Yeah, the problem with real name email addresses has gotten much, much worse. The easier you make it for someone to guess your email, the easier it is to get into your account. Obligatory XKCD.
(Over and over I amazed at how little concern Dopers have regarding basic computer security.)
So then why don’t all of us with names as email addresses have all these terrible problems (which I guess will result from having our email hijacked somehow), ftg? If you want us to be more security conscious maybe you could give us information instead of insulting us.
Then why does every large and small high tech engineering company use some variant of name@company.com?
Over at the Comics I Don’t Understandblog the owner’s name is Bill Bickel. He frequently tells the saga of “idiot Bill Bickel” a different person with the same name who constantly gives out the wrong email address.
That is nonsense. I think most Dopers (and not just them) are smart enough to not get phished. And that’s basically what you are saying.
Tell you what–I wil give you a my email address and I will guarantee that (per password experts) it will take you 300 years to figure it out.
Same here!
I’m also getting the impression that there’s not much point in trying to change my email, since there doesn’t seem anyway to escape this problem short of setting up my email from a personal domain. Which I don’t care enough to do.
So apparently one of the guys who uses my email address is a rich douche bag realtor from the Houston, Texas area. I got two emails today. One for a quote for repairing his gold, 2005 Jaguar XJ8L. About $2k. Then a quote for a $12k roof repair that lists his ‘work’ email which shows me he works in real estate. Fairly positive this guy is different from the pornhublive one. I still haven’t worked up the nerve to log on and actually watch a webcam on his dime lol
Edit: And I forgot to mention. The company quoting the roof repair is called “My God Moves Mountains”. What the ever loving fuck Texas.
I haven’t gotten many misdirected emails, but some of the ones I’ve gotten have been doozies.
Somehow my email address got on the mailing list of what appeared to be a 12-year-old girl. (A glimpse into the 12-year-old mind is a frightening thing.) I nicely wrote to inform her and ask her to remove me. She responded with a hateful obscenity-laden grammatically-challenged message.
She called me “stoopid” :(.
I went all highly-educated technically-savvy on her, threatening to cause her to lose her email account. I’m sure I scared the crap out of the little brat.
Another time, my work email included a message from the female half of a cheating couple planning a rendezvous. I let her know she had the wrong person. Never heard another peep from her.
Because the decision was made by HR, not by people actually understanding security. HR hates weird, incomprehensible email names.
And there’s a ton of ways an email account can be compromised other than phishing. And new ways are discovered all the time.
One simple example: Yahoo! has been repeatedly breached recently and email accounts and passwords stolen. Presumably those lists are available online in certain markets. Someone looking to target Rufus T. Firefly will look for obvious account names. But if RTF’s account name was sugarisassugardoes, are they going to know that?
One of the simplest methods is to just call the email provider, say you got locked out of your account and lay on the BS. It is amazing how often a CSR will fall for this.
Security breaches, like a lot of accidents, involve a chain of events. All too often people automagically assume that they can be weak in one link since those other links will protect them. Bad idea. Always take seriously all steps in security.
Again, I find it incredibly that such basics of online security aren’t taken seriously by Dopers.
I get this every so often. There are a few people out there who don’t seem to know their own email address and don’t care. And the thing is, they’re not signing up for frivolous things, but serious things. (Bank statements, credit cards, loans). It’s also a pain when you try to get it removed. I’ve called companies to change the email address (I really shouldn’t be getting their notices that the car loan is due and that person probably should know). And the company wants to know what the password is, what the person’s mother’s maiden name is, what the right email address is, etc. I, of course, know none of these things because it isn’t my account, it’s not my mother, and I have no idea where the email is supposed to go - just that it isn’t supposed to go to me.
The weirdest set of mail I got were plans for a family reunion. Someone guessed at what their cousins’ email addresses might be and it took a while to get me out of the email chain.
Again, can you give an example of a professionally appropriate email address that someone with concerns about computer security would use?
I think you’re painting with too broad of a brush. And plenty of email providers have security questions that must be answered. There is no way that someone is going to know my first room mate’s name, or the name of my first pet. Or the make and model of my first car. If they can figure those out, then my email password is the least of my concerns.
In addition to the aforementioned periods Gmail ignores anything after a plus sign. So, apollyon@gmail.com and apollyon+foo@gmail are treated as the same address. (Not my actual Gmail address, which is of the firstname.lastname type.)
I’ve used the plus suffix a couple of times when I’ve needed to register a different address but want responses coming to my usual inbox.
When I tried to sign up for eBay years back it told me my Gmail address was already in use… but sending an “I forgot my password” email never sent me a reset link. It appears that someone signed up with my address (which became their login) but then corrected their email inside eBay. I was able to sign up with a “plus” version; different address as far as eBay was concerned, but delivers mail to my usual place.
Again, surprising level of naiveté. There are scads of ways to get around security questions, esp. if there’s a CSR involved.
This mentality of “It’s okay to make a poor security decision here since what are the chances of the other security links failing?” is exactly how bad security arises. Exactly.
You take precautions every step of the way or else.
And what solutions do you have, other than just telling us we’re all shockingly naive?
And make sure that solution covers what is probably the worst security issue of all - the fact that people need so many different passwords, with so many different rules, that have to be changed so often that it is inevitable that there is going to be a post-it somewhere with all the passwords written down. You can say that’s a poor security decision- but I say that making security rules without accounting for the human factor is the poor decision.
I’m sure his solution will be to reiterate how shockingly naïve we are.
Got an interesting one today, for someone with same lastname, but different first initial, so I’m really not sure how it came my way. It was an invoice showing that he’d paid for some tix for a game this weekend in the Women’s NCAA tournament.
The really weird thing was, the guy’s real email was printed on the invoice! And his email was nothing like mine - it was based on his street address. (Which I know because his name and address are on the invoice.)
I emailed the sender (a college athletic department) back, cc’ing the email on the invoice, noting that if they were going to send the tickets by email, they should send them to the email on the invoice, rather than mine, because I wasn’t that much of a basketball fan, the game was going to be halfway across the country from me, and the guy who paid for them would surely enjoy them more than I would anyway.
They responded (to both addresses, thank goodness!) by telling me the tix would be available for pickup at the site of the game, with details to follow in another email.
If they send me that email without cc’ing the other guy, I’ll forward it to him. Don’t want him to miss his game. 
It is certainly not hard to come up with a non-identifying user name. Why bother telling someone so incredibly obvious. I assume Dopers are smart enough to figure out such trivialities on their own (esp. based on User Names here).