Looks like Google has a dirty little secret. Gmail emails have been routed incorrectly to the wrong recipients. I’ve been receiving emails for a woman whose email address is similar to mine, minus a period between the first and second half of the username. So I thought people were accidentally adding the period – turns out that’s not the case.
I got another email for her today from a website and thought that there’s no way she’s giving people the wrong email address across the board. Checked the headers, and yes indeed the emails are going to the wrong account.
I went into Gmail Help and filled out their contact form. So far all I’ll gotten is an automated response. So I checked out the Gmail discussion boards, and, wouldn’t you know, there are over a thousand entries about people getting wrong emails. This bug looks to have been a known issue for quite some time, so why hasn’t Google done anything about it? Or even better why haven’t they at least notified users with similar email addresses that there is a possibility that their emails are being routed incorrectly?
I couldn’t imagine what would happen if someone out there had personal information in an email that would then make it possible for someone to steal the other person’s identity if they accidentally received the email. I’m not talking about social security numbers, but more like the answers to standard security questions or little things that can help you inpersonate someone. This bug allows for some wicked social engineering to occur.
Sharing information is in Google’s DNA, so when they go into a space where they need to keep information private can they do it? Can they make sure that if there is a breach in security they are equipped to take the necessary steps to rectify the situation? So far I haven’t seen it. And now they have a product where they hold on to my credit card number, Google Checkout. Hmmm…after this mix up, I don’t trust them with it.
Update – 29 February 2008
I logged into my Gmail account today and saw a little tiny link next to the address in “To” field with the username without the dot. The new Gmail help center faq now says that the email is routed correctly and that there is no other account using my username without the dot. So I wonder what happened with the other person’s account. Did they try to create the account and never realized it wasn’t actually created? And why didn’t Google ever send me an email with this information after I had requested account support? Hmmm…not very good with customer service when it’s not related to advertising it seems. Or maybe it’s just that Gmail is undersupported.