I wish they'd let me recover my original -- I lost my TOTP generator, and the codes I'd written down in a paper notebook were rejected. I even hunted down the electronic copy in case there was a transcription error -- seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.
Lost a decade and a half of correspondence dating back to my teenage years. I had imported my phone number I'd had since I was 16 into voice, and it doubled as my Signal number. I even had a Gsuite subscription so I could use their (admittedly decently) UI to power my firstname @ lastname dot com email address.
I will never use their services again, I was really digusted by this failure.
I had this issue with my alternative account. Despite my main account being associated (not by recovery, I think this predates that feature), and most messages being forwaded to my main I was never able to successfully recover the credentials.
I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.
This happened to me ten years ago. A while later they did the same thing with my Minecraft login that I had purchased before the EULA was in place; I’ve avoided their services like the plague since then.
I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown
Maybe you should send it enough mail to fill it up and the it would reject emails? Send a bunch of emails with large attachments and avoid getting marked as spam.
I got mine when it was invite only too, I had it a very long time.
I use protonmail now -- I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
>I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
I also have paid services a lot of money where customer service was nonexistent until I did a credit card chargeback or raised an issue with government regulators.
I'm trying to figure out exactly what I want to push my state legislature to encode into law with regards to customer service minimums that would cover anyone doing business in the state, free or paid.
> I will never use their services again, I was really digusted by this failure
Isn’t this inherent to not choosing an (EDIT: external) account-recovery method?
The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)
They did have a method to recover their account that they tried, though - they said that they used the account recovery codes, but that they were rejected. (Those would be the codes that Google gives you when you initially set up 2FA.)
1. You have to own that domain forever, until or at least until you're 100% confident that an email intended for you will never be sent to that domain ever again. Even then, there are security risks with giving up the domain.
2. You give up some privacy. You can use mailbox aliases but it doesn't really matter if all the mailboxes are tied to a domain registered to your name and address.
If you use a password manager like Keepass, you should still be able to log into your other accounts if you lost access and at least with financial institutions you can call, ask that no changes be made with without coming into the branch and showing ID.
Yes, but many companies will also drag their feet, refuse for "security reasons", or you'll just never be able to reach them in the first place because their only support is an AI concierge that tells you the same thing over and over.
As an example Anthropic and OpenAI don't let you change your email address.
This is so useful. a Gmail account is so much more than just an email account at this point. my first gmail account was made when anonymity and cool email was more of trend than your actual name - so i based upon my favorite book in 2006. 20 years later the account is tied to my oft used primary google voice number so lingers even with obscure and hard to spell email.
i could gave moved my google voice number, but it seems like a convoluted process and have had my number since about Grand Central acquisition.
in my experience, in/out porting with google is super quick and works great. It costs $20.00 IIRC. I port my primary phone number around to avoid unlawful surveillance, handy tool in the bag.
Oh, finally. I’m one of the first.last@gmail folks, which I assumed would never change when I was 13 years old (hah!). Fast forward a few years, I got married, and am stuck with my old name in the address.
A bit off topic, but changing your name when getting married is so strange to me.
It is not at all common where I live (Belgium), in fact I don't think I personally know a single person who did.
You can take this to an extreme (like I do) and use a different email address for every party with whom you communicate. It makes it rather obvious who leaked your email address, and also easy to shut them out (looking at you ActBlue!). It also leads to some amusing personal interactions. I once rebooked a cancelled flight on JetBlue at the ticket counter. When the agent saw my email she said “wow, you must really like JetBlue.” I just nodded but I was laughing inside because it’s definitely the opposite!
I do this as well, and occasionally people get confused and think I work for the company I'm interacting with (enterprise@myname.com is close enough to myname@enterprise.com, I guess.) I usually don't bother to correct them, in case it gets me better treatment :)
I do this too, though sometimes it leads to confusion.
FWIW, Firefox's Relay integrates into Bitwarden so you can generate emails on the fly when creating new accounts. Downside and upside is that I never know what my email address or password is.
The huge benefit is I can write down an email that'll work because I own @somedomain.mozmail.com and it'll always redirect. I do the same thing with cloudflare because I also own myrealname.com
But honestly I hate all this because the real problem is that email is a bottleneck and it is stickier than phone numbers. But my email is floating around on a bunch of lists because I've had it for years. Frankly, gmail is pretty bad about removing spam. There's a lot of spam I catch using simple filters from Thunderbird.
The extra benefit is that I'm planning on moving away from gmail and all these relays make it easier to redirect everything to a new location. So I still recommend it. You can shutdown addresses that are being abused or shared more easily but that's hard to do with your long term email address.
Stay tuned I have a pretty cool project I plan on launching very soon. It takes the email alias to the next level, using them as meta tags to actually allow users to trace the source of shady data exchanges. I'm working on the guide and I'm hoping to actually start a community effort here to hold companies accountable for responsible use of PII
FWIW, I have been using the companyname@mydomain.com auto-alias for many years now and I've never had it challenged nor rejected by a human or a machine.
Everybody knows name+something@ maps to name@ so it’s trivial for bad actors to strip the plus part and just spam you directly, losing the per-correspondent distinction.
Which is covered by GP's second suggestion. I add short random password-like strings to these aliases to thwart spammers who might be trying obvious aliases, turning e.g paypal@example.com into paypal.nsi873g@example.com
;) I was a by-invitation-beta in 2004, trust me. Even then spammers knew about the +1234 trick too. The earliest throwaway forwarders suffered from explosive growth and spam netblocks and their queue times varied greatly. The golden age of Viagra and recruiters selling prospect lists to randos. I retreated to gmail for the SPOP and because my original address was Tech Contact for 100+ domains from 1994-2000. Thousands a week. If I was smart I'd have used it as a honeypot to feed a spam blocking service.
I have a separate email I only use to get government and public services (gas, electricity) stuff and it still receives a few hundreds of spam a week. At this point I kinda feel whitelisting the mail I want to read is the only sane option, so getting hundreds or thousands of spam mail makes little difference, while managing a portofolio of addresses is a chore.
I love this feature and wish something like it would come to Gmail.
I can't rely on iCloud Mail anymore due to its overly aggressive silent spam filtering. Not great if you're trying to log into an account, and you can't receive the recovery emails for that account.
My gmail address is first.last@gmail.com. From time to time (and for years) I get someone else’s at firstlast@gmail.com. I thought that a Gmail account that was first.last@gmail also allowed for email sent to firstlast@gmail (no period) to reach my inbox as well.
I’ve received some sensitive/PII content over the years.
I’ve wondered if this person has access to any of my information?
Not necessarily related to this post, but wonder why and how this could happen.
Handy tip for software testing - Gmail ignores everything after a “+” in the address. So when you’re testing different accounts in your software you can use <youremail>+1@gmail.com, <youremail>+2@gmail.com, <youremail>+3@gmail.com etc. to create many different accounts in the software that all go to the same email address.
> I’ve wondered if this person has access to any of my information?
No. They have just told someone your email address and that someone has sent you stuff. Anyone can do that, if they dream up your email address. People having the same name are a lot more likely to do that.
I have a first.lastname@gmail.com, and my namesake has firstmlastname@gmail.com (with middle initial, and I think they originally created the GMail username without periods).
So, I sometimes receive emails intended for him, by people who saw firstmlastname and think it's firstlastname.
Maybe around a hundred emails so far, over the years.
I've gotten good at telling at a glance that an email is for him, without reading it, and forwarding and deleting.
Fortunately, my namesake is a very accomplished good-guy, so I'm happy to help.
Maybe their email is lastfirst@gmail.com, and people occasionally misremember your address and send your correspondence to them. In that case, yes.
More likely their email address is firstlastnumber@gmail.com or firstlast@otherprovider.com though, in which cases the types of mistakes people make are likely asymmetric.
That would have been nice to have during transition. Creating a new account and updating 3rd parties was a huge pain and never got close to 100% completion.
Seems useful. But what I really want is a way to merge google accounts, over the course of history I created 3 of them and would really prefer just a single one
Fun fact, if someone knows your email address and clicks “forgot my password” it sends a push notification to the Gmail and YouTube apps asking to confirm or deny the sign in request. They can click that hundreds or thousands of times per day. I know because it happened to me, so I moved all of my accounts off of the email and deleted my YouTube account. :) peace out Google. Thanks for tolerating a completely insane UI, and not allowing me to turn this setting off. I can’t imagine what it’s like for the elderly who have to navigate this completely enshitified landscape.
Wow this is massive, but will come down to whether you switch to another existing address you have. That is you have example1@gmail.com and example2@gmail.com. The first one has all your decades of data and second is name you've reserved etc. With handles you can release one and use on another account so hopefully option to do the same. Or if they could just update their account migration to support migrating all historic data that would accomplish the same.
Could this be a sign that Google is starting to think again?
For an organisation that often does deeply intelligent things, they spend such a lot of time treating their users unnecessarily poorly because obvious implications seem not to occur to them.
I think they know about them they just don’t care enough to spend money on fixing them. They are still primarily an ad company today and their users are still primarily the product not customers.
It's incredible that in 2025, Google has sprung for "basic competency" after operating a bad email service for 24 years.
In my case, many years ago I changed my last name. (Turns out a lot of women also do this when they do things like... get married. But also for a progressive company everyone's purchases being permanently locked to their deadname seems... bad.) But all of my Android apps, my entire digital life at the time, was permanently locked to my old name. I had another account I created as a mail forwarder but if people sent an invite to it for a Google thing it wouldn't connect to my real account, and obviously there was an added security risk of someone stealing my forwarding account.
I remember talking to Yonatan Zunger about this problem during the Google+ era and it seemed to be renaming an account wasn't something the company was capable of.
I never really had this issue because I used Google Suite with a domain. (That’s what it was called back then.)
So I can have email aliases under that domain, and even choose the alias for outgoing email.
However! This creates an extra security hole. Once I was SIM-swapped (when the attacker calls up a phone company and convinces them to redirect sms to their SIM). I had used it as a second factor at GoDaddy and had to act fast. GoDaddy had already allowed the attacker to authenticate with the sms (dumb!) and port the domain name. I realized what was happening only because the attacker sent “test” emails to my email at the domain. Had they not done that, I might have been none the wiser. I called GoDaddy and got them to cancel it, thankfully. Otherwise they’d have reset passwords armed with email AND phone number.
Since then I use the non-SMS SECOND FACTOR on most services, as NIST had been recommending
for a decade now.
I personally recommend using a username+alias@gmail.com which gmail and others support, with a different but easy-to-remember alias per site, so social attackers can’t even correctly say your email to the dude on the phone.
Michael Terpin, a guy I know, got $27 million dollars in crypto stolen a decade ago by a SIM Swapper and sued AT&T for it. Not sure if he won… he moved to Puerto Rico to avoid taxes and brought Brock Pierce and other crypto bros with him LOL.
I wish they'd let me recover my original -- I lost my TOTP generator, and the codes I'd written down in a paper notebook were rejected. I even hunted down the electronic copy in case there was a transcription error -- seemed like some failure in their systems was causing me to lose access despite having followed proper procedures.
Lost a decade and a half of correspondence dating back to my teenage years. I had imported my phone number I'd had since I was 16 into voice, and it doubled as my Signal number. I even had a Gsuite subscription so I could use their (admittedly decently) UI to power my firstname @ lastname dot com email address.
I will never use their services again, I was really digusted by this failure.
I had this issue with my alternative account. Despite my main account being associated (not by recovery, I think this predates that feature), and most messages being forwaded to my main I was never able to successfully recover the credentials.
I had something kinda similar happen to my hotmail account. While I didn't lose access to it, I lost more than a decade of correspondence dating back to my teenage years. The reason was that Microsoft at some point required you to "login" once every 30 days. It seems they only counted logins through their web interface or something like that, so even though I was receiving emails daily, I didn't trigger a "login" in their system. They then deleted all my emails, but I could still login.
This happened to me ten years ago. A while later they did the same thing with my Minecraft login that I had purchased before the EULA was in place; I’ve avoided their services like the plague since then.
I still think about my lost address that I obtained when Gmail was invite only. My family still occasionally CCs it and it drives me nuts, I would pay money to at least have it shutdown so they don’t think I received an email. I had email forwarding to another address when stolen and immediately after it was stolen it had the weirdest messages, I tried multiple ways reaching out to google and it still bugs me I was unsuccessful. I’d love the their of my account to at least have it shutdown
Maybe you should send it enough mail to fill it up and the it would reject emails? Send a bunch of emails with large attachments and avoid getting marked as spam.
I got mine when it was invite only too, I had it a very long time.
I use protonmail now -- I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
>I think the "free" model enables providers to shrug and go "hey you don't pay us" (if there is support at all -- I've never been able to speak to a human about this issue)
I also have paid services a lot of money where customer service was nonexistent until I did a credit card chargeback or raised an issue with government regulators.
I'm trying to figure out exactly what I want to push my state legislature to encode into law with regards to customer service minimums that would cover anyone doing business in the state, free or paid.
> I will never use their services again, I was really digusted by this failure
Isn’t this inherent to not choosing an (EDIT: external) account-recovery method?
The flip side to allowing account recovery at Google’s discretion is lessened security for everyone. (Obviously not black and white. And I agree Google should have flexibility for old accounts. But it’s an odd thing to reject a major provider over.)
They did have a method to recover their account that they tried, though - they said that they used the account recovery codes, but that they were rejected. (Those would be the codes that Google gives you when you initially set up 2FA.)
Sorry, I meant an external recovery method. Another e-mail address or a phone number.
op said they had recovery codes but they didn’t work.
Back up your seeds! Aegis for Android lets you do encrypted exports.
Yikes. This post is an unsettling reminder that gmail is a single point of failure in my personal and financial security.
Email services in general. My worst nightmare is my email provider (which isn't Google) going dark and losing access to everything.
You can use a custom domain with most providers, so when they go dark you can at least migrate to another one.
Two things about fronting with your own domain:
1. You have to own that domain forever, until or at least until you're 100% confident that an email intended for you will never be sent to that domain ever again. Even then, there are security risks with giving up the domain.
2. You give up some privacy. You can use mailbox aliases but it doesn't really matter if all the mailboxes are tied to a domain registered to your name and address.
Whois privacy is basically standard these days, no?
That is moving the point of failure to the domain registrar. Which is probably less likely, but you are always relying on someone.
I think that the point here is that your domain registrar will pick up the phone if there is a problem, where Google clearly will not.
If you use a password manager like Keepass, you should still be able to log into your other accounts if you lost access and at least with financial institutions you can call, ask that no changes be made with without coming into the branch and showing ID.
Yes, but many companies will also drag their feet, refuse for "security reasons", or you'll just never be able to reach them in the first place because their only support is an AI concierge that tells you the same thing over and over.
As an example Anthropic and OpenAI don't let you change your email address.
Worst case you need to self host
Great when it works. Too many senders will only deliver to widely used hosts, and silently fail for anything outside their tiny allowlist.
Note that I'm not even talking about trying to send email FROM a self-hosted account, but trying to get someone else to send email TO such an account.
This is so useful. a Gmail account is so much more than just an email account at this point. my first gmail account was made when anonymity and cool email was more of trend than your actual name - so i based upon my favorite book in 2006. 20 years later the account is tied to my oft used primary google voice number so lingers even with obscure and hard to spell email.
i could gave moved my google voice number, but it seems like a convoluted process and have had my number since about Grand Central acquisition.
in my experience, in/out porting with google is super quick and works great. It costs $20.00 IIRC. I port my primary phone number around to avoid unlawful surveillance, handy tool in the bag.
Oh, finally. I’m one of the first.last@gmail folks, which I assumed would never change when I was 13 years old (hah!). Fast forward a few years, I got married, and am stuck with my old name in the address.
A bit off topic, but changing your name when getting married is so strange to me. It is not at all common where I live (Belgium), in fact I don't think I personally know a single person who did.
While optional, it's very common in France.
Boss move that I learned under great difficulty: a new temporary gmail alias for every jobsearch.
You can take this to an extreme (like I do) and use a different email address for every party with whom you communicate. It makes it rather obvious who leaked your email address, and also easy to shut them out (looking at you ActBlue!). It also leads to some amusing personal interactions. I once rebooked a cancelled flight on JetBlue at the ticket counter. When the agent saw my email she said “wow, you must really like JetBlue.” I just nodded but I was laughing inside because it’s definitely the opposite!
I do this as well, and occasionally people get confused and think I work for the company I'm interacting with (enterprise@myname.com is close enough to myname@enterprise.com, I guess.) I usually don't bother to correct them, in case it gets me better treatment :)
The problem is that's guessable. I add a nonce/salt/bit of random chars; enterprise_jeje38@example.com to compensate.
I do this too, though sometimes it leads to confusion.
FWIW, Firefox's Relay integrates into Bitwarden so you can generate emails on the fly when creating new accounts. Downside and upside is that I never know what my email address or password is.
The huge benefit is I can write down an email that'll work because I own @somedomain.mozmail.com and it'll always redirect. I do the same thing with cloudflare because I also own myrealname.com
But honestly I hate all this because the real problem is that email is a bottleneck and it is stickier than phone numbers. But my email is floating around on a bunch of lists because I've had it for years. Frankly, gmail is pretty bad about removing spam. There's a lot of spam I catch using simple filters from Thunderbird.
The extra benefit is that I'm planning on moving away from gmail and all these relays make it easier to redirect everything to a new location. So I still recommend it. You can shutdown addresses that are being abused or shared more easily but that's hard to do with your long term email address.
Stay tuned I have a pretty cool project I plan on launching very soon. It takes the email alias to the next level, using them as meta tags to actually allow users to trace the source of shady data exchanges. I'm working on the guide and I'm hoping to actually start a community effort here to hold companies accountable for responsible use of PII
I'm interested. How does it differ from using:
name+service@gmail.com or service@myowndomain.com
...to figure out where the spam originated?
> service@myowndomain.com
Just be aware that this may be very confusing to customer support agents: https://news.ycombinator.com/item?id=32475178
FWIW, I have been using the companyname@mydomain.com auto-alias for many years now and I've never had it challenged nor rejected by a human or a machine.
Everybody knows name+something@ maps to name@ so it’s trivial for bad actors to strip the plus part and just spam you directly, losing the per-correspondent distinction.
Which is covered by GP's second suggestion. I add short random password-like strings to these aliases to thwart spammers who might be trying obvious aliases, turning e.g paypal@example.com into paypal.nsi873g@example.com
Hm interesting, do you want to tell why this helps out a lot perhaps?
;) I was a by-invitation-beta in 2004, trust me. Even then spammers knew about the +1234 trick too. The earliest throwaway forwarders suffered from explosive growth and spam netblocks and their queue times varied greatly. The golden age of Viagra and recruiters selling prospect lists to randos. I retreated to gmail for the SPOP and because my original address was Tech Contact for 100+ domains from 1994-2000. Thousands a week. If I was smart I'd have used it as a honeypot to feed a spam blocking service.
Don't you get these spam mails either way ?
I have a separate email I only use to get government and public services (gas, electricity) stuff and it still receives a few hundreds of spam a week. At this point I kinda feel whitelisting the mail I want to read is the only sane option, so getting hundreds or thousands of spam mail makes little difference, while managing a portofolio of addresses is a chore.
It might be an iCloud+ feature only, but if you're on a Mac - you've already got the ability to generate virtual email addresses on the fly.
https://support.apple.com/en-us/105078
I love this feature and wish something like it would come to Gmail.
I can't rely on iCloud Mail anymore due to its overly aggressive silent spam filtering. Not great if you're trying to log into an account, and you can't receive the recovery emails for that account.
You don’t have to use an iCloud account as a target for your real email address or even for your Apple account.
iCloud Hide My Email is pretty good for this.
myjobapplicationhasbeendenied-1582-timesalready@gmail.com will certainly end well.
My gmail address is first.last@gmail.com. From time to time (and for years) I get someone else’s at firstlast@gmail.com. I thought that a Gmail account that was first.last@gmail also allowed for email sent to firstlast@gmail (no period) to reach my inbox as well.
I’ve received some sensitive/PII content over the years.
I’ve wondered if this person has access to any of my information?
Not necessarily related to this post, but wonder why and how this could happen.
> I thought that a Gmail account that was first.last@gmail also allowed for email sent to firstlast@gmail (no period) to reach my inbox as well.
Yes, and you've received email that was addressed like that ... so what's your issue?
> I’ve wondered if this person has access to any of my information?
Yes, because "this person" is you.
No it isn't.. it's firstlast@gmail.com [Dots don't matter in gmail addresses](https://support.google.com/mail/answer/7436150)
Handy tip for software testing - Gmail ignores everything after a “+” in the address. So when you’re testing different accounts in your software you can use <youremail>+1@gmail.com, <youremail>+2@gmail.com, <youremail>+3@gmail.com etc. to create many different accounts in the software that all go to the same email address.
> I’ve wondered if this person has access to any of my information?
No. They have just told someone your email address and that someone has sent you stuff. Anyone can do that, if they dream up your email address. People having the same name are a lot more likely to do that.
I bet this is it.
I have a first.lastname@gmail.com, and my namesake has firstmlastname@gmail.com (with middle initial, and I think they originally created the GMail username without periods).
So, I sometimes receive emails intended for him, by people who saw firstmlastname and think it's firstlastname.
Maybe around a hundred emails so far, over the years.
I've gotten good at telling at a glance that an email is for him, without reading it, and forwarding and deleting.
Fortunately, my namesake is a very accomplished good-guy, so I'm happy to help.
Maybe their email is lastfirst@gmail.com, and people occasionally misremember your address and send your correspondence to them. In that case, yes.
More likely their email address is firstlastnumber@gmail.com or firstlast@otherprovider.com though, in which cases the types of mistakes people make are likely asymmetric.
periods are ignored in gmail addresses so there's no difference between firstlast@gmail.com and first.last@gmail.com
That would have been nice to have during transition. Creating a new account and updating 3rd parties was a huge pain and never got close to 100% completion.
Seems useful. But what I really want is a way to merge google accounts, over the course of history I created 3 of them and would really prefer just a single one
Fun fact, if someone knows your email address and clicks “forgot my password” it sends a push notification to the Gmail and YouTube apps asking to confirm or deny the sign in request. They can click that hundreds or thousands of times per day. I know because it happened to me, so I moved all of my accounts off of the email and deleted my YouTube account. :) peace out Google. Thanks for tolerating a completely insane UI, and not allowing me to turn this setting off. I can’t imagine what it’s like for the elderly who have to navigate this completely enshitified landscape.
I really want unlimited aliases for signing up to sites and tracking who is leaking my data.
mailbox.org hooked up to Thunderbird allows you to do so using custom domains. You can send and receive email as any string @ your domain.
You can do something like email+site@gmail.com and it'll be delivered to email@gmail.com with the site in the To field
Wow this is massive, but will come down to whether you switch to another existing address you have. That is you have example1@gmail.com and example2@gmail.com. The first one has all your decades of data and second is name you've reserved etc. With handles you can release one and use on another account so hopefully option to do the same. Or if they could just update their account migration to support migrating all historic data that would accomplish the same.
an here I am still grinding on a mid-90s iname.com handle
Could this be a sign that Google is starting to think again?
For an organisation that often does deeply intelligent things, they spend such a lot of time treating their users unnecessarily poorly because obvious implications seem not to occur to them.
I think they know about them they just don’t care enough to spend money on fixing them. They are still primarily an ad company today and their users are still primarily the product not customers.
It's incredible that in 2025, Google has sprung for "basic competency" after operating a bad email service for 24 years.
In my case, many years ago I changed my last name. (Turns out a lot of women also do this when they do things like... get married. But also for a progressive company everyone's purchases being permanently locked to their deadname seems... bad.) But all of my Android apps, my entire digital life at the time, was permanently locked to my old name. I had another account I created as a mail forwarder but if people sent an invite to it for a Google thing it wouldn't connect to my real account, and obviously there was an added security risk of someone stealing my forwarding account.
I remember talking to Yonatan Zunger about this problem during the Google+ era and it seemed to be renaming an account wasn't something the company was capable of.
gmail sucks, I'm getting 2-3 spam emails a day, am I the only one?
I wouldn't know, I don't look at my spam folder.
If you only get 2-3 you are lucky :)
Maybe 10 annually.
I never really had this issue because I used Google Suite with a domain. (That’s what it was called back then.)
So I can have email aliases under that domain, and even choose the alias for outgoing email.
However! This creates an extra security hole. Once I was SIM-swapped (when the attacker calls up a phone company and convinces them to redirect sms to their SIM). I had used it as a second factor at GoDaddy and had to act fast. GoDaddy had already allowed the attacker to authenticate with the sms (dumb!) and port the domain name. I realized what was happening only because the attacker sent “test” emails to my email at the domain. Had they not done that, I might have been none the wiser. I called GoDaddy and got them to cancel it, thankfully. Otherwise they’d have reset passwords armed with email AND phone number.
Since then I use the non-SMS SECOND FACTOR on most services, as NIST had been recommending for a decade now.
I personally recommend using a username+alias@gmail.com which gmail and others support, with a different but easy-to-remember alias per site, so social attackers can’t even correctly say your email to the dude on the phone.
Michael Terpin, a guy I know, got $27 million dollars in crypto stolen a decade ago by a SIM Swapper and sued AT&T for it. Not sure if he won… he moved to Puerto Rico to avoid taxes and brought Brock Pierce and other crypto bros with him LOL.