I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.

I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown

I had the same issue with my Hotmail address. I know the address and password, but Microsoft won’t let me login. And they ask ridiculous things like, what emails are in the inbox. I haven’t used this address for 20 years, I just want to access the Hotmail address from when I was a teenager.

Gmail is a throwaway email. I lost my SIM and hence can't log in anymore.

Never ever rely on Gmail.

I had this issue with my alternative account. Despite my main account being associated (not by recovery, I think this predates that feature), and most messages being forwaded to my main I was never able to successfully recover the credentials.

> I will never use their services again, I was really digusted by this failure

Isn’t this inherent to not choosing an (EDIT: external) account-recovery method?

The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)

> seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.

I had the same problem with GitHub's backup codes not working: https://news.ycombinator.com/item?id=35735996

Wait a second - if you have gsuite it isn't a regular gmail account. Did you talk to gsuite team? If you even paid there is real support.

Whoa, I noticed something similar. I was updating my password or something a few years back and decided to test the backup codes too. They didn't work. I don't know what went wrong but that got me worried a bit.

Are you based in the EU? You should be able to file a GDPR request for your data.

Back up your seeds! Aegis for Android lets you do encrypted exports.

Yikes. This post is an unsettling reminder that gmail is a single point of failure in my personal and financial security.

This is exactly what happened to me on Dropbox, where even the backup codes did not work.

I am fearful of losing my first.last@gmail.com and last.com access presently. Any Google Wallet/Payment folks that might help me..? Please see email in profile if so. Would really appreciate it.

Story is I started a new job. I tried to add a corporate address for a corporate card to Google Wallet. This tripped some security indicator requiring me to upload government-issued ID. I did so twice without it working despite first/last/address match. I have tried also submitting an employment verification letter with the corporate address. Haven't heard back on the last attempt.

I have also written but I have low hope that'll work. (Update: Nope, "Billing and Collections" isn't "Payments" but at least they wrote back).

Because of the incomplete verification, all Google service payments are rejected right now. I am presently frantically emptying my Google One storage to get back under the free tier before my paid One subscription runs out. Literally, because I cannot submit a $2 payment I am right now removing attachments from 20 years of correspondence.

This stinks. I just need a human to review what I submitted given the above context. There should be some middle ground between rejecting a new credit card address and de facto locking down someone's entire collection of Google services via manufacturing an inability to pay.

I'm paranoid and print off my TOTP key for each account I make that might matter in any way.

Save a picture of the TOTP QR code and print it out.

You think that sucks, my childhood angelfire is gone.

> I will never use their services again, I was really digusted by this failure

Was there ever really an agreement that they'd be storing your cherished memories for decades? I still treat email the same way I've done since the 90s. Your email provider is just a cache but you download and backup the messages yourself.

Hopefully this has been a wake up call for you. If you care about data then you need a copy that you control and have a good backup plan.

> I will never use their services again, I was really digusted by this failure.

Without such measure anyone with your password could "reset" your 2FA.

The solution to "I may lose my 2FA" is not to make GMail a 1FA: it is to configure beforehand your GMail so that if your account is inactive for 6 months, access to your account is given to a person of your choice. It's so that a death spouse (for example) can eventually access the account.

in my experience, in/out porting with google is super quick and works great. It costs $20.00 IIRC. I port my primary phone number around to avoid unlawful surveillance, handy tool in the bag.

I have a first.last email, but it's created quite the interesting situation. Turns out some dude in Australia has the same first+last name as me, and he's been using firstlast@gmail.com. As far as I can find from Google's documentation, the email with no dots should be the primary and the one with dots an alias, but I'm guessing because I registered mine ages ago (back in 2006) it takes precedence. I have no idea how he hasn't noticed that his gmail emails are going to another inbox - maybe Google delivers them to us both or something? Regardless, I've gotten very personal emails (like from his therapist) and tried to reach out explaining the situation and asked these parties to let him know he needs to stop using that email, but to no avail.

Honestly the one who is at fault here is Google. If first.last and firstlast are treated as aliases, they straight up should not allow people to create them once the first exists, rather than just send emails to someone else. I've tried to respect my Australian brother's privacy (like not reading his therapist's emails and such), but not everyone is gonna do that.

A bit off topic, but changing your name when getting married is so strange to me. It is not at all common where I live (Belgium), in fact I don't think I personally know a single person who did.

Yeah, I imagine this will help a lot of people who created retrospectively-cringey email addresses in their youth, but kept them over the years because of inertia

> After changing, Google details that your original email address will still receive emails at the same inbox as your new one and work for sign-in, and that none of your account access will change.

You can take this to an extreme (like I do) and use a different email address for every party with whom you communicate. It makes it rather obvious who leaked your email address, and also easy to shut them out (looking at you ActBlue!). It also leads to some amusing personal interactions. I once rebooked a cancelled flight on JetBlue at the ticket counter. When the agent saw my email she said “wow, you must really like JetBlue.” I just nodded but I was laughing inside because it’s definitely the opposite!

As a hiring manager, I just want to give you a heads up that we are getting tons of fake applicants—like 5–10%—that end up being a real person on a video chat isn’t some AI assistant that uses a teleprompter interface to tell them what to say.

Usually by that point you catch them, but your recruiter screen might not etc. So now all the main HR tools are using “age of email” as one possible signal to detect fraud.

I’m sure you’re fine if your email is real (in my experience they all resolve to Onvoy LLC instead of a real cell provider), but just something to watch out for. Wouldn’t want to get overlooked because your email is brand new.

(If you’re curious about motive as I was, since of course it’ll be obvious when you start—in a lot of cases it’s that procuring an offer letter helps you obtain a visa.)

Stay tuned I have a pretty cool project I plan on launching very soon. It takes the email alias to the next level, using them as meta tags to actually allow users to trace the source of shady data exchanges. I'm working on the guide and I'm hoping to actually start a community effort here to hold companies accountable for responsible use of PII

Hm interesting, do you want to tell why this helps out a lot perhaps?

It might be an iCloud+ feature only, but if you're on a Mac - you've already got the ability to generate virtual email addresses on the fly.

https://support.apple.com/en-us/105078

iCloud Hide My Email is pretty good for this.

I switched to fastmail, it imported all my gmail mail quickly, and it gives me virtual emails.

myjobapplicationhasbeendenied-1582-timesalready@gmail.com will certainly end well.

Why not just set up forwarding on 2 of them?

Branding and marketing. It makes it crystal clear how popular it is.

And gmail.com isn't "running low" on addresses, I don't even know what that means. Whatever TLD you'd prefer, just append it to your username instead. Exact same amount of uniqueness.

No it isn't.. it's firstlast@gmail.com [Dots don't matter in gmail addresses](https://support.google.com/mail/answer/7436150)

No, I think what's happening is someone else is confused what their email address is. With Gmail, dots are not significant; any email address with dots is equivalent to the email address without any dots. (So you may have signed up as first.last@, but your email address under the hood is really firstlast. You can also send mail to your f.i.r.s.t.l.a.s.t@gmail.com, and it will be delivered to you.)

I expect that someone else with the same name as you occasionally (or all the time) forgets that their actual email address is flast@gmail.com or lastfirst@gmail.com or some other similar combo, and enters your email into signup forms. Or has friends who guessed their email address and got it wrong. Or something.

That other person doesn't have access to your information.

> I thought that a Gmail account that was first.last@gmail also allowed for email sent to firstlast@gmail (no period) to reach my inbox as well.

Yes, and you've received email that was addressed like that ... so what's your issue?

> I’ve wondered if this person has access to any of my information?

Yes, because "this person" is you.

Handy tip for software testing - Gmail ignores everything after a “+” in the address. So when you’re testing different accounts in your software you can use <youremail>+1@gmail.com, <youremail>+2@gmail.com, <youremail>+3@gmail.com etc. to create many different accounts in the software that all go to the same email address.

> I’ve wondered if this person has access to any of my information?

No. They have just told someone your email address and that someone has sent you stuff. Anyone can do that, if they dream up your email address. People having the same name are a lot more likely to do that.

Happened to me as well. I was the first one of the 50 people or so carrying my name to register "first[.]last@gmail.com" back in 2004. At least two of my namesakes have since mistakenly used my email address. Some people just aren't very detail-oriented.

I sign up with a different email address on every website. (I have a catchall at my domain, rather than using plus-addressing.)

The results are more boring than you think. Almost no one leaks my address. A couple have been hacked, but almost all of those are widely known. (I did discover one early and help Troy Hunt validate a leak.) At least one Kickstarter campaign has shared my address, as has a local business. But that seems to be the extent of it.

I still do it, because I did manage to catch those things, and because it reduces cross-site correlation. But yeah, there's less skeevy behavior than you might think.

You can do something like email+site@gmail.com and it'll be delivered to email@gmail.com with the site in the To field

mailbox.org hooked up to Thunderbird allows you to do so using custom domains. You can send and receive email as any string @ your domain.

I find that just about everybody is leaking my data. Either on purpose or accidentally. But at the end of the day I do want to order those online exotic vegetables and have very little choice of sites to do it in my country. At this point I don't care anymore. Maybe I should but in a sense it's too late. It's been decades of leaked information, I'm certain the advertising companies know me better than my friends. And still royally fail at selling me stuff. They likely use this info for more nefarious things.

I hate that 90% of the effort on the internet is about stealing information from users and serving invasive ads.

Huh. I have come to find the information about other tclancys across the world an interesting insight. Plus there was the time I was mistakenly sent a resume to review for a guy applying to become bank president; he didn't get the gig, but it wasn't because of the three or four paragraphs I sent him on spiffing up the thing.

What's stopping you?

I think they know about them they just don’t care enough to spend money on fixing them. They are still primarily an ad company today and their users are still primarily the product not customers.

It definitely sounds like it would make an easy way out for them.

Aren't email addresses reserved once you delete an account? Maybe that's what happened?

Hah, I had one of those. I paid $50 for a "lifetime email service" that later they wanted me to pay monthly for, so I had to bid goodbye to my null.net address

I have almost zero spam (that isn't filtered properly). Once in a while I catch a false positive in the spam folder but that's about it.

If you only get 2-3 you are lucky :)

I wouldn't know, I don't look at my spam folder.

Maybe 10 annually.