Ask Slashdot: What To Do With Misdirected Email?

An anonymous reader writes "My Gmail account is of the form (first initial).(middle initial).(common last name)@gmail.com. I routinely receive emails clearly intended for someone else. These range from newsletters to personal and business emails. I've received email with various people's addresses, phone numbers and even financial information. A few years ago I started saving the more interesting ones, and now have an archive of hundreds of emails directed at no less than eight distinct individuals. I used to try replying to the personal ones with a form response, but it didn't seem to help. To make matters worse, I frequently find I can't use my email to create a new account at various sites because it's already been registered. Does anyone else have this problem? Is there any good way to handle this?"

Re: Get a real mail account

[PlusFiveTroll]

Never use a catchall. And I repeat, never use a catchall. It's better to use a hosting service that allows you to control alias accounts easily and quickly. If someone types a non-existent address they are suppose to get a bounce email.

Catchalls also create some unique bad situations. A number of years ago I had a small client who had a domain similar to a large university. They had just a few accounts on the domain and in general received around 20 emails a day and ran a catchall to get mistyped addresses. When they came in to the office and had over 35,000 emails in the inbox we new something was wrong. A spammer was 'confused', or something and thought the domain was part of the university and was sending mail from a@domain to zzzzzzzzzzzzzzzzzzz@domain and every possibly name and combination in between. It was coming from thousands of different IP addresses and hundreds of connections per minute.

We had to turn off catchall and implement a SMTP policy of instant disconnect in the RCPT TO: header to stop the flood. After around a week the barrage stopped.

Re:Well, for your second problem...

[CBravo]

I call that abuse... It is illegal in my country (having a password does not authorize you to enter, similar to finding a key on the street). Second: It is unnice to other people who make a mistake.

Would you do that to someone you know?

Lawyers. Who needs 'em

[sedmonds]

Quite a few years ago I had an e-mail account with my ISP, and it received an e-mail from a lawyer to their client, which contained some personal information. I replied, to let them know that it hadn't reached the intended recipient. Shortly thereafter, that e-mail account stopped working for me.

I hadn't used the account for anything even remotely important, so I didn't bother trying to get it back.

Re:Get a real mail account

[FatLittleMonkey]

I don't personally know anyone who has lost their GMail account,

I have. It also locked up every google-owned service, such as blogger/blogspot, (and presumably any 3rd party site that uses a google-account for login.)

Sent in the official challenge-form via another email account, next day the block was lifted. Still have no idea what I was actually meant to have done. The only thing I can think of was logging in from someone else's computer (I was at their place when I was blocked) which is surely the whole fucking point of having webmail.

Re:No problems

[slashdotjunker]

In that case, use an e-mail based password reset, set a new password, and done, as far as having registered for the site, or contact the site's support.

This is bad advice. Do not interact with an unknown account opened with your email address.

A successful login from your IP address may be construed as assuming ownership of the account. They might try to collect money from you. Or, the account may have been used for illegal activities which are now linked to your IP address.

Never assume ownership of an unknown account. All communications (if any) with the account management should clearly state that you are not the account holder and are not responsible for the account. In particular, do not ask for the account to be closed. Asking the company to take action on the account may also be construed as assuming ownership of the account.

At best you can send an email stating you are not the account holder. Then put them on your block list. Do not get more involved than that.

Re: Get a real mail account

[nine-times]

I think you're misunderstanding the discussion. If I send an email to a non-existent email on your domain, your email might accept the email transmission and then send a bounce in return, which will notify me, the sender, that the message didn't go through. However, this setup will unfortunately produce backscatter-- i.e. in cases where spammers are spoofing real email addresses, the owner of the spoofed email address will receive non-delivery reports for emails they didn't send. If, on the other hand, your domain has a catch-all account, then your server will accept the message fully, and not send a non-delivery report. This eliminates backscatter, but now I, a legitimate sender, will not receive a notification that their emails didn't go through.

However, if you reject the email during the SMTP transmission, then my mail server, being legitimate, will notify me that the message was not transmitted. However, your mail server will not actively be sending non-delivery reports, so there will be no backscatter. The only downside to this configuration is that it creates a potential for directory harvesting-- i.e. spammers can attempt to email every permutation of email addresses and take note of the email addresses that do not cause the connection to be terminated, thereby determining which email addresses on your domain are valid.