How Google’s engineering arrogance often sweats through some of their most popular products and breaks the web.
I am lucky enough to have founded two amazing web companies with lots of users. Superfeedr is clearly geared toward nerds, but Jobetudiant is used by nearly 1M students in France to find jobs. The 2 “customer bases” could hardly be more different, yet, I was recently bitten by the same problem for both web applications: gmail does not consider . (dots) as important. If your email address is email@example.com, then, I could send an email to firstname.lastname@example.org and you’d still get it. Even if I used email@example.com.
This looks smart.
I won’t deny it. When I first found about it (for my own email address), I thought that it would be convenient… but then, once I started receiving support emails for my companies, I started to see the problem and how this apparently smart thing, breaks the web.
Of course, people tend to enter the wrong email address when they register on websites. I don’t know if it’s 1% or 1‰ or even less, but that happens, and given the size of the web audience, that happens often.
“Silently fixing” the problem is what Google chose. This is nice for the user. But I’d argue that failing explicitly is much better. In this context, when you used the wrong email, the application should quickly get a bounce indicating that the email cannot be forwarded. It becomes very easy to then show the user something along the lines of “Oups, it looks like the email address you used is not valid. Are you sure this is the one?”. That’s simple, that won’t break the web and that will educate users.
Of course, users will forget their password, because they picked a complicated unique one. Now, every decent web app has a “forgotten password” form that usually will just require the user to enter their email addresses so they can get an “reset your password” email. That’s how the web works. Google may or may not like it, but that’s how the vast majority of apps work. Now, someone who had once messed up the dots on their email address, may not do it again. Or they may mess up when they had it right before.
If that happens, the user will be told that there is no account with that email, which will either confuse them further or lead them to create a new account when they already have one :/
Of course, forgotten email is one example. Another example is when your app uses incoming emails. At Jobetudiant, we let users apply to the jobs by sending an email to an @jobetudiant.com address. The email is then redirected to the recruiters. Of course we use the From field to identify the sender as a Jobetudiant registered user. When the dot is wrong, we are unable to find the registered student and we cannot link their application to their user account.
But that’s like + in emails
No, it’s not. There is a trick with emails (not just gmail!) that when you add a +xxx after the username part of email address, you’ll still get the email in your firstname.lastname@example.org. This is a neat trick that I use often to identify which services may have leaked my address to spammers.
But comparing this + trick to the .fail is not accurate. When someone adds a + to their email address, they do it explictly. They do it for a reason and they know what to expect from this.
When someone forgets (or adds) a dot in their email address, it’s because they’re doing a mistake. Mapping the behavior of a machine between something explicit and a a mistake is either crazy or evil. What if your car behaved the same when you press the brake or when you frown?
It changes expectations
Let’s say you have a gmail address and you know about the trick. You keep forgetting where is the dot, because you don’t really need to remember that there is one and where it is. But one day, you email your friends at yahoo.com or at hotmail.com and you’re not so sure of their email addresses. You’ll try without the dots, assuming they’ll arrive to the recipient anyway… and you’d be wrong. Gmail is the only provider that supports this. If, like most people you ignore the bounce email errors (or if you don’t speak english), you’ll end up not knowing that your friends never got the email.
What’s funny is that Google Apps for businesses don’t support the dot trick. Talk about consistency and expectations…
A lot of my friends assume that it’s the user’s fault. They’re kind of right, but it does not matter whose fault it is. The computers should help the user and fix it. It’s fairly easy to detect and a simple message to the user (even in the gmail interface) could help and educate the users, rather than confuse them even further.
If I was working on gmail, here’s what I’d do:
- Lock email addresses with/without dots, so that no one can register email@example.com if I registered firstname.lastname@example.org
- Everytime I get an email email@example.com: bounce to the sender,
- but also show me a message like “firstname.lastname@example.org tried to send you a message at email@example.com” which is not your email address. Please, tell them ASAP that yours is firstname.lastname@example.org.
It’s simple, explicit and won’t break the how the rest of the email world works.
PS: This post is mostly a rant and I obviously did not spend weeks or months thinking about solutions. I am sure there are many other ways to achieve this simple scenario: “the user entered a bad email address when they signed up with our service”. Feedback more than welcome!