Yet another warning about entrusting Gmail (or anyone else) with your email

At the risk of beating the same drum again, I just want to reiterate my concern for anyone who uses an “@gmail” with your primary email.

Now, this could also be true with “@icloud” or “@some company name here” but since Gmail is the 8,000-pound gorilla in the room, and since I have first-hand experience with problems with Gmail, I want to raise the warning flag to others.

I still use my @gmail account, usually for anywhere that demands my email address but I don’t fully trust with my email address. So it tends to get cluttered with junk.

I decided to try to clean it out and make sure that the occasional important email (receipts, software licenses, etc) are easy to find.

So I spent a few hours last night deleting and sorting, deleting and sorting. I did this using Gmail in Google Chrome on my Mac.

Then I got this error:

When I clicked on the “Show Detailed Technical Info” it said “Numeric Code: 2”

When I googled for “gmail temporarily unavailable numeric code 2” there are a whole host of other people who have run into this same issue, with no real explanation of why, other than “Some algorithm at Google decided to temporarily lock you out of your own Gmail account, and now you need to wait to be allowed back in.”

How long? No one knows. Minutes? Hours? Days?

Will it happen again? Possibly.

If it happens multiple times are you risking getting locked out for longer? Maybe!

It was long enough that I lost the ‘groove’ that I was in, and decided to go to bed.

Since I was only about 1/3rd of the way through my email, I’ve been working on it again today (relieved that I was allowed back in), and trying to take more breaks, in the hope that whatever secret monitoring system Google is using won’t decide to lock me out of my account again before I finish.

(I suppose I could have avoided this by just letting all of my email pile up and paying Google for more space, but that isn’t what I wanted to do.)

The point here isn’t to debate whether or not we agree with this policy that Google has in place. I’m sure some could argue that it’s some kind of protection (although my account is already protected by a long random password and two-factor authentication, and I was logged in from my home I.P. address).

That’s not the point, and any debate that we might have about it is beside the point.

What is the point is that Google has the ultimate authority to decide if it wants to lock me out of my Gmail account, and there is 100% nothing that I could do about it. Yes, in this case it came back and I was able to access it again the next day, but I now have to modulate my behavior to try not to trip up some secret algorithm. (It’s not like someone at Google was sitting there deciding “I think something is up here, I’m going to block this account.” I’m 100% sure it was all automated. But it’s also 100% not documented and not clear what the limits are.)

Fortunately, this account is just many GB of mostly junk email for me, and I have a local backup via Horcrux anyway.

But it’s another reminder that if your email address that links to your online life (banking, credit cards, etc) is in the hands of someone else, especially if that someone else is Google, you better know the risks. Who would you turn to for help? Who could you contact for support? Are you a paying customer?

If you own your email domain, the worst that can happen is that you have to move it from one provider to another, but you’ll still have access to your same email address. If you have backups of your email, you can move it to a different email provider.

Just don’t put all of your eggs in someone else’s basket.


See also:

9 Likes

Absolutely spot on. I happen to have a personal email account under my own domain but… it’s registered on Google Domains (I can see a catch-22 situation here).

Counter argument: rolling your own email infrastructure is a pain and I’d say there are more risks of getting your postfix server hacked in some way than Google bots deciding you are a menace.

1 Like

@tjluoma

As you say, this can happen and does happen with different email services. I will say, out of iCloud, Outlook.com and Gmail, I find Gmail to be most reliable for me.

I also agree with getting a custom domain. I tried that with my family and it worked on some level, but it’s just easier to use the gmail address one is using for over 10 years. I personally a combination depending on the purpose.

My solution:

My family are now part of my Google One Plan which amongst extra storage also provides access to instant chat support with google. So if I am locked up, my wife can use chat and get me support etc. it cost like $20. I actually asked this very question in the supper chat representative after your reading your previous post on this forum

This is how I have reduced this risk.

Full disclosure: I do not personally know anyone who has been locked out of their google account. I know it happens but yet to experience it first hand or within my circle. There are over billion google accounts and I would argue 99% are working well 99% of the time.

Either way, I have Google One and I recommend people do the same. It’s only $20 a year for the whole family. Well worth it in my view

Wow. With only 99% satisfaction rate for 1 billion customers, that is 1 million unsatisfied folks! :grinning:

2 Likes

Valuable life lesson mate… cannot satisfy everyone :stuck_out_tongue_closed_eyes:

Oh, please understand that I am 100% NOT recommending that anyone manage their own email server.

But own your email address. Whether it’s with Google or Fastmail or iCloud or wherever. Own the email address. Once you do that, you have options.

If your online life depends on something like YourNameHere@Gmail.com (or you@fastmail.fm or you@icloud.com) and you find yourself locked out… you may find yourself with no recourse and no one to contact for help.

7 Likes

This is terrifying actually considering how much of my online life is tied to email.

I have a custom domain and have been thinking more about this post: iCloud Mail, Fastmail, Gmail: what are the differences? The Email Service Feature Comparison Table but I haven’t fully committed. As terrifying as being locked out is, I’m equally terrified of what it means to change a 15-year-old email address. Just off the top of my head:

  • Changing the email address for 250+ accounts
  • Updating these changes in 1Password
  • Informing all of my contacts of the change
  • Transferring thousands of emails to a new provider
  • Setting up email forwarding and auto response about new address
  • And probably lots of other things I’m missing

It feels like a Herculean effort. Do you have any tips on where to start, or know of any ways to automate some of this?

4 Likes

@tjluoma also just discovered that there is phone support available….

Is the Google Family thing part of a paid service?

Yes… I pay $20 a year for the whole family

https://one.google.com/

I use and love Gsuite with my company domain email.

If Google locks me, I can move the email to Zoho, Office 365 or any other 3rd party email solution within minutes.

2 Likes

I’m with you, TJ!!!

I primarily use the gmail for junk but I am not exactly invulnerable.

I appreciate the warning!!!

I was locked out once. I couldn’t recall my password. I didnt know what I was going to do. But the next day it was there working fine.

They do tell you about the privacy to your account. They are even into Android cell phones!

I own my own email address, but Google have hosted it for longer than I can remember. OK so far.

Then there’s Apple. Apple doesn’t have random rules that decide to lock you out, they simply make do with shoddy software that might stop everything working. Then again, you do get to call someone and that is FUN! If you’re lucky, they will solve your problem with one or even a few phone calls. If you’re unlucky it will go TO ENGINEERING. Then, even if they acknowledge there is a problem and even if they promise a fix, they won’t tell you when that fix is coming. They won’t even tell you when it has shipped.

But then… no email service I have tried (there have been a few) has come close to the utility of Gmail which, unlike anything iCloud based, does just work 99.99% of the time. iCloud’s percentage? I can’t do the maths but my iCloud Drive issue is into its 21st month. Still… there’s a fix coming…

1 Like

Yes, I expect that you’re better off than someone who is using a free account with Google.

At the risk of sounding trite, the best thing to do is get started.

Remember, you don’t have to turn off your old account and it’s not going to start bouncing emails immediately. So you don’t have to do this all in one day, or one week, or even one month.

(For ease of discussion, I’m going to talk as if you are moving from Gmail to Fastmail, because that’s what I did, but the process is pretty much the same no matter what you are moving from and to. I’m also going to assume that your new domain is “jaketheo.com” just for the sake of discussion.)

  1. Get your domain working at “Fastmail” (new location destination). Make sure it has a rock-solid random, unique password and two-factor enabled.

  2. Most email providers will let you create an ‘alias’ or use “plus addresses”. For example, if your email address is “jake@jaketheo.com” you might also be able to receive emails as “jake+gmail@jaketheo.com” or just “gmail@jaketheo.com”. Create one of these aliases or test to see if you can use the “plus address” system. Let’s assume “jake+gmail@jaketheo.com” for the examples going forward.

  3. Once you know it’s working, create a filter from ‘Gmail’ that will send a copy of all of your incoming messages to your “jake+gmail@jaketheo.com” address. Why?

    • Because you can easily filter all of your “jake+gmail@jaketheo.com” emails to a specific folder. When you find a new email in that folder, you know that’s a sender who needs to be updated.

    • Also, from that point on, you will have a ‘backup’ of all of your email messages sent to ‘Gmail’ at ‘Fastmail’. You can have ‘Gmail’ keep a copy, just mark it as read so you’re not reading the same email in two places.

  4. Now, think about those 250+ addresses, and find the small subset of them that are connected to anything financial (bank, PayPal, credit cards, Amazon, Apple ID). Any account you would be horrified if you were locked out of or if someone else was able to access, that’s your starting point. There’s going to be a lot fewer than 250. There are probably fewer than 25. Change those first and update them in 1Password. You can do that in a couple of hours on a weekend while you’re watching TV. Getting locked out of your credit card account is much worse than getting locked out of your Netflix account.

Create a new “signature file” for jake@jaketheo.com that says something like:

Please note! Effective immediately, I am no longer using my old email address jaketheo@gmail.com. Please update your address book/contacts with my new email address or else I may not receive your email.

Ok, yes, technically it’s very close to a lie, because you haven’t blown up your old email address, but you need to get people’s attention that this is something they need to act on now otherwise, they’ll put it on their “someday/maybe” list which is another word for “probably never”.

Start sending that out at the bottom of all of your new emails. People who care will see it and act accordingly. A startling number of people use autocomplete and will keep sending emails to whatever address comes up when they start typing your name. But most people will just ‘reply’ to whatever address you email them from, so as long as you email them from that new address, they’ll eventually catch on, whether they realize it or not.

And if they do send an email to your old address, you’ll see it in the special folder on your new ‘Fastmail’ account, and you can email them back and say “Hey, I’m glad I saw this, but just as a reminder, my new email address is jake@jaketheo.com.”

You probably don’t need to tell all of your contacts this information. Like the small handful of ‘crucial’ accounts, you want certain people to be sure to have this information. For the rest, you can tell them the next time they email you and you respond from the new account with the new “signature” at the bottom of the email message.

Do you really need those? I mean, maybe you do. Maybe you delete all unimportant emails and have thousands of important emails left over. But the majority of the email that I get is not all that useful after a week or so. There are exceptions of course: software licenses, epic poems from your high school sweetheart, that really funny email that your friend from college sent.

Again, unless you plan to shutter the old account, you’ll still have them in that account. What would be the worst thing that would happen if you lost access to them?

Personally, if it’s in my “Keep” mailbox or it’s got an IMAP “flag” set, it’s an important email. Most of the rest are not.

But let’s assume I’m wrong. Let’s assume that you need 100% of all the old emails that you have. You have two options:

A. Download and archive them locally using something like EagleFiler or Horcrux or Mail Archiver X.

B. Transfer them to your new account.

Horcrux has a feature to help you do that. Your new mail service probably has a way to do it too. It probably won’t require you to sit there and drag thousands of emails from one IMAP folder to another. It will probably be something you need to setup and then let it run.

Q. How do you eat an elephant?

A. One bite at a time.

(Note: Please do not actually eat an elephant.)

I hope some of this was helpful. The hardest step is the first one. Once you get started, it’s much easier to continue. Until you get started, you can’t make any progress at all.

18 Likes

Word of warning for the (not poorly reasoned) word of warning: This is a transference of risk from a hosted email provider to a domain registrar. It transforms the risk from one of losing access to an email account to one of losing control of a domain.

I think it’s good advice for savvy people, but I’ve seen far more people mess up with domain retention (or having their domains stolen) than I’ve seen lose access to an email account from a well established provider.

For very important services, it’s vital to understand account recovery processes and how to deal with their failure long before you need such information.

8 Likes

This is a good point, too.

Once you have your own domain, you need to make sure that you don’t lose control over the domain or the DNS for the domain.

The major difference is that the risk factors are things you can control, rather than being at the whim of a provider. But you do have to control those risk factors.

This should be within the realm of those who are (or aspire to be) power users but a good warning nevertheless, from the aptly named @ACautionaryTale :wink:

1 Like

I own that exact domain so that was a very accurate assumption!

All of it was helpful, thank you! I’ve bookmarked your post and now it’s time to roll up my sleeves!

(The poor elephant has no chance)

1 Like

And making it even worse, Google doesn’t even have a customer service line or email you can call. You’re 100% at their mercy and have no ability to plead your case.

1 Like

@tjluoma excellent write up mate. I will forward it to a certain family member who I know will be inspired to start using our family domain.

@MarkDMill I would have to disagree with you because that is simply not true. You can get support from Google through phone, chat and email. For personal gmail account you need to be a subscriber to google one:

https://talk.macpowerusers.com/t/yet-another-warning-about-entrusting-gmail-or-anyone-else-with-your-email/24992/8?u=merecivilian