Google freely admit that they have no way to stop other variations of a Gmail address receiving emails. For example, today I have received an email intended for someone else – it’s just their Gmail address doesn’t have a dot between the first name and last name, as mine does. I now know this person’s car’s VIN number. I find it staggering that Google have not plugged this massive security hole.

Google’s servers ignore dots and always have; you can’t create an address that’s the same as another with different dots. It’s more likely that the other person has the same as you with a number (or a different number) and it’s been typed wrongly. You can’t blame Gmail, all they’re doing is delivering the mail to the address it was sent to, it’s the sender or whoever gave them the address that’s to blame.

What GreyBeard said this is the equivalent of someone sending a letter to the wrong address.

I am confused. Are you suggesting that if my address is frank.sintra@gmail and franksinatra@gmail accidentally gives out the wrong address to DVLA, Google should know that and intercept it? How does google know that it wasn’t me requesting the VIN?

you can’t create an address that’s the same as another with different dots

So how come I was able to set up my firstname.lastname address when gmail launched 15 years ago but I’m receiving someone else’s emails addressed to the firstnamelastname version?

So how come I was able to set up my firstname.lastname address when gmail launched 15 years ago but I’m receiving someone else’s emails addressed to the firstnamelastname version?

It’s either spam, or they gave the wrong address/whoever they gave the address to read it wrong.

firstnamelastname IS your address (an auto-alias as gmail ignore the dot), it’s not that they have it and you’re getting their mail, it’s that they have a similar address but the sender mistyped it and sent it to you.

I get sone guys Amex statements* and notifications, his email address has one letter different to mine and often people mistype it, I sometimes get other emails for him too, it’s not a gmail security hole, it’s a numpties sending emails to the wrong address security hole.

* I’ve tried soooo many times to sort this but Amex are apparently incapable of either understanding or fixing it.

The email looked genuine regarding linking Gmail to the person’s mercedes me account. The email came from the @mercedes.me domain and as I mentioned lists the car’s VIN number. Seems odd the intended recipient would provide an incorrect email address.

Seems odd the intended recipient would provide an incorrect email address.

They probably didn’t do it on purpose.

I doubt they provided an incorrect email address. More likely the car dealers put it in wrong. When buying a company car, I once had the salesman ring me up and ask how to spell veterinary. This despite it being in the address I had given him to register the car and surely access to google! Bunch of numpties.

Seems odd the intended recipient would provide an incorrect email address.

But will have been what happened, probably by mistake. Either misspelling it or missing a number from the end or similar.
As others have said using . in a gmail address gets ignored (can be a semi effective way to identify sources of spam although depends on them not stripping it out).

The other could have been created as a googlemail address and when Google merged Gmail and Googlemail it all went to pot.
I’m receiving similar stuff and they can’t stop it. I’d registered my address years ago, so it isn’t a new thing, but over the last year someone with a similar address has been doing a lot of renovation as a load of order confirmations for furniture and soft furnishings have arrived!

Royal Mail freely admit that they have no way to stop other variations of a postal address receiving letters. For example, today I have received a letter intended for someone else – it’s just their address is slightly different to mine. I find it staggering that the Royal Mail have not plugged this massive security hole.

Ok, thanks all for the wise words. So as well as “dots don’t matter”, “no dots don’t matter” would also apply? I think I get it. Apologies for being thick.

Well the good news is you now have a free Mercedes if you want one 😀

Given that some numpty gave you its login!

So as well as “dots don’t matter”, “no dots don’t matter” would also apply?

Correct – dots are ignored, so trail.rider.jim is treated as trailriderjim. But in this case, the email should probably have been sent to trailriderjim6, and the sender forgot the 6. I get invited to play rugby in Hong Kong due a similar error.

Did you go? 😁

These kind of mistakes can have serious consequences – imagine mis typing Buttle instead of Tuttle.

kind of on the topic, you can add a modifier onto your email address (without creating a new email) using a “+” symbol and a few letters after it when you give it out, lets you filter/sort email easily, and determine who’s passing round your info.

eg if you’re john.smith @ gmail.com, and sign up to stw as john.smith+stw @ gmail.com, any emails sent to that address will end up at john.smith @ gmail.com. If you start getting spam and in the header it’s been sent to john.smith+stw @ gmail.com, then you know who to blame..

Funnily enough I have exactly the same problem.

My gmail address is firstnamesurnameh at gmail.com (I’ve had this since gmail first started) lately I keep getting emails clearly meant for someone else.

I was working out from the clues that the person concerned lived somewhere in Texas, has recently bought a new car, has applied for credit, has bought electrical goods with extended guarantees . . . Etc etc.

Eventually I got an email meant for him that showed somewhere in it that his email address is firstnameDOTsurname at gmail.com (which shows that either you can create an address the same as an existing gmail address but with a dot in it, or you can’t, but he thinks he did?)

Not sure if he ever gets mail meant for me . . . .

Eventually I got an email meant for him that showed somewhere in it that his email address is firstnameDOTsurname at gmail.com (which shows that either you can create an address the same as an existing gmail address but with a dot in it, or you can’t, but he thinks he did?)

Not sure if he ever gets mail meant for me . . . .

Correct, you can’t but he thinks he did.

firstnamesurname @gmail.com is the same as firstname.surname @gmail.com so the two can’t exist as seperate mailboxes belonging to different people. Emails meant for him are being delivered to the email address he’s given people. Everything is working exactly as it should. Just like the woman who gave people my phone number instead of hers. I eventually found out that they were identical except for the last two digits, mine was “07XXXXXXX67” and hers was “07XXXXXXX76”. If someone sends her a text and it comes to me then it’s not the fault of Vodafone, or a massive security flaw in the mobile network, it’s just one user making a mistake.

I now know this person’s car’s VIN number

I’ve got easy access to several thousand car VIN numbers, as has anyone wandering around any public car park. Along with the car reg. number. Not sure what different it makes.

I received an email that contained some family photos (all clean), meant for someone with the same name as me who lives in New Zealand. So I sent them a family photo in return.
You could always email them your VIN number.

VIN number

I bet everyone typing this also talks about PIN numbers.

Grrrr.

https://en.wikipedia.org/wiki/RAS_syndrome

DickBarton

Member

The other could have been created as a googlemail address and when Google merged Gmail and Googlemail it all went to pot.

Don’t think you could mate, it was just a different domain name on the same system.

I’ve had dozens of these over the years. Mostly either misspellings or where they’ve had to stick a number on the end (because I got there first) and they forgot to include it.

Ignoring dots in the address is not a security issue.

So are we going with….

“(Very) poor thread title choice”

(Very) poor thread title choice

or “Keyboard-chair interface error”.

The other could have been created as a googlemail address and when Google merged Gmail and Googlemail it all went to pot.

As above, gmail and googlemail are the same, but there was initially a copyright issue or something in the UK and they couldn’t use gmail as their domain. My address still works with either domain.

@vinnyeh

eg if you’re john.smith @ gmail.com, and sign up to stw as john.smith+stw @ gmail.com, any emails sent to that address will end up at john.smith @ gmail.com. If you start getting spam and in the header it’s been sent to john.smith+stw @ gmail.com, then you know who to blame..

Can you explain that a bit more please?

Can you explain that a bit more please?

Gmail will effectively ignore anything after the + and still send it to johnsmith.
So you can give singletrack johnsmith+stw@gmail.com as your email address and pink bike johnsmith+pink@gmail.com as your email.
It will still get sent to johnsmith@gmail.com but you would be able to see from the too address which variant it used. So if you suddenly start getting a bunch of emails to johnsmith+dodgycompany@gmail.com you know they handed out that email to others.
Of course, if the spammers are clever they can strip that out.

These kind of mistakes can have serious consequences – imagine mis typing Buttle instead of Tuttle.

You called?