would have a specially toasty place in hell for the f**ktard who came up with the idea of actively hiding the actual email address from users. Mind you, they'd be sharing that toasty spot with the originators of quite a few features inflicted on us by MS.
it's a "feature" well designed to assist scammers and spammers, apart from the general inconvenience when it gets messed up by non-nefarious activities.
PayPal simply don’t know how to use phones for any purpose. Recently they have started asking for confirmation by phone call for transactions. My number is listed correctly but the confirmation call never arrives.
Companies who only accept PayPal as a means of payment are losing my custom.
I keep getting 'your credit journey' emails from Chase Bank.
I can't stop them because the mail is from a do not reply address. I can't send Chase a message because all messages need to be sent from the logged-in account message system.
I'm chuffing well not going to sign up for a Twitter account so I can tell a bank that either they/their customer/or both are wasting my time.
Your credit journey? Good grief!
Sadly, Twitter seems to be the default approach in these times.
My procedure is to tweet a picture of a chocolate teapot or similar to the marketing dept or better the CEO of the company concerned accompanied by details of prior attempts to contact. This is very much a last resort but hasn't failed to get immediate satisfaction thus far.
Within the EU there's actually a standardised return address for unsolicited invoice and financial mail coming from <email@example.com>:
Don't arse around with customer "support". If they're sending emails that contain PII (or indeed "manage your account" links) without verifying account control to a third party (you) then just forward it to the compliance department and let them give their developers a shoeing.
If you feel particularly malicious you could also "help" by reporting the data breach to the national regulator. In the case of PayPal, the Financial Conduct Authority could also be fun.
I file the GDPR complaints either with a "right to be forgotten" request, or a "you've commingled my PII (e-mail) with someone else's PII, stop that!" request. Sometimes it gets the desired result, other times they want you to cough up *all* the PII to identify you as the "real" account holder -- which of course I can't do since I'm not the other person.
I had three instant credit store cards in *almost* my name turn up over a few days. Trying to convince the issuers to talk to me about store cards that weren't for me was a farce (which caused much hilarity in the open plan office), and I later found that the credit checks that had been done against my almost-name and address had DOB and time at address wrong. One of them was even done after I'd spoken to that issuer's security team about the first dodgy card... Make me wonder what you have to do to fail a credit check - be honest, probably :-(
I occasionally get council tax reminders for a woman in Croydon who somehow signed up with an email address on my personal domain name. Needless to say they go straight in the junk mail, she used her own name @ (my domain).
They should have done a confirm email at the least so at least it wouldn’t have processed the address.
But I have to agree, there should be a confirm address link when you sign up for a service and a “nothing to do with me” link or phone number so you can reject these at source.
The only problem would be who you click on the link as it could be a spammer spoofing the email just to prove you are a valid target.....
I get plenty of emails from sites which don't verify email addresses before sending mails. Generally it's from US websites dealing with US customers: I guess they don't mind abusing people.
When this is about membership, I generally ask a password reset, connect, and change the mail settings to "firstname.lastname@example.org". And then I'm not spammed by this site again.
Dig out a contact at the Federal Trade Commission and use that address.
One of "my" phone numbers is an agent with the state tax board. If I don't want to give somebody my phone number and it's a required field, that's one that they might get. Another is a test number that just rings. I can rattle those off from memory since you have to know your own phone number. What I use depends on the situation. If I'll get problems for giving a wrong number, I'll use the one that just rings since I can't be required to answer the damn thing.
I get everything from emails from National Australia Bank (no way of contacting bar phoning Australia) to offering jobs as cardiac surgeons (was tempted to apply given the hefty salary and then find ways to "observe" rather than do the actual hacking and slashing), US military emails (fucking nightmare getting them stopped despite highlighting PERSEC, highlighting it to various SNCOs got me sneered at, took me using the base commander's email for anything to get done, got a reply from a Major profusely apologising and asking me to let him know if it happened again), car hires, paypal (still haven't got that stopped and concerns about effect it would have on my credit score), AT&T/DirectTV ($600+ arrears notices), Frontier Internet (who said they couldn't stop the emails due to "data protection" and I "wasn't their customer"), emails from the Phillipines using mine as a recovery address (think my email was on some haxors forum given the myriad of uses it gets put to).
Some companies make it a doddle "not you? click here to remove your email address", other's a total and utter nightmare with no consideration of the risk of identity theft and damage to credit score (wouldn't surprise me to find that email address is already something they use to match people and formulate their credit rating)
How hard is it to send a "verify your email to activate your account"???
Paypal sends the email but still allows the account to be used without the verify email button being clicked - what the fuck is point of that???
There is something to be said for responding and wasting their time for a bit, especially if they've been wasting yours. It might get you through to a real person.
As for the "click here to unsubscribe", if I didn't originally ask for it then I'm not going to click on a link that might be dodgy and merely confirm that the email address is valid and in use. I edit my spam filter and bounce the stuff instead.
"Paypal sends the email but still allows the account to be used without the verify email button being clicked - what the fuck is point of that???"
Paypal still sends out email that looks like phishing with loads of links. I've written to the corporate office that anytime there is an issue you are notifying a customer with, require them to type in the PayPal URL, don't send links, that's what the phishers do. If PayPal made it very clear that they don't send email with links, people might not get suckered into the phishing attempts. The poor grammar and spelling on some of their official emails needs looking into as well.
I have a lastname.johnATgmail address. I occasionally get traffic for someone in the USA. A bit if digging uncovered a guy using lastname.jonATgmail (no H) in the States. So far it's been flight confirmations, something about a baby shower and booking confirmation for a swanky New York rooftop venue. I guess he's been quoting his addy verbally in phone calls, which had been wrongly interpreted.
I had a couple of exchanges with the guy and was thanked for my efforts. It's gone quiet now but I guess it's only a question of time.
For older gmail addresses, they are also interchangable with googlemail.com too.
I have recently had someone try to find their long lost classmate / sweetheart after the classmate signed up to a reunion website with my email@example.com address. After saying I wasn't them, they tried various version of dots and capital letters, all coming back to me. 10 emails later....
I have someone in San Fran who uses my email address at various hotels and for their golf membership.
I have someone in Texas who uses my email address for all car related matters (I have the invoice for their car, their service reminders, adverts for new cars) and various other things (I recently got their quotes for a new air con system).
I get all the USA election stuff, which there is no way to unsubscribe to.
I have someone from another part of Texas's divorce and childcare settlements.
I get occasional book orders from someone with my name in Philadelphia.
On do-not-reply addresses, its often to avoid out of office infinite loops.
Often customer service addresses will auto-generate case info on new emails, replying back with a case ID and idea of wait times. Auto-replies have different subject lines and often don't include the internal thread id so they can create new cases on each reply.
Also GDPR stops anything sensitive from being sent over email (as its unencrypted) so customer service requests are pushed to other communication methods.
I have an ISP-provided address that's [lastname]1@[provider]. Have had it for over 10 years, and don't really check it much (I use my Gmail account, since it's not dependent on choice of ISP...) Suddenly started getting mail for someone else with the same last name in another state (US). So far, I've received several medical appointment reminders, magazine subscription info, copies of the couple's hunting and fishing licenses (with birthdates)... The one thing I **haven't** received is their phone number!
I've tried contacting some of the various senders and asked them to not only drop this email, but to notify the couple that they're giving out the wrong email. But no luck so far.
I have firstname.lastname@example.org, @yahoo.com, @outlook.com, and a couple of others as well as email@example.com. I have problems with people signing up with my email addresses constantly. It can be a pain to get this corrected. Some companies refuse to help because the account on their system isn't mine. Other ignore requests.
I had a bank in Australia refuse to do anything because I wasn't the account holder. A quick email to their legal department noting that I was getting personal details in the email and if it didn't stop I'd post the emails to their Facebook page took care of that.
Someone bought a Cooper Mini and used my firstname.lastname@example.org email address so I'd get service appointments, notices, etc. Emailing customer service didn't help so I had to email their legal department to get it to stop.
One thing that sometimes help is when there's a link to look at the account I can click that, then click the "Forgot Password" link, make a new password, then log in and change the email address. I'll use their customer support email address or abuse email address.
Identity theft is not a crime in the UK. Basically you can call yourself any name you like, even Boris Starmer, should you so wish. So the problem with an email account set up in your name by someone else is that it is perfectly legal, after all, my surname is not actually "Man".
For companies which get the wrong address associated with a bank or utility or other account, I recommend writing to them (good old snail mail, recorded delivery) stating that they must remove your personal information from their records, specifying your address, or you will report them to the Information Commissioner as being in breach of UK data protection legislation. That worked for me with British Gas when I started getting bills for someone who has never lived at my address.
The problem of the gmail account set up with my (probably globally unique) firstnamesurname combination in order to facilitate fraud and theft is, sadly another matter, as it is perfectly legal. I just inform every organisation I do business with, that I do not have an account with gmail, and that the one registered is used by fraudsters, and that if they receive a request to send any information to it they should immediately inform their fraud department.
My sympathy to everyone with these problems.
@ Woodnag "You're conflating using an alias for non-deceptive purposes (usually legal) with identity theft, which using someone else's ID for fraud."
Not according to Thames Valley Police and ActionFraud, they are quite adamant that identity theft is not a crime in the UK. Fraud is itself a crime. Obtaining a money transfer by deception is a crime (Theft (Amendment) Act 1996). But identity theft, according to the UK's law enforcement agencies, is not. Otherwise all those police officers who used the identities of dead children to infiltrate campaigning organisations would have committed criminal offences.
Note the Met is being sued for the distress caused:
"Four families have started legal action against the Met, saying they are appalled and angered at the conduct of the undercover officers. Their legal action, which has been submitted in a formal claim to Scotland Yard, alleges the Met misused private information and intruded on their personal grief, causing them distress and damaging their mental health."
Someone got into my Home Depot account and ordered a $6000 piece of construction equipment.
In the two minutes before the order processed, my email account was flooded with several hundred newsletters I hadn't signed up for. Those messages buried the email from Home Depot confirming the order and I assume that was the intent.
I receiver a letter from somone using my address and discovered that there is no way of notifying paypal without login into their services.
I return the letter with "not at this address possible fraud" upon it but from what I have seen Paypal do not seem interested perhaps because they have some reason not to removed accounts associated with fraud.
"Paypal do not seem interested perhaps because they have some reason not to removed accounts associated with fraud."
Or they might wind up having more of an issue if they disable an account that shouldn't have been.
Try to purchase something they don't want you buying and they'll suspend your account in two shakes.
I was a very early adopter of gmail. I have just my surname as my email address. (email@example.com). People register for gmail as first_name.surname, and when they make an error and type "," instead of "." (I'm guessing) when signing up for other services, it is I who gets the details of their latest car purchase, travel itinerary, etc..
I have a form letter that I send, but of course, so many are firstname.lastname@example.org so I have no way to inform them. If I am very lucky, I might be able to unsubscribe. On even rarer occasions I have managed to sleuth out the real email address and contact my presumably distant relative.
I've had this with my Gmail address. Some copper bottomed idiot in the US who shares the same name as me decided that his email address was the same as mine but with added dots and signed up to all sorts of different suppliers who don't appear to carry out any form of email address authentication, including eBay (who you'd think would know better).
After ignoring the constant drip feed of newsletter subscriptions, job application acknowledgements, the idiot ordered some stuff, essentially in my name. Because the order review email contained his real world address I actually tracked him down and used up some ancient Skype credit and rang him to tell him of his error and to explain why gmail addresses with dots in still come to me. I closed the call thinking I might have helped out some poor technologically illiterate sap in California and felt good about myself... for about a day... until the next order confirmation email arrived.
So I cancelled the order and told the supplier to refund the credit card on his account, which they agreed to do. A few weeks later I get a customer services email from the same company with a copy of his web query to them asking where his order was... and I kept on getting random emails to my address relating to orders made by this very real but very stupid person in California. I've resorted to cancelling every order that he makes and changing the password on every account he sets up. I haven't had anything for a while now, so presumably he's got the message. Or a new email account.
Not dismissing anything to with the actual problem, but I think the issue of not being able to speak to someone at Paypal is a little overstated - certainly based on my own experience.
On the the handful of occasions I have either contacted them through the Resolution Center or phoned them with a one-time passcode generated from within, someone has got back very quickly (on the phone, VERY quickly).
I'm not saying they're perfect, and I realise they're a popular target for many, but ya know... just saying.
I have had my gmail account since gmail was invite only. It is a very short email address (firstinitialsurname(same surname as Tom from Forrest Gump) )
There is a gent in the USA with the same surname but a different first name (although it has the same initial) who is continually using my email address for stuff.
So far I have received Trump emails, congratulations on buying a new truck and the warranty details, new mobile phone orders, offers of work and various other things. Usually if it is a business that I can unsubscribe from, I will. There have been a few times where I have had to track the company down and explain that the email they have used belongs to someone in Western Australia, not the MidWest and most times they are very apologetic because they have other ways of contacting the gent.
Happens to me a lot as well, I also have an early Gmail account (back when it was invite) and I get mail occasionally for people who are obviously trying variants of dots or forget to add their numbers, etc.
Often when it is someone trying to contact a friend or contact I reply letting them know their message has gone to me instead and they need to call/contact their relative friend to get the email address corrected. These all seem to work out fine and I often get a message back thanking me.
The problem ones are the help desks or organisations who just can't believe that I am not their customer, etc and simply clam up, refuse to interact or resolve their issue. Occasionally one gets all officious and wants to report me for receiving messages that they sent me (life is too short to try and figure that one out or explain it to the idiot).
One in particular was Greenstar Energy in the UK that kept sending me messages about my account and the overdue bill. Fortunately they were not just sending the bill but giving a link to login so they at least were in some small way protecting their customer, but I could have gone to the link, and reset the password if I was an arse, so not that well protected. I was eventually able to get their Helpdesk to communicate and finally after about 3 months understand that I was not their customer (I live in Australia) that they were sending me the mail messages unsolicited including amounts owing, the name of the account holder, the account number and perhaps that was not correct under GDPR and the messages finally stopped. One month later they were taken over by Shell Energy and it started all over again along with the customer trying a series of 20 or so frantic resetting password messages over two days until he either just gave up in frustration or worked out what his email address was.
Anyway, must move on, as someone in Kansas is trying to order some shoes from Adidas, someone else in Sacramento is trying to renew her Sirius radio subscription, someone else in London is trying to organise some publicity photos and yet another person in Florida is due for a service on her Subaru.
Speaking from experience Shell Energy are total tw*ts regarding customer service. I suspect they only employ one person in that capacity and she's part time one day a month. I changed my email address and there is no facility on their site to update it. Their help system is useless. Their AI chat bot is useless. Their human chat facility is useless - I waited in a queue for over an hour before I got dropped. Had to use Google to find a contact email address for them. Eventually got a reply from them saying I can update my email address on their site, but you can't. Contacted them again and finally after three months, they updated my email address. I'll be changing supplier at the end of the contract. Bunch of wankers they are.
"The problem ones are the help desks or organisations who just can't believe that I am not their customer, etc and simply clam up, refuse to interact or resolve their issue. Occasionally one gets all officious and wants to report me for receiving messages that they sent me (life is too short to try and figure that one out or explain it to the idiot)."
You may be being a bit harsh on the 'Help Desk' staff. They usually have a set script to follow, which omits the possibility that there could be an error in the email address system. I usually try to get them out of the script by saying that I realise they personally are not to blame for the system, but if I could speak to their supervisor that would be helpful. The first human responder usually has limited leeway to actually do anything not on their list of approved actions. The UK's National Savings Bank staff can only send out a letter to change an online password. When I told them my post had been stolen and I needed to change my password some other way they simply couldn't help. This is still a problem.
"I've got a similar problem with Instagram. Someone in SE-Asia has registered an account and I get the emails for it. But there's no way to contact Instagram to get them to fix it."
Sounds like an opportunity to have some fun. Take and post some really bad photos and a watermark with the person's name on it like it's theirs. Nothing too dodgy, just exceptionally bad like a takeaway burger or the worlds ugliest street cat. Be sure to apply at least 4 Instagram filters to each image.
I've had this problem for a few years. At first, it was fairly benign - CCed on some osteopath's correspondence. It was fun doing some amateur sleuthing, ringing around and calling the US (free on Skype and Google Voice of course) to get in touch with people.
Nowadays, the easy wins are sorted, and it's only the more insidious inaccurate sign-ups reported. What's worrying is how willing some organisations are to provide full biographical info about a customer, or even provide access to what should be fairly sensitive services - bank accounts, credit cards, mobile phone accounts, memberships of various clubs etc. At a glance, current emails in the "Wrong me!" category (notwithstanding any I've missed) has just surpassed 1,200...
It highlights the abject failure of almost every service to double opt-in or adequately confirm email addresses before adding an address to an account. Interestingly it's the social media organisations, particularly Facebook/Instagram and a handful of others, who proactively invite the recipient to click a link to flag their address as incorrectly added to an account - presumably this goes into a feedback loop to flag potential spam accounts. I've dealt with a rash of those on one client's business email address recently with loads of junk/spam follow Instagram accounts.
Crazily, the longest running saga is that of Microsoft and XBox accounts. For over five years, my address has been associated with an XBox Live account holder and Microsoft say not only do they not have a mechanism to deal with addresses incorrectly added on an XBox account, they have no means by which an individual can even speak to support to discuss the matter.
I've not bothered to start ringing Microsoft's Reading HQ yet, but it's not far off... I now have a dedicated GMail labels for this one person's MS XBL emails. Filing away the misaddressed emails has almost become a weekly ritual, I feel like something's missing if I don't get to do it.
It's not all frustrating though. I have had some particularly juicy stuff inadvertently sent to me... Criminal records and background checks were quite interesting...
Another me too. Like others here I've had my gmail account since when it was invitiation only and I get a steady (but not too large) stream of mails from the US, UK, Australia, South Africa, New Zealand and, once, the UAE. I've had a couple of wedding invitations as well as an invitation to a Christmas party (remember those from before Covid?), a report on some Australian guy's Uber trips as well as his (I think it's the same person given the location) luck on online dating sites and reminders about servicing his car. I've had legal documents from a firm of lawyers in S. Africa, a job contract from the UAE, and information concerning an application for universal credit from the UK. As well as a lot of crap about sports clubs, newsletters etc. from all over. In general the important or personal stuff I try to reply to the sender and then delete the email (I got a nice reply regarding one of the wedding invitations, and my replies concerning the legal documents and employment contract got a prompt thank you with a polite demand to delete the documents). For the univeral credit application I spent some time opening a ticket explaining that some poor guy wasn't getting any of the confirmation emails and, presumably, not succeeding with his application, and hopefully that was sorted out. For the rest I normally just mark as spam and forget it. In general it is more amusing than annoying, but I do wonder about all of my namesakes (presumably) across the world who don't know their own email address...
I get this a lot. Last time I looked, I found over a hundred people with the same name as me, but I have the invitation-only original gmail address. I've even been offered money for it.
I managed to track the most recent one down by emailing variations of my name, and they seemed quite grateful, and currently, touch wood, they are getting their emails, and I'm only getting mine.
I keep getting emails for someone with my name but I quickly determined from an email thread where his correct address was shown further down that his actual email address differs from mine by one letter.
Obviously as soon as I twigged I let him know. No reply. OK, perhaps he thought I was scamming him, what with having the same name and what looked like the 'same' email address. So next time I got one obviously for him I replied both to him and the sender. No reply. I did this a few times, changing the subject each time. Never once a reply. I started getting emails about his finances and other sensitive info. I tried everything but he never, ever replied. Now I just bin them silently. I tried...
Someone in New Zealand used my email addtess both on his mobile account and with a new employer. I found it impossible to make the minimum wage support staff of the companies involved understand what had happened and act on it and the emails continued to arrive for months. I eventually solved the problem by emailing a complaint to the boss of the phone company (whose address was conveniently on the company website). His staff quickly fixed their problem and contacted the employer to fix theirs.
This has happened to me quite a lot over the years. I've had my gmail address since 2004 and it is just email@example.com (it is an uncommon last name - every person I've encountered with the same has ended up being a distant relative).
If it seems to be a genuine important email, I will try to figure out the intended recipient or try contacting the sender. I've gotten medical appointments, dental appointments, stuff from lawyers, seemingly important orders for an artist (she seemed to be a very nice lady but her name was nothing like mine so no idea how she ended up using my email), etc. There have been plenty of other random ones (letting "Sue" know when the next choir practice was, etc).
The most troubling was a couple emails from Qantas about my flights that included links to modify/cancel the bookings. I did follow the links to see if I could figure out how to contact the actual customer and it did look like I could freely modify/cancel the booking without any further validation. I could not find contact info for the customer but did contact Qantas - it took them about a year (3 times reporting the issue) to remove my email from the account. As far as I know, they have not added any extra security (makes me WAY less likely to fly Qantas).
The most annoying was someone named "Samuel" who used my email to sign up for "every" payday loan service (for months, I got a slowly decreasing slew of spam from them (starting at over 100 emails per day)). Absolutely none of the services used any sort of email verification. A couple years later, he used my email again a few times (again for payday loans and something else but, fortunately, only a couple payday loan places this time).
I've had my GMail since the early days and I get a lot of this, particularly one who I think of as me if I was born in the US who signs up for a ton of things with my address and has even sent me a couple of mails demanding I give up my address as it should, I'm guessing, go to an American (?). Twat.
I dont do anything horrible with them, and if I get mails from things like schools organizing trips I always reply and let them know it's not for me, riveting as it sounds camping in the backwoods of Appalachia it's a bit outside my commute.
But it would be nice if he'd stop trying to use my f****ng address.
For the last three years I've been getting phone bills from the USA and Australia for accounts that are obviously not mine and are both "No reply" mailboxes.
But the most annoying one is Arsebook who think I'm an Indian Called Badli **sam.......and still keep sending me activation codes to "Reset" my password.
After countless times of trying to contact a human (If any actually work there) I had to set up another email address and change the arsebook one to that one so as to keep my mailbox a bit more secure........I've just given up.
I lie on stuff all of the time. I generally use an email I know is bogus. If anybody were to create that email account, they'd likely get loads of odd stuff right away.
Call me paranoid or call me cautious about releasing my info, but I lie constantly if I don't want some entity to have particular information. I could argue back and forth with them for ages, not do whatever it is I'm trying to do or just tell a lie and get on with life. I don't have interactions with the police very often, but I would tell the truth to them as they can and will check. If you start off by lying to a cop, you could wind up sitting in cuffs until they are satisfied that you finally did tell them the truth.
I lie on job applications too. I don't apply for things I can't do, but if HR is looking for somebody with experience in Catia CAD software, I'll say "yes, lots". The truth is I have used the company's other package, Solidworks. The difference is mostly on the back end document management but that's not hard to learn the first week. Drawing parts and assemblies is nearly the same. My goal is getting to the interview with the engineering manager and sod the HR flunky.
Yes, I have a Gmail account. No, I don't use it very often, it's just there as a backup if I need it.
Forget being so cheap and get your own domain or one for the whole family so you can create and control your own email accounts. This is coming from a Scotsman! Put a pry bar in your sporran and do it!
You get what you pay for with free email services. It might even go away if you fall afoul of their ToS. How many times has Google been spanked for reading people's email? Ever wonder why you start seeing certain ads that relate to something you've been emailing somebody about. How long is Google keeping these emails all ripe and ready to surrender at the first subpoena or just a nice ask from The Man?
In the mean time, if you get the chance, have some fun with it and stop being so concerned for your fellow man. They weren't all that bothered to double check they typed in the correct email address when they signed up. For Bog's sake, I'm always looking for a confirmation if I've signed up for something to make sure it's all gone through.
Biting the hand that feeds IT © 1998–2021