Remember when you needed an invite to get a Gmail account? When it felt like being handed the keys to a secret internet society? I do. I was there. I claimed my spot in the Googleverse as name.surname@gmail.com (obfuscated cause i don’t want to hand it to spiders on a plate, but you’ll figure it out), complete with a period between first and last name, back when the web still made you feel something. Fast-forward to now and - plot twist - it turns out I’m not the only one using this address.

Or so some people think.

Over the past two years, I’ve been getting email meant for a mysterious alter-ego named namesurname@gmail.com - same name, just no dot. Escorts, scooter wheel orders, sports betting accounts, fishing equipment, life insurance, phone bills, the full buffet of internet adulthood.

At first, I thought it was an elaborate phishing campaign. But no. These are legit transactional emails. They’re addressed to someone who, for reasons best left to medical professionals, believes that namesurname@gmail.com is a valid address that they would magically receive messages from by the power of claiming it.

Spoiler: Gmail doesn’t care about your dots

Here’s the twist: Gmail treats dotted and undotted versions of an address as the same. So name.surname@gmail.com is the same as namesurname@gmail.com or even n.a.m.e.s.u.r.n.a.m.e@gmail.com. All that mail lands in the same inbox. My inbox.

But websites and online stores? They’re blissfully unaware. For them, name.surname and namesurname are two separate, fully autonomous human beings and they will gladly set up an new account and honor the order the imposter has just placed - the only thing is that the should validate access to this account by sending out a tokenized link or a one-time code to make sure the user is in control of said address. But why bother ading friction to the transaction. The sweet smell of money is in the air and they’re not about to let a little thing like email verification get in the way.

And so, I became namesurname@gmail.com - a digital doppelgänger with a fetish for teenage girls on dating sites and online casinos. Unwilling. Overwhelmed. Slightly amused.

Welcome to your digital life. I’ll be your host.

There’s something eerie about logging into your e-mail using your own credentials and invoices for services in your name but in different cities - or in different countries altogether. Because here is where things get really weird: the guy giving out my e-mail address as his own has also recommended that his friends and family use it. I’ve received emails for his uncle, his spouse and damn, even for his dog.

In this weird correspondence I’ve seen ID documents. Home addresses. Insurance policy details. Birthdates. I’ve been thoughts away from initiating SIM swaps or resetting accounts. Ethically, I didn’t. Legally, I’d rather not. But let’s be honest: if I were a worse person, I’d own these people’s lives.

It’s like a phishing campaign where the phish volunteers all their details and asks you if you’d like fries with that. No effort. No malware. Just poorly managed identity and zero understanding of how email addresses work.

I tried to help. It didn’t work.

At first, I tried to cancel orders. I replied to vendors saying, “This is not the person you think it is.” I even begged a car insurance company to remove the account. Some of them complied. Others just sent me new quotes. At one point, I was getting monthly invoices for someone else’s life insurance. If that guy dies, do I get a payout?

Eventually, I gave up. Now I watch from the shadows, a ghost in someone else’s machine.

So what now?

This is more than an oddity. It’s a cautionary tale. An entire segment of the population is walking around believing they own inboxes they don’t, creating accounts, uploading documents, ordering scooter parts, all while handing over control to a stranger.

And Gmail? It won’t help. There’s no “report mistaken identity” button. No way to wall off variants of your address. The system is working exactly as intended. And that’s the terrifying part.

What one can do (and what I won’t)

Technically, I could hijack these people’s accounts. Reset passwords. Change shipping addresses. Download insurance documents. But I won’t. Not because I’m a good citizen, but because I really don’t have time for this shit. I barely get the time to read (and sometimes reply) my own mail.

But this whole mess highlights how fragile identity is online. One mistake in the email field while signing up for an account, and you’re handing your life over to someone else.

PS: If you’re out there, Mr. bogdanbotezatu-with-no-dot, please get your own email address. You don’t live here.