The dots do matter: how to scam a Gmail user https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html
Where is the security flaw here? Some would say it's Netflix's fault; that Netflix should verify the email address on sign up. But using someone else's address on signup only cedes control of the account to that person. Others would say that Netflix should disallow the registration of james.hfis...@gmail.com, but this would force Netflix and every other website to have insider knowledge of Gmail's canonicalization algorithm. Actually, the blame lies with Gmail, and specifically Gmail's "dots don't matter" feature. The scam fundamentally relies on the Gmail user responding to an email with the assumption that it was sent to their canonical address, and not to some other address from their infinite address set. - - - This has been a problem with Gmail for ages. Even if you are not scammed by crooks exploiting this, it can be a vector for yet more spam, not all of which Gmail will detect. Gmail users have long needed a way to control this feature, and to specify precisely which dotted forms should be considered as their valid Gmail addresses. --Lauren-- Lauren Weinstein (lau...@vortex.com): https://www.vortex.com/lauren Lauren's Blog: https://lauren.vortex.com Google Issues Mailing List: https://vortex.com/google-issues Founder: Network Neutrality Squad: https://www.nnsquad.org PRIVACY Forum: https://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Google+: https://google.com/+LaurenWeinstein Twitter: https://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 _______________________________________________ nnsquad mailing list https://lists.nnsquad.org/mailman/listinfo/nnsquad