Comment by dividuum
1 year ago
Why is it even possible to create a new Google account with an email like 'user+suffix@domain' if 'user@domain' is already handled by google's mail servers and thus applies the plus-routing rules? Even in the non-exploity case that seems like a great way to create confusing mail setups.
A domain can freely move between mail servers. Google has a specific handling for a+b@domain.com, other servers might not. At the end of the day they are two unique email addresses, and that's how they should be treated across the internet.
I think this aliasing feature is too complex for its own good. Especially at Google's scale.
> user+suffix@domain
It's even worse than that. At least the +XYZ is specified in the email rfc. Google has decided even further that periods in the name also go to the cononical email. ie hi.my.name@google.com is equal to himyname@google.com and routes all emails to the second.
Another fun one is upper case vs lower case. I’ve been bitten by systems that are case sensitive, while the rest of the email world mostly is not.
I could swear I at least once received an email that was sent to myname.mydomain@gmail.com or something similar in my myname@mydomain email. It's been several years but I remember thinking that was fucked up and looking into the full email to see if there was any other explanation for me receiving it, which I did not find.
Google (and most email providers) also treat the user portion as case-insensitive.
Because of how old and legacy googles authorization system is. A “Google account” is just a string.