from Hacker News

Basically, I am asking my fellow developers who allow users to use a "guest checkout" or when signing up to a site or service to please, please verify the email address used when it points to gmail.com with an email, supplying a link that is basically "This not you?" to remove it.

Please also add logic to remove the dot from the email address when matching against your DB.

Gmail does not honor the dot in the name portion of the email address. Both of these point to someuser@gmail.com: some.user s.omeuser someu.ser ..etc.

https://support.google.com/mail/answer/7436150?hl=en

This means that when a user signs up, you really need to match against the dotless name and not what they supplied verbatim.

Some background on why I am posting this:

I recently had to send a regular _physical postal letter_ to someone halfway across the country to tell them to stop using my email address when signing up (I've gotten their address from past order receipts). I've also had to contact organizations directly when trying to delete accounts because they also lock the account behind a phone number text verification or some other pseudo 2FA. This user is a constant thorn in my side, especially when I automatically get signed up to loads of marketing emails.

As an example: This idiot decided to sign up to Shop.com using their App. I was able to log in to the account, but I cannot remove it, nor change any settings because it sends a text to the user as a "security" measure. I guess it works, but this is a HUGE problem when they didn't verify the email as the user to begin with. I have just now contacted them to hopefully rectify this situation.

Anyway, I hope everyone understands just how frustrating this can be when you have someone who is technologically inept decides to use your email address when they don't have their own, and you do not verify the email address.