Gmail ignores dots in emails. That's great if you want to track spam, use complex filtering, or just want to have a bit of fun. But it can wreak havoc on you and your customers if you aren't careful.
I started receiving emails from a very popular service for an account that didn't belong to me. The service, as so many do, uses email as a unique login identifier. I'm guessing the other user created an account and mistyped his email as mine, but with a different dot construction. The service determined the email was unique (as their backend datastore didn't already have it) and created the account. This could be a big problem for the service. Not only did I receive email about the services this user was provided, but I could have gone online and requested a new password.
Read that again: I can with no technical knowledge what-so-ever get someone else's billing info or purchasing choices from this service.
I called the service, explained the situation, and they disabled the other user's account. I'm dubious, however, that my explanation of Gmail's addressing choices will end up with the right audience.
The moral of the story: I don't know how many other email providers ignore dots (or other symbols or constructs) from emails, but if you're writing an application that relies on unique email you better have some robust checking going on during account creation.
No comments:
Post a Comment