Tuesday, July 22, 2008

Gmail address matching craziness

This is so crazy it must be blogged about. I got an email which I should have gotten even though it was not actually addressed to me. You are thinking that I am crazy because email does not work that way. Normally I would agree, but check this out:
An email sent to azechoski@gmail.com was delivered to me.
Note that my real address is: azeckoski@gmail.com

Here are the headers to prove it (chopped out some extra bits to protect the sender):
Delivered-To: azeckoski@gmail.com
Received: by 10.151.102.11 with SMTP id e11cs256039ybm;
Tue, 22 Jul 2008 11:02:35 -0700 (PDT)
Received: by 10.100.205.13 with SMTP id c13mr2655883ang.47.1216749755360;
Tue, 22 Jul 2008 11:02:35 -0700 (PDT)
Received: from mail2.stellaronecorp.com (mail2.stellarone.com [64.203.182.58])
by mx.google.com with ESMTP id c40si8810491anc.30.2008.07.22.11.02.34;
Tue, 22 Jul 2008 11:02:35 -0700 (PDT)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C8EC25.00DD8ED8"
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-OriginalArrivalTime: 22 Jul 2008 18:01:01.0106 (UTC) FILETIME=[E68D5920:01C8EC24]
Subject: Transfer
Date: Tue, 22 Jul 2008 14:01:45 -0400
Message-ID: <7925a85885c9454897dba459745e840d5aa877@west-exch1.stellaronecorp.com>
To: azechoski@gmail.com

Seriously, how cool is that?

2 comments:

Steve Swinsburg said...

And I was wondering where all my email was going to, see I have the azechoski@gmail.com address and you were getting it all thanks to google ;)

Not really, but I wonder if this really is super-cool address matching or a super-serious privacy issue? I think emails should always go to the intended recipient, spelling mistakes or not, and not be left to chance.
Interesting though!

andy said...

While I don't doubt for a second that google thought that this could be a nifty feature (I'm more in line with Steve Swinsburg and think this is a security issue waiting to happen) the headers you paste doesn't really "prove" anything.

The To: field in the header is created by the sending MUA and could contain whatever (including nothing) as the recipient address is determined by the RCPT TO field in the smtp-transaction and not by the contents of the email (the mail server, or mta, shouldn't even look at the contents of the mail).

Just sayin'