Yeah. Try using wildcard email accounts together with a uncommon TLD, and people ask me if I work at their place all the time.
Last time I booked a car at Hertz:
> Me: My email is hertz@capableweb.work
> Agent: Woah, you work here at Hertz? That's so cool
> Me: sure, can you remind me of the employee discount again?
So many email validations fail with a uncommon gTLD that I started switching everything to a .com domain instead. Sometimes I even get rejected when my email address contains the company name... "Sorry, your email seems invalid" is all I get, but changing one letter of the company name makes it pass the validation...
As a security person its hard as heck training (some of) our users to understand how basic domain formats work. We use a phishing simulation service, and outside of certain content,putting part or all of our company name in the domain but adding other words/underscores/etc is what tricks a lot of people. I tend to explain how it works in a basic format, and often you can see the light bulb go off when I point out how a subdomain works and why an underscore or dash creates a whole new domain anybody can register while a subdomain is something our company can only create/use (mind you, I'm not going to confuse them by explaining how this can be abused, these people i talk to about this are having enough trouble grasping the basics).
I registered .com domains with my kids' names when they were born, and when one of them discovered that they could get the email address gmail@hisname.com he was stoked. His friends don't understand how it's possible for that email address to work. As a practical joke, he always says "what do you mean? Doesn't gmail@yourname.com not work too?"
As a human who had to describe the internet, computers and email addresses to some of our older population, I agree, stuff is really hard for newcomers. Most of them barely understand the mouse abstraction, so getting them to understand some of the finer details of the modern computing world is a exercise in humongous patience.
This stuff is not really well made for normal people, to be honest. Just look at all the discussions and troubles (tickets, misunderstandings, security risks) related to email and hyperlink parsers..
It took me a while to know that FQDNs can (and sometimest must?) start at root with a period, meaning every address you've ever typed could have finished with a period (news.ycombinator.com.) and I recall some newspaper (NYT? News Yorker?) failing to test for that when people want to bypass their paywall.
And this is a valid email address apparently: #!$%&’*+-/=?^_`{}|~@example.com
RFCs/codified norms by tech people are just weird to normal people.
Please stop downvoting this. If not an unpleasant truth, it's at least a widely held perception, which must have a reason. (And I suspect that reason is because it's true ...)
> this is a valid email address apparently: #!$%&’*+-/=?^_`{}|~@example.com
If so, that's actually the same as #!$%&’*@example.com (mail user 'foo+bar' is the same as 'foo'). Many webforms/DBs don't know that.
> If so, that's actually the same as #!$%&’*@example.com (mail user 'foo+bar' is the same as 'foo'). Many webforms/DBs don't know that.
Actually, no. To the best of my knowledge (and I'd be delighted to be corrected!), that's merely a convention that lots of providers (including GMail) conform to, but it's not part of the RFC or standards.
Don't get me wrong - it irritates me when that very-common behaviour isn't supported (and, at the very least, `+` shouldn't be considered an illegal character). But it's also technically-not-wrong to consider `a+1@test.com` as different from `a@test.com`.
See your sibling comment for another perspective! (EDIT: which, to be clear, doesn't invalidate your point. Though it's worth considering, I guess, whether "only assigned semantics by the host specified in the domain" prevents user-tracking systems from calling "foo+bar@gmail.com" the same user as "foo@gmail.com". After all - if they're being interpreted "as" user IDs, rather than as emails, does that really breach the RFC?)
It's not really a different perspective. Sieve, which the sibling comment's RFC extends, is a mail-filtering script language for end-user inboxes. So it's perfectly reasonable for a user on foo.com, who knows that foo.com supports the `+` syntax, to write a Sieve script directing mail to "username+blah@foo.com" to a particular inbox.
In fact, that RFC specifically calls out that interpreting the `+` on non-local addresses is likely wrong:
> NOTE: Because the encoding of detailed addresses are site and/or
implementation specific, using the subaddress extension on foreign
addresses (such as the envelope "from" address or originator
header fields) may lead to inconsistent or incorrect results.
EDIT to address your second point:
> After all - if they're being interpreted "as" user IDs, rather than as emails, does that really breach the RFC?
Well, technically no, the RFC is about SMTP so if you're not writing an SMTP implementation, you're not breaching it.
But RFCs aren't the law, so whether you're technically breaching it isn't really what's relevant. What _is_ relevant is that a system that treats foo+bar@quux.com the same as foo@quux.com is making assumptions about how email works that contradict the RFCs that define how email works. Whether that's a useful thing to do in practice is an engineering decision with tradeoffs. E.g., it's probably fine to assume it for a whitelisted set of domains where you know it to be true, like gmail.
From doing agency/marketing work for numerous large corps, I can tell you that many have a straight up block on corpname on any email name or domain to prevent phishing.
Yes, I recently got a new chromecast, which now requires a google account to set up via the google home app. I knew I was never going to use this single-purpose account for anything real so I decided to make the name very descriptive and tried to put “googlehome” in the identifier but google would not let me get away with the string “google” anywhere in it. Ended up with “GewgleHome.”
Be careful using illegitimate car rental codes. Sometimes they look so cheap because they cancel a lot of your insurances, because your employer carries those insurances itself. So if you crash or the car is damaged, the clerk says, “Don’t worry Hertz Corporate will pick that up” but of course when they discover you are not an employee they will not.
I'm sorry, did you reply to the wrong comment? I'm trying to understand where "illegitimate car rental codes" comes from here, as I never mentioned that or anything related to it.
I agree with you, just trying to understand how it's connected to what I wrote initially.
If you use a discount code, say the Boeing discount code when you rent at Seattle Airport, Hertz will cancel any insurance off the price because Boeing covers those risks itself for its employees. But, if you’re not a Boeing employee and you crash, you’re not insured by Boeing and you’re not insured by Hertz.
On just meeting a girl in school whose last name was the first name of a lead actor in a popular TV show, I started blurting out “Are you related to X” and my brain was already sending X to my mouth before I realized no, stupid, that’s not how names work.
Turns out she’s a nice girl, and she answered happily, “no, but that would be cool”. I smiled back while I died a little inside.
It’s always possible the person figures out this is not right before they get to the juicy bit. But I’ve been wrong before.
My spouse got that a lot growing up, sadly she now sometimes gets another one since she took my last name. Thankfully the new actor is not very relevant anymore so it doesn't happen often.
In that case she tried to apply the discount via my email or something like that, but she said it failed. I blamed on it that I was a new employee and I'm a rush, so nevermind, let's proceed normally.
I'm not sure I would actually accept it if it went through, but I'm always curious to see if it works sometime.
My favourite is when the validation rejects anything with the service name in the email. I wonder whether it's to prevent somebody registering <anything>@<service> as a joke, or a really bad attempt at preventing <service>@mailinator.
Well that would have caused me problems when Oracle started requiring registration for some form of Java downloads.
They haven't spammed that though, I don't think I've ever received any actual email to the "oracleblowsgoats" address. Probably keeps any sales droids from even bothering with me as well.
It's because it is a common spam action to use <site>@<free_email> when blasting out stuff. It's also common to try and use <something>@<site> in either/or the to/reply-to fields for spambots.
I once owned "firstname.to" I figured it would be easy to tell people my email is firstname@firstname.to and have them use it, spell it right, and remember it.
Mine ends in .sexy, the looks I get are even better than when I used my .io one ;p and then if they follow up for my phone number it gets even better when I tell them as it ends in 6969.
Hell, booking.com will even tell you that "your address looks incorrect" (sometimes, I got it once out of two bookings made on a single day), if you dare to use your own domain .com. They used to nag me about "ohh, are you sure it's not tadzik_@gmail.com"? And I'm not sure what's worse.
You got nothing on my firstname@lastname.technology email.
Can't register at half the sites, and if you can register sometimes you can't log in. Banana Republic, in particular, lets me log in through one login flow, but not the one that's integrated into the checkout process.
Ah! What a coincidence — I registered my Banana Republic account with a gmail "+" email (eg, my_email+bananarepublic@gmail.com) as is my standard practice with retail accounts, and I have the same login issues. It's quite odd, but I'm glad it's not just me!
If they’re just warning but letting you proceed, that’s fine. They do that because they see looooots of people screwing up their own email addresses in a few common ways. Run any email signup with a general audience and any kind of volume and you’ll end up doing the same, to reduce the load on support.
It does work well. I used a customized version of https://github.com/mailcheck/mailcheck on an ecomm website and the amount of bounces due to typos went way down.
It is important to tune it a bit based on what you see after installing it to reduce the amount of bad suggestions.
My domain ends in .me which according to Aliexpress is not real. So instead of me having to manually unsubscribe, they got sent to the huge spam box that is gmail.
Which reminds me, I used to use me@myname.com but gmail’s UI gets weird when viewing emails from me as it uses “me” to indicate the owner of the gmail account.
Sometimes it is better not to be too clever. I built a CRM like app for the construction industry and used "inc.construction" and "inc.services" as the app domain. So customer would have
<business-name>.inc.construction
I thought it was clever, but people do not understand them. Everything is .com in their mind.
Mine is my name, like john@jsmith.com. The number of people who exclaim "I've never heard that one before!" surprises me. Obviously other people don't use it, because it's my name.
firstname @ (nickname for firstname) + (last initial) .net
And it's amazing how hard it is to explain this to people over the phone or in store for email receipts, etc.
I'm shocked how few folks seems to be vaguely aware that .net as TLD exists even though it's one of the original TLDs from when they were first created: https://en.wikipedia.org/wiki/.net
I have 2 email addresses because of that. I thought it would be good to have my and address at my own domain but if I could go back in time I would tell myself to just stick with the gmail address. For anything where I can type in my email address, it's fine. But if someone asks for it verbally, I just give them the gmail address because firstnamelastname@gmail.com requires no extra clarification.
Besides lots of other adresses i have forname @ forname-surname .de as an adress easy to understand. I totally understand your problems, I have this even with people who already have forename and surname on their screens, it's ridiculous.
Yes, I just posted something similar. My domain is initial + surname, and the most common response I get when giving my email is that the person hasn't heard of "that one" before.
To make matters worse, I chose a slightly uncommon tld.
I use first@firstlast.com and wasn't able to get the firstlast@gmail.com so I guess I'm just hoping I'm getting all my email. I will say that having my name be my email makes life /so much/ easier. Especially over the phone, "Yes, my email is first@firstlast.com, just like the name I just told you and/or is already on your screen when you pulled up my account".
My spouse, who does not work in an IT/software related field, has an email address that is firstname@lastname.com and quite a large number of people refuse to believe that such a thing is possible. There has been more than one instance where some person treated them as if they were so clueless that they didn't know how to properly format an email address.
Sorry maybe I missed the memo, but is this how things get “cancelled”?
I was just pointing out that the domain is tied to a sad history.
At no point do I advocate for/against using it, nor did I pass any judgment on people who choose to use it.
The only opinion expressed in my comments is that the way the British and American governments have behaved is bad. If you take issue with that, let’s discuss but please don’t put words in my mouth.
Yes, associating tangentially-related controversies with previously innocuous topics is how things get canceled. Bringing up topics like this on a post about emoji emails implies that you want the conversation to flow in a certain direction; that's how conversation works. It's only missing Twitter and the word "problematic."
Not everything has to be “cancelled” but if you are buying a domain, you should probably inform yourselves of what that TLD represents since people you’re communicating with might and might not look too favorably on its use.
Let's say you're running a startup and decided to be hip and get an io domain. You reach out to a potential major client who happens to be of Chagossian descent.
They probably wouldn't care for your interpretation of the domain, they just see you supporting the people who relocated their entire group of people from their native homeland.
So, yes, you should be well aware of what the io domain represents and who you're supporting when buying one. Because it might bite you in the ass down the line and could have easily been avoided by just getting a different one without a storied past.
No "cancelling" going on, but just like a lot of other things, it's a risk that should be taken into account.
> they just see you supporting the people who relocated their entire group of people from their native homeland.
I'll take "Things that you'll never have to worry about IRL for 1000$ Alex" This reads like satire. What cross-circles of people who happen to recognize the .io and know its associated with a TLD for a country or nation and also happen to not know it's other innate purpose of representing input/output? This is as ridiculous as worrying about having a brand with a .tv domain and a negative perception of those from the Tuvalu island.
I have purchased some domains for myself and my friends based on that rule, like rubinste.in, fedorovi.ch, or oba.ma (not real names). They thought it's cute but didn't hold them for long.
A friend with a last name that ends in ..skova wasn't so lucky as Vatican doesn't sell domain names.
