Somewhat of a sidenote, but this is why I refuse to use google+: my gmail account is too important to me to risk of linking it to another google service. Especially considering the stories of people's entire google accounts getting shutdown randomly because of an "algorithm" or whatever.
I like the products google makes, but their complete refusal to have any sort of customer service makes me hesitant to rely on them for anything beyond what I trust them with now.
"The stories" are sort of an exaggeration. My memory is that Google did that (disabling a gmail account while freezing a google+ account) once, apparently by mistake, and corrected it within something like 48 hours. Are there other examples I've forgotten?
I don't think that it's technically illegal to serve email to someone under 13 years of age. That's just the conservative take on the law that most sites have taken.
[You may be able to allow < 13 year olds with parent's permission, but most sites probably feel that it's too much effort/risk to do that.]
It has happened to me - I lost everything, calendar, email, g+ (which I had not ever updated and had no ToS violations on), absolutely everything.
In the next two days I googled (yes, I did) for answers while receiving automated messages that seemed to indicate I was never getting my accounts back (submitted the form they asked me to, but nothing came of it).
I lost my appointments, contacts, and had business people doubt my veracity, as I'd just given my gmail to several new contacts and their initial emails all bounced.
If I hadn't had multiple friends inside of google I might never have gotten my accounts back, and I heard they weren't even sure what exactly happened other than a confluence of events. I then learned how very very common it is to lose a google account and never know why, and never be able get back anything on them (family pictures, phone numbers stored in contact lists...)
I'm now mostly divested from google and the things I still have there I now have backups and redundancies for.
Lawsuit for what? Google's terms are set up such that "we algorithmically decide to provide you with nothing whatsoever in exchange for your money" is perfectly within their rights.
Confirmed. When I say Google supplied me with the single worst customer service I've ever had, I do mean customer. Not user. Customer.
e.g. "24/7 Support" meant I was free to sent them an e-mail anytime, day or night. Or I could call the 800 line and leave a message ("Calls are usually returned within two business days!").
When I did get through this way, I had to run a gauntlet to convince the asshole (and he was an asshole) that I'd exhausted every imaginable self service option before having the audacity to call for help directly - even though this was the exact service I was paying for.
Seriously, you'd think I'd called 911 to report that I was running out of milk and eggs. In reality, my accounts had vanished completely. Business accounts, I might add. Not that it mattered to Google.
Like an earlier commenter noted - if you use Google for anything that matters, you'll probably be okay. After all, the odds are in your favor. But if you do get screwed, you get screwed completely, suddenly, and without warning. And that's true of customers and users alike.
He's paying for Gmail+Docs storage, that's not the same as Google Apps for Business. If he were paying for Google Apps for Business then he has a 24/7 support phone number that he can call.
That's what I thought. When Google Apps for businesses came out I was interested in subscribing, so I asked their customer support about what migration paths they offer. I never heard back from them.
Your mother didn't have multiple friends inside Google.
This is the story we hear again and again - you CAN get customer service from Google if you have contacts inside or you can raise a big stink at some forum that Googlers read.
Even if the stories are an exaggeration (which I doubt), the complete lack of any sort of human support is problematic. I get why a company of google's scale relies on heuristics to identify issues, but it's /really really important/ that when those things go wrong -- as they certainly will -- there's some sort of recourse.
The black box google currently presents makes me uninterested in trusting them, since to do so would present a lot of risk (losing my email) with very little reward (a sort-of-better facebook clone).
Yes and what Google does not seem to realise that there is a lot of legal precedent and custom and practice that expects that if someone is penalized there is some sort of appeal process.
"Examples" and stats aren't worth a damn thing when it happens to you. When Google tweaks things and you're caught in the middle, 100% of your e-mail, Adsense, Adwords, Apps, GAN, Docs or whatever is cut off with almost zero recourse.
My Google+ account was suspended because I had entered my "real name" as "Alan / Falcon" when I signed up since I was using the service as a kind of meta social network for online friends who I didn't know personally and wanted to keep that separation between my real identity and my meta identity. I'm sure if I'd omitted the slash I wouldn't have been suspended, and my name is definitely not really Alan / Falcon, but the whole thing left a very sour taste in my mouth. I wasn't able to use the network how I wanted so I just left the account in the suspended state, with a giant full screen pop-up appearing every time I followed a link from HN to a G+ post. Fortunately none of the other Google services I used were at all affected, including GMail or Blogger. But I went ahead and finally just updated my name to my real name on Google+ now to avoid a situation like this if Google decides to change its algorithm to something else and flags my permanently suspended account. Note that the account is still suspended so far as I know, pending review of the name change I submitted.
On a related note, I'm actually bummed that iCloud is free. I felt better about access to my data when I was paying yearly for MobileMe, and in fact started recently experiencing some issues getting Mail in Snow Leopard to recognize my iCloud account and finally ended up just upgrading to Lion to resolve the issue. (Yes, the $30 OS upgrade is cheaper than the $99 MobileMe cost, and I'm glad I upgraded because I'm enjoying using Lion, but I dislike how easy it is for Apple to say now that it's a free service they're free to stop supporting anything that isn't the latest iDevice or version of their OS if things happen to work out that way.)
Why screwed? MobileMe migrated to iCloud seemlessly and you had to pay nothing. Plus the service now is even better for free! I don't see that people get screwed.
"Even better"... more like different. MobileMe and iCloud have a fairly different feature set. If you used one of the things that was in MobileMe but not iCloud... too bad.
Right. And Apple provided paying MobileMe customers with 25GB of storage for free the first year. However, with the lack of an iDisk replacement, it's pretty hard to use up that space.
In other words, that what we did get, is pretty useless.
Sure but iDisk was little more than a generic WebDAV service, so you could easily replace it with a service from another provider with the money saved.
No, your email is that important to you, but you're trusting it to a company that may lock you out with no recourse or apparent reason. You can do your best to play nice and hope it doesn't happen, but that's just hope.
The good news is that the odds are on your side. Most people do not, of course, get their account shut down willy-nilly. But if it happens you're pretty much out of luck.
This. If you're really worried about the safety of your Gmail account, maybe it's time to consider moving your email somewhere else. Sure, you can back your email up, but if your account is suspended you'll still lose access to your address.
I moved my email over to Fastmail.fm, a subscription email service, around 8 months ago. They've been in the business since 1999 and seem to be pretty reliable. The web interface and price obviously doesn't compare to Gmail, but all the other features are there.
If you're really worried about the safety of your Gmail account, maybe it's time to consider moving your email somewhere else. Sure, you can back your email up, but if your account is suspended you'll still lose access to your address.
Or: use Google Apps for Domains, so that you can easily switch to another mail service when necessary, and have one machine make a backup with offlineimap.
This. Also, if you use Google Apps for Business then it's only $50 per year and you get a dedicated, 24/7 support phone number you can call.
Seriously, Gmail is free, you really can't complain about something that's free (yes, I know you "pay" by looking at ads, but when you can upgrade to the "premium" service for $50, never have to look at another ad again and get 24/7 phone support, why wouldn't you?)
>The web interface and price obviously doesn't compare to Gmail
Their new web interface currently in beta at https://beta.fastmail.fm/ is very nice. I've been using it (the new interface) for few months and don't feel like I want to go back to Gmail at all. (Then again I don't use labels in Gmail, so your mileage may vary.)
I'd love to use fastmail, but at least when I last tried it (two years ago) at least 1/10 messages I sent just vanished. Never went to my sent folder, never got delivered.
And today, you tell me to go to beta.fastmail.fm ... a site that looks like this: http://o7.no/IPvfHo
Note broken images, missing Latest News, and they can't even spell Fastmail correctly (see below "Login to your account"). This does not inspire confidence.
Their beta front page has been like that since forever and I'm not sure why it hasn't been fixed. Regardless of such blunder, I've been using FastMail reliably for almost two years and the only problem I've ever had was when DynDNS decided to no longer response to +recurse query (which they fixed it pretty quickly, within 12 hours, faster than it takes DynDNS Support to even response).
[Off topic: I think FastMail support system is pretty lame; despite being an email service, the only way to contact their support is via... web interface. They have few weird quirk like this but it's not something I couldn't live with.]
These sites (Google, Facebook) pull shit like this and then hide from their users.
People need to think things through before uploading all of their stuff to "the cloud." The network is a transmission medium, not a place to keep things. If you own a connected server, that's one thing. But why trust all of your data to some third party who can pull the plug on a whim and leave you with no recourse?
Here's Microsoft's moronic account-recovery procedure for an inexplicably blocked Hotmail account. It's IMPOSSIBLE to follow the directions:
But GoDaddy can pull my DNS name just as easily. Or my ISP can cancel my hosting account. Or the government can break into my house and steal my desktop.
There is no such thing as a safe system with one point of failure. No matter what medium you use to store data, you must always have a backup. It's the only way to be sure.
(Personally, I pay the $5 a month for a Google Apps account. It's convenient to let Google host my email, but if something goes wrong, I can always change my MX record and start collecting my own incoming mail again. And, I don't have to block ads anymore :)
In support of your (and my) point: Local storage is now dirt-cheap, small in size, and spacious. Exactly the WRONG time to start turning your data over to someone else to store "in the cloud."
Storage is cheap, but administering a well-secured mail server is difficult. Providing search and spam filtering is even more difficult. There's a reason why people pay others to maintain email servers: it's hard.
I have two small servers (plug computer) on two different locations / providers / IP addresses with all my data. They are synced by rsync. That is my own small redundant cloud. Not expensive and quite easy to setup with some Linux knowledge.
I'd be curious to see a write-up of this. What are the details? Since these are plug computers are they just at two residential locations, or are they actually in co-lo? How do your keep your desktop/laptops in sync? Remote mount? also rsync?
I have a house and a flat 120 km away from each other. One is the master the other the slave. The master is read/write the slave read only for the clients. They are mounted with sshfs (not ideal with interrupted WiFi connections / reconnect issues, might switch to WebDAV) by the clients Laptops, Desktop, Nokia N900es etc..
They sync with a cron job. Also they test if clients are nearby (Wifi) and rsynces them for backup purposes.
The main data is all on the master/slave servers.
I sync manually to clients if necessary for offline work(driving by train etc.)
The plug computer is a Sheeva plug.
There is a low power WD USB 1 TB drive connected, power consumption in idle is <5 W.
Well, it's a mirroring technique. Sure you're mirroring to an off-site location, but I'm assuming there is no versioning happening (i.e. snapshots). If a file becomes deleted or corrupted on the master, then that change will propagate to the slave, and you will no longer have the file.
Gmail should let you download all emails into an email client, but the point people are making about losing access to the address itself remains very valid.
Would be interesting to know if anyone has ever lost access to their account and filed suit in an attempt to get it back. Current MegaUpload case is a bit different, but related.
What I don't get is why the very first step in Google's automated process is to lock down the entire account. The debate is around the scalability of support, but that doesn't explain why the automated first response is so radical and so radically stupid.
The anger and rage Google provokes by not letting people log in and access their own data is totally unnecessary. They could just as well let people log in, view their data and receive email but prevent them from sending mail, publishing content, uploading more stuff, etc.
This is not simply about automation or no automation. It's about smarter automation and an intelligently staged response to any suspected issues. If algorithms are to be accepted as decision makers, they have to be gentle and not treat everyone like a criminal as soon as there is some suspicion.
I suspect it's for the same reason as they never reveal any details about their search ranking techniques or why some SEO or suspected fraud got your AS/AW account banned - it's an information leak which people will abuse.
The downside to running such a heavily automated ship is that without countermeasures, a sophisticated attacker could map out the thresholds of your fraud/misuse detection system, and then keep just below triggering point.
On top of that, there are actually situations in which you might want your account to be suspending quickly - ideally before an intruder can cause too much damage or access any valuable information.
Some sort of graduated response is clearly necessary, but the real issue is the complete lack of timely dispute investigation/resolution. And it's probably a hard enough problem to resist automation for quite a while yet.
Edit: This obviously only applies to situations where they might reasonably expect you to be malicious, or someone else to be in control of your account. Immediate irrevocable suspension over some tiny ToS violation is pure madness
1) A suspected TOS violation by the legitimate owner of the account.
Trying to prevent this via obscurity is crazy and counter-productive as people cannot learn from honest mistakes. It also antagonizes people who become victims of bad algorithms. There is no reason why the kind of staged response I outlined couldn't work in this case.
2) A suspected security breach that puts ownership in doubt.
This should be handled by resetting the password and contacting the legitimate owner using contact information on file before the breach. It's really simple.
1) attacker guesses your password or obtains it via phising.
2) attacker changes password, starts sending spam
3) google locks account
When you have arrived at 2), you have already lost the account for good, and 3) is only for damage control.
You should know that Google has no way to verify whether your account has been hacked, or whether you yourself are a spammer; therefore the best thing for them to do is just to lock the account.
That's not the best thing to do, that's the most unimaginative thing to do.
I would do it this way:
1) Make sure that only the legitimate owner has access to the account by using previously entered contact data to ask him/her change the password.
2) Check if the suspicious behavior stops, which it will in most cases.
3) If it doesn't stop, put the account in read-only mode. If the kind of behavior may be an honest mistake, explain to the user what happened. Just take that risk, it's going to be worth it.
4) If it's a statistically active user with lots of regular looking data, let a human sort things out.
5) If the issue remains unclear, tell the user to download any data he wants to keep and notify him/her that the account will be closed.
Yes, that would be better for the user, but this is a free service, and Google has not much too gain from making the process more complicated (imaginative) and thus more error-prone. As a user you have the responsibility of keeping your password absolutely safe, if you do that (and better yet use 2-factor auth), nothing should go wrong.
Your option 1) boils down to adding more "passwords" by which the user can authenticate itself, so it's not a fundamentally better protection as they can be guessed by an attacker as well. Requiring a text message confirmation for password changes might be a better idea.
All steps on my list are either fully automated or optional, so it doesn't cost them more.
Google has a lot to gain from people entrusting them with their data, that's why they provide a free email service in the first place.
It would be a mistake to think that trust is linear. You can't just treat a few people very badly without risking a major backlash against your business model.
OP says
>>We've all (yours truly included) heard about the importance of owning your digital data, the downsides of vendor lock-in, and how if you're being provided a free service, you're the product, not the customer. But I honestly never understood how deep this problem is, and how severe the consequences can be ("surely this cannot happen to me", right?!).
Excellent point.
Btw one easy way to maintain a local copy of all your gmail-emails is to use a mail client (like Outlook or Apple Mail) with gmail. With Outlook, for example, you can easily download and move emails into a PST/OST file on your PC.
The other way is to maintain a non local copy by setting up a forward to another email account elsewhere. That's automatic and doesn't require downloading to your local machine and happens in real time.
Backing up is fine, but the problem is you still don't own your identity. If your email address is xxx@gmail.com you've lost that forever and that could be a big problem.
That's a problem anywhere. You have to own your own name or share it with someone you trust for life or just adapt to change like we did before cell phone number portability.
Set up your own domain name for $5/year or less and use the free email aliasing that comes with it,
e.g. paul@wvenable.me would be aliased to paulharris@gmail.com at your DNS provider.
Then you only ever pass around wvenable.me addresses. If you get a good provider, they will give you unlimited free aliasing (though they may not allow catch-all address for free, which redirect anything@ to some default address, due to spam potential).
Combined with monthly backups via IMAP or export from your actual email providers, you will never be dependent in either identity, contacts or content with any single provider.
Needless to say, all of the above is trivial to setup for a typical HN'er.
Which is great unless your PST hits the 2GB mark and corrupts. Has happened to me a few times and it makes for a distressing and wasted period of time. Newer Outlooks are meant to avoid the limit but an upgrade didn't help me last time.
Which version are you talkin about?
There were a 2GB limit in Outlook Express (the free one shipped with XP and i suppose older ones) for its dbx files: when you reach the 2GB limit, you cant receive (or send) files anymore. It was particularly nasty if it happened on your sent folders, because emails were continously pulled from outgoing, sent to receivers, failed to copy into sent, copied again in outgoing for the next send cycle, so if you didnt intervene you'll have people flooded.
Office Outlook (the paid outlook) had not this problem (at least since 2003 to 2010), I manage a network of 100 users circa and we use Outlook for multiple personal and office IMAP accounts, and some of them are way larger than 2GB. Sometimes corruption happens on PST files, but I cant relate it to their dimension.
And, by the way, you can always use Mozilla Thunderbird
Microsoft acknowledge that PST files can corrupt when they hit the 2 GB limit in Outlook Standard Edition 97, 98, 2000, 2002:
http://support.microsoft.com/kb/296088: "This problem occurs because the .pst and the .ost files have a 2 gigabyte (GB) size limitation, and the error message occurs when it is exceeded. "
I don't really pay much attention to version numbers, but first had it with an older version (97 or 02?) then again with 07 it might've been? Whatever I'm using has the Ribbon.
Better: fetchmail and/or offlineimap, stored to a real mail storage format, preferably maildir.
Available on all sane platforms. Linux distros natively, Mac OS X (you might need to go to DarwinPorts for the software), and Windows (via Cygwin).
Note with offlineimap, changes on the server (e.g.: mail deletions) will be reflected on your local archive when re-synched. If your goal is archival, you'll want to copy the local mail you want to save permanently elsewhere.
Just out of curiosity, did you use two factor authentication on the account? I understand that a common reason for accounts becoming disabled is because someone guessed the password, logged in, and then sent a bunch of spam (or something similarly evil). Two-step authentication makes this attack significantly more difficult. (But, of course, it makes your email harder to use. And malware can still steal your "remember this computer for 30 days" cookie.)
This happened to me once and it took a while until they reinstated my account. To date I have no idea why it happened. I thought about moving to another service, but unless you setup your own SMTP server (probably not a good idea), you never really have full control.
Here is what I recommend you do (before getting locked out):
1. Use your own domain for email and host it on gmail (free) - do not use yourname@gmail.com, but yourname@yourdomain.com.
2. Create a secondary email account and have your primary account forward all emails to it.
If you get locked out, your account still accepts emails. I believe that forwarding still works as well, though I haven't been able to verify it (need to get locked out again...).
Then either respond from your secondary account, or change your mx records to point to another service, or even to your own temporary SMTP server.
It's not a complete / ideal solution. You still don't have access to emails you sent (could be done using IMAP, but I didn't bother) and to other Google services. But it might be OK as a temporary solution until you get your account back.
Some paid services have a feature that forwards a copy of all of your sent messages to another address in real time. They do this by adding a BCC to every sent message. This allows you to have copies of every single message, both sent and received.
Why is setting up your own mail server a bad idea? I've been running my own for 13 years now (plain old postfix and dovecot on whatever linux distro I favor at the time). It works great.
I agree, it's not necessarily a bad idea. I meant that most people (even most hackers) probably won't do it. I think the biggest issue is reliability, since if your SMTP server is down emails sent to you are rejected.
Meh. I had it running on a line at my home for years. It's been on Linode for the last 2.5 with near zero downtime (Linode had one outage in Texas, I've rebooted a few times, and did a distro upgrade once). Looking at moving it to AWS at the moment. Really, it's easy.
This is a bit of a misunderstanding of how SMTP works.
If you run and maintain your own SMTP server and it goes down, you won't be able to send email.
Everyone else will still be able to send email to you, and it will be delivered to you, and you'll be able to read it.
Now, if you break Postfix or something on your server and start bouncing emails then you can be in trouble, or if you mess up the DNS somehow.
But generally running your own mail server is a set it up and leave it alone type of affair. Any junior level hacker can cobble one together with guides online and have it up and running with no problems in a few hours.
No, the misunderstanding is yours. Postfix IS an SMTP server. SMTP servers connect to other SMTP servers to deliver mail. Your mail comes into an SMTP server just as it goes out an SMTP server.
ocelotpotpie meant that SMTP servers are designed to reliably queue mail and retransmit. If your mail server goes down, you don't lose mail. The senders will just try again later. Downtime on an SMTP server impacts delivery latency, not reliability.
Senders will keep mail for you in the queue only for a limited time, after a few days (IIRC) your mail will bounce. So if your host or ISP unfairly takes down your SMTP server and you have to go to court with them, you WILL lose mail.
Generally, running an SMTP server is quite a responsibility: not losing mail, not being exploited to send spam. What matters is not so much that you can set up in a few hours, but whether you want to take on that responsibility.
What? No. You just get another host somewhere (free amazon micro EC2, etc...) and point your DNS to that via your registrar. The only thing that can prevent mail service with longer than ~24 hours latency is a seizure of the domain.
Most SMTP servers trying to send to you will try for many days before giving up. A typical configuration for a sender may get give a warning after the first 24 hours and then a bounce after another 48 hours, so normally you'll need to get your server back up and running within three days before you'll actually lose mail.
I used to own and manage my own mail server when I had to do it for my business back in the day. I had to be up to date in all involved email server management and its perks anyway, so it wasn't a lot of extra work. Now it would be. For a normal email user, it would be a nightmare.
I'm the kind of person who's very disrupted by having a ton of small tasks in the background all the time. Maintaining your own email server adds a bunch of them, even if you are already knowledgeable (keeping your domain(s), storage & redundancy, having to maintain a server with good uptime and with a lot of security concerns - it's online and it broadcasts its IP in headers, it's immediately spotted as running an email server and targeted to be made a spam-relay or worse).
If you're not even knowledgeable about it, the amount of stuff you need to learn and be familiar with is ridiculous. Maybe they don't even occur to you off the top of your head now, but the amount of little things one learns over the years about server maintenance is massive and a lot of it is absolutely necessary to run an email server with guarantees. Having to "insource" all that shit work is something I've been trying to avoid but I'm afraid I will have to do. I rent, this means sometimes I have to move and keeping servers 365/24/7 is a problem. Typical home connections are rather shitty for an email server in terms of uptime - you'd have the occasional email silently not arriving (depending on sender retry config) and also the occasional bounce (server coming back up but not properly - happens) and that doesn't look good for serious communications this day an age. And like that, a large number of concerns both particular and common to each email user.
Having backups (also involves shit work but not as much) mitigates the problem but for some of us, simply to stop receiving email at a certain address for a couple of days can cause a lot of trouble.
I agree with you. There are quite a few commercial webmail/imap/pop providers, though. I've been using one for years now. I refuse to do free email since I lost my yahoo mail over a decade ago, and I like the peace of mind of knowing I can call up some someone for support.
1) Spam filtering. The Google spam filters are likely going to be orders of magnitude better than anything you run in-house.
2) You value your time. Some people don't, it's not really worth arguing this point. But it is a reason running a mail server is a bad idea for most people.
Orders of magnitude is an exaggeration. My account is very visible and very old, and gets 6-700 spam deliveries a day. Plain vanilla spamassassin catches 93% of those, and a little perl filter I wrote gets me to 98-99%. I get a handful of unwanted messages each day. That's just one order of magnitude from perfect; and I know for a fact gmail isn't perfect.
And #2 is just wrong, sorry. I spend minutes a week doing anything at all related to maintenance on that box (I use it far more regularly for productive purposes, though). If you can handle running a linux box from a console, you can learn to do it too. Or don't, it's up to you. But telling me I don't value my time is just out of line.
Re #2: Sorry, I wan't directing that at you and meant no offense. Per your post:
>> I've been running my own for 13 years now (plain old postfix and dovecot on whatever linux distro I favor at the time).
For those of us without the experience of 13 years running postfix and dovecot (and spamassassin and writing perl filters), there will certainly be at least some time investment. That's what I was talking about: the price in hours to go from zero to competent. You may be too competent by now at email hosting to realize that it would not be a minutes per week affair for most people to do well.
Obviously if it works for you, great. Interesting to note that you started running your own long before GMail; the calculus of starting to self-host is different now.
Re #1, you should lend your spam filtering tools to Yahoo! In all seriousness, a handful of unwanted messages per day would be a dramatic improvement to my Yahoo! inbox. Whatever they are doing over there is not as good as what you're running.
GMail isn't perfect. I usually get at least one spam per day, usually for stuff which should've been picked up by any decent spam filter (all caps, or "Hello I am Mr. Otogonoyu from Nigeria and I have US$4.8M to give you...")
I sometimes wonder if GMail lets these through for certain people, and relies on the "mark this as spam" button as some sort of mechanical turk...
Spam filtering got much easier for me once I started using different emails for each website and person. You can just route that particular address to /dev/null without affecting the rest of your emails.
There are paid services that relatively cheaply fix this by being your MX-record and forwarding mail to your own local SMTP server at a configurable port.
Yup. There are free ones too (for example, http://domainmx.net/ -- if you are willing to trust any third party, with your data, or can convince everyone emailing you to use encryption) but, even the pay services put us squarely back in the realm of not owning our data. I can use Gmail that way already (as intermediate storage for when my server's not running, and I can use + in addresses to sort incoming mail for local users).
What gets me is that email was one of the first peer-to-peer networks, and 90% of people, including myself, on residential links, are excluded from using it as designed. It seems more wrong to pay to solve a man-made problem. Free webmail is "good enough" if I'm just going to pull my messages offline and use it as a relay...
I remember there being "more internet" on my 28kbps modem... Port 25 and 80 worked from home, SMTP servers didn't reject mail from anyone on a residential ISP. I actually wrote a letter to my ISPs when they started blocking SMTP (yeah, I'm THAT guy)... Their argument was "but spammers," and they wouldn't make an exception for 1 out of a thousand. I even wound up switching providers over it. A year later everyone was doing it and there was no stand left to make. Spam is our "airport security" scarecrow (among others... copyright, porn, etc)... We'll undo the whole thing if we have to.
And so Gmail it is, until Email 2.0 comes around, and is new enough not to be intentionally broken, or I decide to shell out and license the real internet from my oversubscribed ISP that throttles uploads so noone can offer new and interesting services using their networks that might compete with them.
Don't get me started on QoS -- the neutrality killer... (We moan when people throttle BitTorrent, but when it's called QoS, it's "Smart"!)
Behold, de-evolution.
claps the disappointed clap... of the disappointed :o)
I had my google account suspended for a few hours a few months back. Why? Because, I was sending myself a set of icons, and I carelessly dragged the folder in, which caused each one to upload separately (30 altogether). I noticed it quickly enough, and closed the tab. When I went back in, my account was suspended. No recourse. Nobody to talk to. Nobody to complain to.
Honestly, I'd rather just pay a monthly fee for the damn thing if it meant a unilateral action such as an account suspension wouldn't happen without prior warning. I'm serious Google. It's a good service. Take my money.
Yes it is. The SLA is 99.9% uptime until you do something against their terms of service, but even then you'll still have somebody call and complain to.
Also, I'm not positive, but I'm pretty sure it's standard to set it up on your own domain and forward data from any gmail.com addresses you care about.
I tried to use their service to do that recently since I do like the GMail interface, but I couldn't create an account. The domain name had apparently already been used with them by a previous owner. There was no obvious way to fix it other than to kick someone else out of their gmail (as far as I could tell -- I'm not sure what exactly would be reset in the process), and no way to contact customer service unless you already had an account. Since I couldn't safely create an account without talking to customer support, and couldn't talk to customer support unless I created an account I was stuck in a catch-22. By that point, I realized that I don't want to deal with yet another god-damned unsupported Google product and made other arrangements. Hell, I would have been willing to pay $5/mo at the time too -- it'd be a lot easier than what I had to go through to get my mail working. Maybe their support is fantastic once you get an account working; I don't know -- I couldn't get that far to find out.
Out of curiosity, what about gmail is so important that you dont move to a different mail client (paid or otherwise)? Or is it simply the fact that you haven't found an alternative that you like?
GMail isn't just a mail client though; it's a web server and a client with push email, calendar syncing, etc; it's basically a simpler version of Exchange.
Are there any good alternatives? Are their any alternatives at all?
It's partly inertia and knowing that it would be a hassle to switch email addresses. But also, I think it's a phenomenal service. It's quick, and has great ui. Great spam filters. Great security - recently google added two-factor authentication as an option, which I love, since so many services are tied to my gmail account. In addition they have "shadow accounts" for services that need your password to function (usually other email clients) - so if you setup IMAP on your phone, and your phone is stolen, you can simply disable access for that client. The total package is great.
Ditto. I find it hard to believe that receiving 30 attachments in quick succession would trigger an IDS. People do that sort of thing all the time (try playing with "git send-email" sometime).
My guess is that it was more like 300, and cc'd to a bunch of external addresses such that it looked like spam.
So macspoofing: what did you have to do to get the account reenabled?
This is one of the things that makes me worry about using Google for email. When it works, which is almost all of the time, it works great, but when there are problems, it is difficult to get assistance.
Shouldn't this worry you about ANY email service; even those that you are 100% in control? Backup important data to separate services; have separate services to read this data; do it often, including the read -- make sure your backups work.
Yes, but the specific problem with Google is they have practically zero customer support. There is no one you can call to get help, and they apparently feel no obligation to respond to problems in a timely fashion.
If a 100K people, an insanely huge number, experienced crippling Gmail failure, that is roughly a 0.1% chance that it would affect you on your lifetime. Avoiding Gmail for this is like avoiding planes and cars and houses because you saw on the news that one blew up somewhere.
It's not only email. I got my adwords account banned in a ridiculous manner (got banned out of the blue 18 months after a supposed offense), the email replies were so generic and unhelpful (and obviously not written by a native English speaker), it was really infuriating. Fortunately for Google they can do without my $200 yearly spending on adwords.
For a post titled "How I Lost Access to my Google Account today" this article does a terrible job explaining how he lost access to his account. Was it just a totally random alorithmic error? The guy doesn't even have a theory about what he might of done?
This is the main thing which sucks about all this. I still don't have any clue on why this happened. The "how" is exactly how I explained it: I woke up this morning, and my account was disabled.
>Was it just a totally random alorithmic error? The guy doesn't even have a theory about what he might of done?
I lost my adwords account one day, I wasn't even using it at the time. From what I gathered from support I lost it because a year and half earlier I had run two ads that were against the TOS. These ads were running for a total of 4 hours BTW and were of course approved by Google before going online.
I have no idea how they tune their algorithm so recklessly. I posted about it on HN before and someone brought up the idea (from experience) that the landing pages I used (I did not own the landing pages) were changed during those 18 months to something that is against the TOS and my account was flagged because I had used them in the past.
- If you pay $50/year for Google Apps, you can use your own domain name, so you can change your mail server without changing your email address, and you also get access to customer service from Google. I have Google Apps and the one time I contacted them, they got back to me right away.
- Just like it's a good idea to backup your local computer, it's a good idea to backup the data in your cloud services. There are numerous options. Backupify, CloudPull, and ThinkUp (thinkupapp.com) are some which come to mind.
but in this way you dont have support and if something is not working you have no one to complain with.. even though it seems by what i'm reading here that no one is safe, neither paid google apps users...
I use Apple Mail for backup. The only issue is the TTL setting for the DNS MX record. Some domain hosts set this to 24 hours, which means it may take up to 48 hours for all mails to get through after you switch to a different mail server.
On a side note, it's sh*t like this that make law makers create crazy laws that would stop poor support like this.
I for one would almost want government intervention to make sure when cloud services cut you off, they don't take hostage of your data and history too. I recognize it's a terrible/horrible solution, but if the companies themselves can't do the right thing, government mandate would have to be next. Cause in this case, it's not like we can vote with our wallets to make it go away when the stuff is free.
Also, imagine the number of jobs Google could create if they hired and trained a support staff for all their products? There's a lot of stuff that would still benefit from a human touch.
Yes that's the danger for Google all it takes for one case to go very high profile and they will be living with the court/government sanctioned remedy - that is why banks and other organizations have independent ombudsman - they want to avoid the government stepping in.
> I have been a Gmail user probably since 2004, and I have tens of thousands of work-related and personal emails stored in my account, some of which being extremely important to me.
We tell people they need backups. With a TOS like "we can shut you down at any time for any reason", you definitely need backups for Gmail too if it's important.
Isn't the question of why the account was locked just as pertinent as how?
What would be racing through my mind was my account hacked, as if so maybe other services I use be hacked.
Or did I possibly break the terms of service? If so, what may have been the justified reasons for me doing so, or Google's reason for preventing me so?
That's where full communication with Google would be so essential to remove the ambiguity and resolve what may be a bigger question at hand.
Im glad this happened, because while painful, it makes people think about their total dependence on a corporation being nice to them.
You can take back your power by using smaller corporations for essential services such as email, making sure they are NOT located in the USA (should be obvious, but I feel I should reinforce that you cant get privacy in the USA).
Then again, if you use Google, perhaps you dont care about privacy in the first place.
This is a little scary, a lot of people rely on Gmail. Im sensing a fundamental shift from "Free" to "Pay for it" for exactly this reason. When you are a free customer, no one has to care about you. When you are a paying customer, you suddenly have a voice.
And no, having ads does not mean that you are paying. Someone else is paying for those ads, if anything they are sponsoring your ability to enjoy a free service devoid of customer support.
For the record, if you just read this and you can't/won't switch off, make sure you have recovery options set to recover your account. You can setup:
- An alternate email
- A phone number
- Alternate email addresses
- A recovery question
Note, however, that the latter will only work if your account hasn't been accessed in 24 hours. If you have 2factor enabled, make sure you have backup codes printed as well.
Cloud-based services are great, but I think it is wise to store a local backup of your data. I wrote an app called CloudPull (http://www.goldenhillsoftware.com/) to do exactly that for your Google account. Whether you use my app or an alternative, you need local backups.
I tried this, but Thunderbird simply locked up due to the sheer volume of emails (I subscribe to LKML and other high-volume mailing lists). I haven't been able to find any good backup solution anywhere, and articles like this really scare me.
Thunderbird 11 is much better than Thunderbird 3.x was at handling a GMail backup. I've just finished backing up ~120,000 messages using Thunderbird 11 (archiving them into monthly folders about once an hour during the backup), and it's doing fine. (I tried the same thing a year ago with Thunderbird and gave up after 45 minutes.)
good to hear. I had tried THunderbird in the past but it would just crash. Just started today for first time in a year and just upgraded from V7 to v11. Working good so far.
The OS X Mail.app does an excellent job of backing up your Gmail account using the standard POP3 and IMAP protocols.
Every email I've received in the last eight years is stored on my MacBook, indexed in Spotlight, backed up in Time Machine, and available for offline reading whenever I need it. If my Gmail account was suspended tomorrow it would be a nuisance, but I would not lose any data and could recover from it quickly enough.
If you're on a Mac, DEVONthink Pro Office has an option to import email into a database. The archive option in DEVONthink keeps all the attachments and everything, and you can easily search for an open an email, and it will open in your local mail client.
is there not a business opportunity here? to make something as reliable as Gmail, but with better care and attention to Users, that a person could roll their own mail service from it?
Yea, unfortunately not everybody has the good fortune of making it to the top of HN. I had a personal Gmail account wrongfully disabled over a year ago, and after filling out every form I could find and not receiving any helpful feedback for a year, I just gave up and decided to cut my losses. However, after reading this article I checked to see if it was still disabled and, lo and behold, I was logged in! I still don't know whether to be happy or pissed, but at least it works for now.
My advice for those that have other Google services tied to an email account: do not use that account to send email. You minimize the odds of getting banned and frozen out of a lot of things
Somewhat of a sidenote, but this is why I refuse to use google+: my gmail account is too important to me to risk of linking it to another google service. Especially considering the stories of people's entire google accounts getting shutdown randomly because of an "algorithm" or whatever.
I like the products google makes, but their complete refusal to have any sort of customer service makes me hesitant to rely on them for anything beyond what I trust them with now.
"The stories" are sort of an exaggeration. My memory is that Google did that (disabling a gmail account while freezing a google+ account) once, apparently by mistake, and corrected it within something like 48 hours. Are there other examples I've forgotten?
Well there was that kid who lost access to his gmail account once he put his real birthday into G+.
Because he was underage and it was illegal for Google to serve him email?
I don't think that it's technically illegal to serve email to someone under 13 years of age. That's just the conservative take on the law that most sites have taken.
[You may be able to allow < 13 year olds with parent's permission, but most sites probably feel that it's too much effort/risk to do that.]
Linked article? Other people in this thread?
It is not an exaggeration.
It has happened to me - I lost everything, calendar, email, g+ (which I had not ever updated and had no ToS violations on), absolutely everything.
In the next two days I googled (yes, I did) for answers while receiving automated messages that seemed to indicate I was never getting my accounts back (submitted the form they asked me to, but nothing came of it).
I lost my appointments, contacts, and had business people doubt my veracity, as I'd just given my gmail to several new contacts and their initial emails all bounced.
If I hadn't had multiple friends inside of google I might never have gotten my accounts back, and I heard they weren't even sure what exactly happened other than a confluence of events. I then learned how very very common it is to lose a google account and never know why, and never be able get back anything on them (family pictures, phone numbers stored in contact lists...)
I'm now mostly divested from google and the things I still have there I now have backups and redundancies for.
yeah you shouldn't need to have friends inside Google to get basic customer service
My mother had her account hacked.. she never got it back, despite trying repeatedly.
And she had all of her digital life in there.
She made for herself another Gmail account which she has safeguarded a lot more, but it's still chilling to know that you have no recourse.
Gmail is so convenient, that it's hard not to use it, but I'd pay for customer service.
> but I'd pay for customer service.
So pay for it? I'm not saying that it's right for Google to do this, but they do offer that option. With a Google Apps subscription, you get support.
Many, many times we've heard these stories from even paying customers of Google.
Generally, if it can't be implemented by an algorithm, Google's not going to do it, ever.
With paying customers? That will continue until they face their first lawsuit...
Lawsuit for what? Google's terms are set up such that "we algorithmically decide to provide you with nothing whatsoever in exchange for your money" is perfectly within their rights.
Not in many countries, there are consumer protection laws.
Confirmed. When I say Google supplied me with the single worst customer service I've ever had, I do mean customer. Not user. Customer.
e.g. "24/7 Support" meant I was free to sent them an e-mail anytime, day or night. Or I could call the 800 line and leave a message ("Calls are usually returned within two business days!").
When I did get through this way, I had to run a gauntlet to convince the asshole (and he was an asshole) that I'd exhausted every imaginable self service option before having the audacity to call for help directly - even though this was the exact service I was paying for.
Seriously, you'd think I'd called 911 to report that I was running out of milk and eggs. In reality, my accounts had vanished completely. Business accounts, I might add. Not that it mattered to Google.
Like an earlier commenter noted - if you use Google for anything that matters, you'll probably be okay. After all, the odds are in your favor. But if you do get screwed, you get screwed completely, suddenly, and without warning. And that's true of customers and users alike.
Uh, have you even read the linked article?
a PAYING customer of gmail lost his account.
He's paying for Gmail+Docs storage, that's not the same as Google Apps for Business. If he were paying for Google Apps for Business then he has a 24/7 support phone number that he can call.
hum, i stand corrected on the technicality.
but still, he is having problem with his account used for gmail, which he pays.
why does he have to pay yet another product to have support for the one he is having problem with?
do you have to buy a 2liter coke to be able to complain that they delivered the wrong toppings in your pizza? makes no sense.
A phone number that apparently isn't so great: http://news.ycombinator.com/item?id=3840287
That's what I thought. When Google Apps for businesses came out I was interested in subscribing, so I asked their customer support about what migration paths they offer. I never heard back from them.
Your mother didn't have multiple friends inside Google.
This is the story we hear again and again - you CAN get customer service from Google if you have contacts inside or you can raise a big stink at some forum that Googlers read.
It sounds more like your Google account was disabled for some reason and it had nothing to do with your G+ profile.
Even if the stories are an exaggeration (which I doubt), the complete lack of any sort of human support is problematic. I get why a company of google's scale relies on heuristics to identify issues, but it's /really really important/ that when those things go wrong -- as they certainly will -- there's some sort of recourse.
The black box google currently presents makes me uninterested in trusting them, since to do so would present a lot of risk (losing my email) with very little reward (a sort-of-better facebook clone).
Yes and what Google does not seem to realise that there is a lot of legal precedent and custom and practice that expects that if someone is penalized there is some sort of appeal process.
"Examples" and stats aren't worth a damn thing when it happens to you. When Google tweaks things and you're caught in the middle, 100% of your e-mail, Adsense, Adwords, Apps, GAN, Docs or whatever is cut off with almost zero recourse.
My Google+ account was suspended because I had entered my "real name" as "Alan / Falcon" when I signed up since I was using the service as a kind of meta social network for online friends who I didn't know personally and wanted to keep that separation between my real identity and my meta identity. I'm sure if I'd omitted the slash I wouldn't have been suspended, and my name is definitely not really Alan / Falcon, but the whole thing left a very sour taste in my mouth. I wasn't able to use the network how I wanted so I just left the account in the suspended state, with a giant full screen pop-up appearing every time I followed a link from HN to a G+ post. Fortunately none of the other Google services I used were at all affected, including GMail or Blogger. But I went ahead and finally just updated my name to my real name on Google+ now to avoid a situation like this if Google decides to change its algorithm to something else and flags my permanently suspended account. Note that the account is still suspended so far as I know, pending review of the name change I submitted.
On a related note, I'm actually bummed that iCloud is free. I felt better about access to my data when I was paying yearly for MobileMe, and in fact started recently experiencing some issues getting Mail in Snow Leopard to recognize my iCloud account and finally ended up just upgrading to Lion to resolve the issue. (Yes, the $30 OS upgrade is cheaper than the $99 MobileMe cost, and I'm glad I upgraded because I'm enjoying using Lion, but I dislike how easy it is for Apple to say now that it's a free service they're free to stop supporting anything that isn't the latest iDevice or version of their OS if things happen to work out that way.)
Apple had no problem killing MobileMe and screwing paying customers.
Why screwed? MobileMe migrated to iCloud seemlessly and you had to pay nothing. Plus the service now is even better for free! I don't see that people get screwed.
"Even better"... more like different. MobileMe and iCloud have a fairly different feature set. If you used one of the things that was in MobileMe but not iCloud... too bad.
Right. And Apple provided paying MobileMe customers with 25GB of storage for free the first year. However, with the lack of an iDisk replacement, it's pretty hard to use up that space.
In other words, that what we did get, is pretty useless.
Sure but iDisk was little more than a generic WebDAV service, so you could easily replace it with a service from another provider with the money saved.
No, your email is that important to you, but you're trusting it to a company that may lock you out with no recourse or apparent reason. You can do your best to play nice and hope it doesn't happen, but that's just hope.
The good news is that the odds are on your side. Most people do not, of course, get their account shut down willy-nilly. But if it happens you're pretty much out of luck.
This. If you're really worried about the safety of your Gmail account, maybe it's time to consider moving your email somewhere else. Sure, you can back your email up, but if your account is suspended you'll still lose access to your address.
I moved my email over to Fastmail.fm, a subscription email service, around 8 months ago. They've been in the business since 1999 and seem to be pretty reliable. The web interface and price obviously doesn't compare to Gmail, but all the other features are there.
If you're really worried about the safety of your Gmail account, maybe it's time to consider moving your email somewhere else. Sure, you can back your email up, but if your account is suspended you'll still lose access to your address.
Or: use Google Apps for Domains, so that you can easily switch to another mail service when necessary, and have one machine make a backup with offlineimap.
This. Also, if you use Google Apps for Business then it's only $50 per year and you get a dedicated, 24/7 support phone number you can call.
Seriously, Gmail is free, you really can't complain about something that's free (yes, I know you "pay" by looking at ads, but when you can upgrade to the "premium" service for $50, never have to look at another ad again and get 24/7 phone support, why wouldn't you?)
>The web interface and price obviously doesn't compare to Gmail
Their new web interface currently in beta at https://beta.fastmail.fm/ is very nice. I've been using it (the new interface) for few months and don't feel like I want to go back to Gmail at all. (Then again I don't use labels in Gmail, so your mileage may vary.)
I'd love to use fastmail, but at least when I last tried it (two years ago) at least 1/10 messages I sent just vanished. Never went to my sent folder, never got delivered.
And today, you tell me to go to beta.fastmail.fm ... a site that looks like this: http://o7.no/IPvfHo
Note broken images, missing Latest News, and they can't even spell Fastmail correctly (see below "Login to your account"). This does not inspire confidence.
Their beta front page has been like that since forever and I'm not sure why it hasn't been fixed. Regardless of such blunder, I've been using FastMail reliably for almost two years and the only problem I've ever had was when DynDNS decided to no longer response to +recurse query (which they fixed it pretty quickly, within 12 hours, faster than it takes DynDNS Support to even response).
[Off topic: I think FastMail support system is pretty lame; despite being an email service, the only way to contact their support is via... web interface. They have few weird quirk like this but it's not something I couldn't live with.]
Looks like those image urls resolve on the fastmail.fm domain, but not the beta.fastmail.fm domain:
https://beta.fastmail.fm/pages/fastmail/images/fmlogo_horiz_...
vs.
https://fastmail.fm/pages/fastmail/images/fmlogo_horiz_320.p...
These sites (Google, Facebook) pull shit like this and then hide from their users.
People need to think things through before uploading all of their stuff to "the cloud." The network is a transmission medium, not a place to keep things. If you own a connected server, that's one thing. But why trust all of your data to some third party who can pull the plug on a whim and leave you with no recourse?
Here's Microsoft's moronic account-recovery procedure for an inexplicably blocked Hotmail account. It's IMPOSSIBLE to follow the directions:
http://farm6.staticflickr.com/5306/5773538918_fa4af1de42_b.j...
But GoDaddy can pull my DNS name just as easily. Or my ISP can cancel my hosting account. Or the government can break into my house and steal my desktop.
There is no such thing as a safe system with one point of failure. No matter what medium you use to store data, you must always have a backup. It's the only way to be sure.
(Personally, I pay the $5 a month for a Google Apps account. It's convenient to let Google host my email, but if something goes wrong, I can always change my MX record and start collecting my own incoming mail again. And, I don't have to block ads anymore :)
Ha, you're right: GoDaddy would and DOES rip off customers and screw them by capriciously pulling their domains:
http://www.wired.com/threatlevel/2008/03/godaddy-silence
In support of your (and my) point: Local storage is now dirt-cheap, small in size, and spacious. Exactly the WRONG time to start turning your data over to someone else to store "in the cloud."
Storage is cheap, but administering a well-secured mail server is difficult. Providing search and spam filtering is even more difficult. There's a reason why people pay others to maintain email servers: it's hard.
Sure E-mail, but not things like media storage.
I have two small servers (plug computer) on two different locations / providers / IP addresses with all my data. They are synced by rsync. That is my own small redundant cloud. Not expensive and quite easy to setup with some Linux knowledge.
I'd be curious to see a write-up of this. What are the details? Since these are plug computers are they just at two residential locations, or are they actually in co-lo? How do your keep your desktop/laptops in sync? Remote mount? also rsync?
I have a house and a flat 120 km away from each other. One is the master the other the slave. The master is read/write the slave read only for the clients. They are mounted with sshfs (not ideal with interrupted WiFi connections / reconnect issues, might switch to WebDAV) by the clients Laptops, Desktop, Nokia N900es etc.. They sync with a cron job. Also they test if clients are nearby (Wifi) and rsynces them for backup purposes. The main data is all on the master/slave servers. I sync manually to clients if necessary for offline work(driving by train etc.)
The plug computer is a Sheeva plug. There is a low power WD USB 1 TB drive connected, power consumption in idle is <5 W.
Thanks for replying. I imagine you also have some sort of backup regiment outside of the 'cloud.'
Why? Do you think this is insecure?
Well, it's a mirroring technique. Sure you're mirroring to an off-site location, but I'm assuming there is no versioning happening (i.e. snapshots). If a file becomes deleted or corrupted on the master, then that change will propagate to the slave, and you will no longer have the file.
Correct, but one can use rdiff-backup http://rdiff-backup.nongnu.org/. Since I use mercurial for critical files I have some versioning.
Same here, would like to use Docs more and use Picasa more, but I don't want to risk losing gmail access.
You can get backups of Docs & Picasa: https://www.google.com/takeout/
Gmail should let you download all emails into an email client, but the point people are making about losing access to the address itself remains very valid.
Would be interesting to know if anyone has ever lost access to their account and filed suit in an attempt to get it back. Current MegaUpload case is a bit different, but related.
What I don't get is why the very first step in Google's automated process is to lock down the entire account. The debate is around the scalability of support, but that doesn't explain why the automated first response is so radical and so radically stupid.
The anger and rage Google provokes by not letting people log in and access their own data is totally unnecessary. They could just as well let people log in, view their data and receive email but prevent them from sending mail, publishing content, uploading more stuff, etc.
This is not simply about automation or no automation. It's about smarter automation and an intelligently staged response to any suspected issues. If algorithms are to be accepted as decision makers, they have to be gentle and not treat everyone like a criminal as soon as there is some suspicion.
I suspect it's for the same reason as they never reveal any details about their search ranking techniques or why some SEO or suspected fraud got your AS/AW account banned - it's an information leak which people will abuse.
The downside to running such a heavily automated ship is that without countermeasures, a sophisticated attacker could map out the thresholds of your fraud/misuse detection system, and then keep just below triggering point.
On top of that, there are actually situations in which you might want your account to be suspending quickly - ideally before an intruder can cause too much damage or access any valuable information.
Some sort of graduated response is clearly necessary, but the real issue is the complete lack of timely dispute investigation/resolution. And it's probably a hard enough problem to resist automation for quite a while yet.
Edit: This obviously only applies to situations where they might reasonably expect you to be malicious, or someone else to be in control of your account. Immediate irrevocable suspension over some tiny ToS violation is pure madness
So we have two cases:
1) A suspected TOS violation by the legitimate owner of the account.
Trying to prevent this via obscurity is crazy and counter-productive as people cannot learn from honest mistakes. It also antagonizes people who become victims of bad algorithms. There is no reason why the kind of staged response I outlined couldn't work in this case.
2) A suspected security breach that puts ownership in doubt.
This should be handled by resetting the password and contacting the legitimate owner using contact information on file before the breach. It's really simple.
I imagine it goes like this:
1) attacker guesses your password or obtains it via phising.
2) attacker changes password, starts sending spam
3) google locks account
When you have arrived at 2), you have already lost the account for good, and 3) is only for damage control.
You should know that Google has no way to verify whether your account has been hacked, or whether you yourself are a spammer; therefore the best thing for them to do is just to lock the account.
That's not the best thing to do, that's the most unimaginative thing to do.
I would do it this way:
1) Make sure that only the legitimate owner has access to the account by using previously entered contact data to ask him/her change the password.
2) Check if the suspicious behavior stops, which it will in most cases.
3) If it doesn't stop, put the account in read-only mode. If the kind of behavior may be an honest mistake, explain to the user what happened. Just take that risk, it's going to be worth it.
4) If it's a statistically active user with lots of regular looking data, let a human sort things out.
5) If the issue remains unclear, tell the user to download any data he wants to keep and notify him/her that the account will be closed.
Yes, that would be better for the user, but this is a free service, and Google has not much too gain from making the process more complicated (imaginative) and thus more error-prone. As a user you have the responsibility of keeping your password absolutely safe, if you do that (and better yet use 2-factor auth), nothing should go wrong.
Your option 1) boils down to adding more "passwords" by which the user can authenticate itself, so it's not a fundamentally better protection as they can be guessed by an attacker as well. Requiring a text message confirmation for password changes might be a better idea.
All steps on my list are either fully automated or optional, so it doesn't cost them more.
Google has a lot to gain from people entrusting them with their data, that's why they provide a free email service in the first place.
It would be a mistake to think that trust is linear. You can't just treat a few people very badly without risking a major backlash against your business model.
OP says >>We've all (yours truly included) heard about the importance of owning your digital data, the downsides of vendor lock-in, and how if you're being provided a free service, you're the product, not the customer. But I honestly never understood how deep this problem is, and how severe the consequences can be ("surely this cannot happen to me", right?!).
Excellent point.
Btw one easy way to maintain a local copy of all your gmail-emails is to use a mail client (like Outlook or Apple Mail) with gmail. With Outlook, for example, you can easily download and move emails into a PST/OST file on your PC.
"one easy way to maintain a local copy"
The other way is to maintain a non local copy by setting up a forward to another email account elsewhere. That's automatic and doesn't require downloading to your local machine and happens in real time.
Backing up is fine, but the problem is you still don't own your identity. If your email address is xxx@gmail.com you've lost that forever and that could be a big problem.
That's a problem anywhere. You have to own your own name or share it with someone you trust for life or just adapt to change like we did before cell phone number portability.
As long as you still have your adress book you can set up a new account and tell everyone. If you have that adress book, that is.
Set up your own domain name for $5/year or less and use the free email aliasing that comes with it,
e.g. paul@wvenable.me would be aliased to paulharris@gmail.com at your DNS provider.
Then you only ever pass around wvenable.me addresses. If you get a good provider, they will give you unlimited free aliasing (though they may not allow catch-all address for free, which redirect anything@ to some default address, due to spam potential).
Combined with monthly backups via IMAP or export from your actual email providers, you will never be dependent in either identity, contacts or content with any single provider.
Needless to say, all of the above is trivial to setup for a typical HN'er.
Which is great unless your PST hits the 2GB mark and corrupts. Has happened to me a few times and it makes for a distressing and wasted period of time. Newer Outlooks are meant to avoid the limit but an upgrade didn't help me last time.
Which version are you talkin about? There were a 2GB limit in Outlook Express (the free one shipped with XP and i suppose older ones) for its dbx files: when you reach the 2GB limit, you cant receive (or send) files anymore. It was particularly nasty if it happened on your sent folders, because emails were continously pulled from outgoing, sent to receivers, failed to copy into sent, copied again in outgoing for the next send cycle, so if you didnt intervene you'll have people flooded. Office Outlook (the paid outlook) had not this problem (at least since 2003 to 2010), I manage a network of 100 users circa and we use Outlook for multiple personal and office IMAP accounts, and some of them are way larger than 2GB. Sometimes corruption happens on PST files, but I cant relate it to their dimension.
And, by the way, you can always use Mozilla Thunderbird
Microsoft acknowledge that PST files can corrupt when they hit the 2 GB limit in Outlook Standard Edition 97, 98, 2000, 2002:
http://support.microsoft.com/kb/296088: "This problem occurs because the .pst and the .ost files have a 2 gigabyte (GB) size limitation, and the error message occurs when it is exceeded. "
Solution: don't use Outlook. Better use e.g. Mozilla Thunderbird.
I don't quite like the way Thunderbird works. I use it for one account, but not my main work. Would love to give up Outlook though.
I don't really pay much attention to version numbers, but first had it with an older version (97 or 02?) then again with 07 it might've been? Whatever I'm using has the Ribbon.
Better: fetchmail and/or offlineimap, stored to a real mail storage format, preferably maildir.
Available on all sane platforms. Linux distros natively, Mac OS X (you might need to go to DarwinPorts for the software), and Windows (via Cygwin).
Note with offlineimap, changes on the server (e.g.: mail deletions) will be reflected on your local archive when re-synched. If your goal is archival, you'll want to copy the local mail you want to save permanently elsewhere.
Just out of curiosity, did you use two factor authentication on the account? I understand that a common reason for accounts becoming disabled is because someone guessed the password, logged in, and then sent a bunch of spam (or something similarly evil). Two-step authentication makes this attack significantly more difficult. (But, of course, it makes your email harder to use. And malware can still steal your "remember this computer for 30 days" cookie.)
No, I was not using the two factor authentication feature. I still don't know what caused this, but yeah, my account might have been hacked.
This happened to me once and it took a while until they reinstated my account. To date I have no idea why it happened. I thought about moving to another service, but unless you setup your own SMTP server (probably not a good idea), you never really have full control.
Here is what I recommend you do (before getting locked out):
1. Use your own domain for email and host it on gmail (free) - do not use yourname@gmail.com, but yourname@yourdomain.com.
2. Create a secondary email account and have your primary account forward all emails to it.
If you get locked out, your account still accepts emails. I believe that forwarding still works as well, though I haven't been able to verify it (need to get locked out again...).
Then either respond from your secondary account, or change your mx records to point to another service, or even to your own temporary SMTP server.
It's not a complete / ideal solution. You still don't have access to emails you sent (could be done using IMAP, but I didn't bother) and to other Google services. But it might be OK as a temporary solution until you get your account back.
Some paid services have a feature that forwards a copy of all of your sent messages to another address in real time. They do this by adding a BCC to every sent message. This allows you to have copies of every single message, both sent and received.
Why is setting up your own mail server a bad idea? I've been running my own for 13 years now (plain old postfix and dovecot on whatever linux distro I favor at the time). It works great.
I agree, it's not necessarily a bad idea. I meant that most people (even most hackers) probably won't do it. I think the biggest issue is reliability, since if your SMTP server is down emails sent to you are rejected.
Meh. I had it running on a line at my home for years. It's been on Linode for the last 2.5 with near zero downtime (Linode had one outage in Texas, I've rebooted a few times, and did a distro upgrade once). Looking at moving it to AWS at the moment. Really, it's easy.
This is a bit of a misunderstanding of how SMTP works.
If you run and maintain your own SMTP server and it goes down, you won't be able to send email.
Everyone else will still be able to send email to you, and it will be delivered to you, and you'll be able to read it.
Now, if you break Postfix or something on your server and start bouncing emails then you can be in trouble, or if you mess up the DNS somehow.
But generally running your own mail server is a set it up and leave it alone type of affair. Any junior level hacker can cobble one together with guides online and have it up and running with no problems in a few hours.
No, the misunderstanding is yours. Postfix IS an SMTP server. SMTP servers connect to other SMTP servers to deliver mail. Your mail comes into an SMTP server just as it goes out an SMTP server.
ocelotpotpie meant that SMTP servers are designed to reliably queue mail and retransmit. If your mail server goes down, you don't lose mail. The senders will just try again later. Downtime on an SMTP server impacts delivery latency, not reliability.
Senders will keep mail for you in the queue only for a limited time, after a few days (IIRC) your mail will bounce. So if your host or ISP unfairly takes down your SMTP server and you have to go to court with them, you WILL lose mail.
Generally, running an SMTP server is quite a responsibility: not losing mail, not being exploited to send spam. What matters is not so much that you can set up in a few hours, but whether you want to take on that responsibility.
What? No. You just get another host somewhere (free amazon micro EC2, etc...) and point your DNS to that via your registrar. The only thing that can prevent mail service with longer than ~24 hours latency is a seizure of the domain.
Most SMTP servers trying to send to you will try for many days before giving up. A typical configuration for a sender may get give a warning after the first 24 hours and then a bounce after another 48 hours, so normally you'll need to get your server back up and running within three days before you'll actually lose mail.
It's a bad idea for most of us.
I used to own and manage my own mail server when I had to do it for my business back in the day. I had to be up to date in all involved email server management and its perks anyway, so it wasn't a lot of extra work. Now it would be. For a normal email user, it would be a nightmare.
I'm the kind of person who's very disrupted by having a ton of small tasks in the background all the time. Maintaining your own email server adds a bunch of them, even if you are already knowledgeable (keeping your domain(s), storage & redundancy, having to maintain a server with good uptime and with a lot of security concerns - it's online and it broadcasts its IP in headers, it's immediately spotted as running an email server and targeted to be made a spam-relay or worse).
If you're not even knowledgeable about it, the amount of stuff you need to learn and be familiar with is ridiculous. Maybe they don't even occur to you off the top of your head now, but the amount of little things one learns over the years about server maintenance is massive and a lot of it is absolutely necessary to run an email server with guarantees. Having to "insource" all that shit work is something I've been trying to avoid but I'm afraid I will have to do. I rent, this means sometimes I have to move and keeping servers 365/24/7 is a problem. Typical home connections are rather shitty for an email server in terms of uptime - you'd have the occasional email silently not arriving (depending on sender retry config) and also the occasional bounce (server coming back up but not properly - happens) and that doesn't look good for serious communications this day an age. And like that, a large number of concerns both particular and common to each email user.
Having backups (also involves shit work but not as much) mitigates the problem but for some of us, simply to stop receiving email at a certain address for a couple of days can cause a lot of trouble.
I agree with you. There are quite a few commercial webmail/imap/pop providers, though. I've been using one for years now. I refuse to do free email since I lost my yahoo mail over a decade ago, and I like the peace of mind of knowing I can call up some someone for support.
1) Spam filtering. The Google spam filters are likely going to be orders of magnitude better than anything you run in-house.
2) You value your time. Some people don't, it's not really worth arguing this point. But it is a reason running a mail server is a bad idea for most people.
Orders of magnitude is an exaggeration. My account is very visible and very old, and gets 6-700 spam deliveries a day. Plain vanilla spamassassin catches 93% of those, and a little perl filter I wrote gets me to 98-99%. I get a handful of unwanted messages each day. That's just one order of magnitude from perfect; and I know for a fact gmail isn't perfect.
And #2 is just wrong, sorry. I spend minutes a week doing anything at all related to maintenance on that box (I use it far more regularly for productive purposes, though). If you can handle running a linux box from a console, you can learn to do it too. Or don't, it's up to you. But telling me I don't value my time is just out of line.
Re #2: Sorry, I wan't directing that at you and meant no offense. Per your post:
>> I've been running my own for 13 years now (plain old postfix and dovecot on whatever linux distro I favor at the time).
For those of us without the experience of 13 years running postfix and dovecot (and spamassassin and writing perl filters), there will certainly be at least some time investment. That's what I was talking about: the price in hours to go from zero to competent. You may be too competent by now at email hosting to realize that it would not be a minutes per week affair for most people to do well.
Obviously if it works for you, great. Interesting to note that you started running your own long before GMail; the calculus of starting to self-host is different now.
Re #1, you should lend your spam filtering tools to Yahoo! In all seriousness, a handful of unwanted messages per day would be a dramatic improvement to my Yahoo! inbox. Whatever they are doing over there is not as good as what you're running.
GMail isn't perfect. I usually get at least one spam per day, usually for stuff which should've been picked up by any decent spam filter (all caps, or "Hello I am Mr. Otogonoyu from Nigeria and I have US$4.8M to give you...")
I sometimes wonder if GMail lets these through for certain people, and relies on the "mark this as spam" button as some sort of mechanical turk...
Spam filtering got much easier for me once I started using different emails for each website and person. You can just route that particular address to /dev/null without affecting the rest of your emails.
Lots of ISPs block incoming SMTP and other "server" ports (to name one of several anticompetitive--I mean, security-enhancing--practices).
And MX records don't support an alternative port to my knowledge.
Unless you shell out for the "real internet" (the business package) it's like fighting an uphill battle to run your own servers anymore.
Ahhh the Internet... I remember that.
There are paid services that relatively cheaply fix this by being your MX-record and forwarding mail to your own local SMTP server at a configurable port.
Yup. There are free ones too (for example, http://domainmx.net/ -- if you are willing to trust any third party, with your data, or can convince everyone emailing you to use encryption) but, even the pay services put us squarely back in the realm of not owning our data. I can use Gmail that way already (as intermediate storage for when my server's not running, and I can use + in addresses to sort incoming mail for local users).
What gets me is that email was one of the first peer-to-peer networks, and 90% of people, including myself, on residential links, are excluded from using it as designed. It seems more wrong to pay to solve a man-made problem. Free webmail is "good enough" if I'm just going to pull my messages offline and use it as a relay...
I remember there being "more internet" on my 28kbps modem... Port 25 and 80 worked from home, SMTP servers didn't reject mail from anyone on a residential ISP. I actually wrote a letter to my ISPs when they started blocking SMTP (yeah, I'm THAT guy)... Their argument was "but spammers," and they wouldn't make an exception for 1 out of a thousand. I even wound up switching providers over it. A year later everyone was doing it and there was no stand left to make. Spam is our "airport security" scarecrow (among others... copyright, porn, etc)... We'll undo the whole thing if we have to.
And so Gmail it is, until Email 2.0 comes around, and is new enough not to be intentionally broken, or I decide to shell out and license the real internet from my oversubscribed ISP that throttles uploads so noone can offer new and interesting services using their networks that might compete with them.
Don't get me started on QoS -- the neutrality killer... (We moan when people throttle BitTorrent, but when it's called QoS, it's "Smart"!)
Behold, de-evolution.
claps the disappointed clap... of the disappointed :o)
I use https://www.backupify.com/ to back up all my emails continuously if this should happen.
> unless you setup your own SMTP server (probably not a good idea), you never really have full control
Why does it matter? You're not storing data on that server or anything, so the cost to leave is negligible.
I had my google account suspended for a few hours a few months back. Why? Because, I was sending myself a set of icons, and I carelessly dragged the folder in, which caused each one to upload separately (30 altogether). I noticed it quickly enough, and closed the tab. When I went back in, my account was suspended. No recourse. Nobody to talk to. Nobody to complain to.
Honestly, I'd rather just pay a monthly fee for the damn thing if it meant a unilateral action such as an account suspension wouldn't happen without prior warning. I'm serious Google. It's a good service. Take my money.
I rely on google so much, I would certainly pay for support if the option was available.
Isn't that what Google apps for business offers?
I don't know if you can port an @gmail.com email address in, but if you have your own domain for $5 / user / month you get phone + email support.
Yes it is. The SLA is 99.9% uptime until you do something against their terms of service, but even then you'll still have somebody call and complain to.
Also, I'm not positive, but I'm pretty sure it's standard to set it up on your own domain and forward data from any gmail.com addresses you care about.
I tried to use their service to do that recently since I do like the GMail interface, but I couldn't create an account. The domain name had apparently already been used with them by a previous owner. There was no obvious way to fix it other than to kick someone else out of their gmail (as far as I could tell -- I'm not sure what exactly would be reset in the process), and no way to contact customer service unless you already had an account. Since I couldn't safely create an account without talking to customer support, and couldn't talk to customer support unless I created an account I was stuck in a catch-22. By that point, I realized that I don't want to deal with yet another god-damned unsupported Google product and made other arrangements. Hell, I would have been willing to pay $5/mo at the time too -- it'd be a lot easier than what I had to go through to get my mail working. Maybe their support is fantastic once you get an account working; I don't know -- I couldn't get that far to find out.
Out of curiosity, what about gmail is so important that you dont move to a different mail client (paid or otherwise)? Or is it simply the fact that you haven't found an alternative that you like?
GMail isn't just a mail client though; it's a web server and a client with push email, calendar syncing, etc; it's basically a simpler version of Exchange.
Are there any good alternatives? Are their any alternatives at all?
Yahoo Mail has pretty much the same services and it's based on Zimbra. It's pretty good.
Gmail is a brand name, it's like having a .com.
You can use a gmail.com address and still download all the emails to a client running on your computer.
It's partly inertia and knowing that it would be a hassle to switch email addresses. But also, I think it's a phenomenal service. It's quick, and has great ui. Great spam filters. Great security - recently google added two-factor authentication as an option, which I love, since so many services are tied to my gmail account. In addition they have "shadow accounts" for services that need your password to function (usually other email clients) - so if you setup IMAP on your phone, and your phone is stolen, you can simply disable access for that client. The total package is great.
Forgive my ignorance, what would uploading 30 icons have to do with being suspended?
Ditto. I find it hard to believe that receiving 30 attachments in quick succession would trigger an IDS. People do that sort of thing all the time (try playing with "git send-email" sometime).
My guess is that it was more like 300, and cc'd to a bunch of external addresses such that it looked like spam.
So macspoofing: what did you have to do to get the account reenabled?
>I find it hard to believe that receiving 30 attachments in quick succession would trigger an IDS.
Believe it. It happened.
>what did you have to do to get the account reenabled?
Waited a few hours, and it was reenabled automagically.
There are hacks out there that use Gmail as a sort of Dropbox. http://en.wikipedia.org/wiki/GMail_Drive These can get your account locked (https://support.google.com/mail/bin/answer.py?hl=en&answ... see #3).
I bet that uploading a bunch of files all at once could trigger that lock.
I wish I knew.
So the problem fixed itself faster than you could get Comcast to come look at a problem with your cable box.
This is one of the things that makes me worry about using Google for email. When it works, which is almost all of the time, it works great, but when there are problems, it is difficult to get assistance.
Shouldn't this worry you about ANY email service; even those that you are 100% in control? Backup important data to separate services; have separate services to read this data; do it often, including the read -- make sure your backups work.
Yes, but the specific problem with Google is they have practically zero customer support. There is no one you can call to get help, and they apparently feel no obligation to respond to problems in a timely fashion.
If a 100K people, an insanely huge number, experienced crippling Gmail failure, that is roughly a 0.1% chance that it would affect you on your lifetime. Avoiding Gmail for this is like avoiding planes and cars and houses because you saw on the news that one blew up somewhere.
Haven't checked my backups in probably a year or more. Still going strong, and still readable. Thanks for the reminder.
For everyone else, I'm using backupify.com to backup my Gmail and Google Contacts (and sent tweets, for some reason…)
It's not only email. I got my adwords account banned in a ridiculous manner (got banned out of the blue 18 months after a supposed offense), the email replies were so generic and unhelpful (and obviously not written by a native English speaker), it was really infuriating. Fortunately for Google they can do without my $200 yearly spending on adwords.
For a post titled "How I Lost Access to my Google Account today" this article does a terrible job explaining how he lost access to his account. Was it just a totally random alorithmic error? The guy doesn't even have a theory about what he might of done?
This is the main thing which sucks about all this. I still don't have any clue on why this happened. The "how" is exactly how I explained it: I woke up this morning, and my account was disabled.
Here's a link that might be helpful: http://support.google.com/accounts/bin/answer.py?hl=en&a...
Here's a link that might be helpful:
http://support.google.com/accounts/bin/answer.py?hl=en&a...
http://support.google.com/accounts/bin/answer.py?hl=en&a...
>Was it just a totally random alorithmic error? The guy doesn't even have a theory about what he might of done?
I lost my adwords account one day, I wasn't even using it at the time. From what I gathered from support I lost it because a year and half earlier I had run two ads that were against the TOS. These ads were running for a total of 4 hours BTW and were of course approved by Google before going online.
I have no idea how they tune their algorithm so recklessly. I posted about it on HN before and someone brought up the idea (from experience) that the landing pages I used (I did not own the landing pages) were changed during those 18 months to something that is against the TOS and my account was flagged because I had used them in the past.
Some thoughts:
- If you pay $50/year for Google Apps, you can use your own domain name, so you can change your mail server without changing your email address, and you also get access to customer service from Google. I have Google Apps and the one time I contacted them, they got back to me right away.
- Just like it's a good idea to backup your local computer, it's a good idea to backup the data in your cloud services. There are numerous options. Backupify, CloudPull, and ThinkUp (thinkupapp.com) are some which come to mind.
You don't even have to pay to use gmail with your own domain. I find it difficult to find the relevant links, though.
but in this way you dont have support and if something is not working you have no one to complain with.. even though it seems by what i'm reading here that no one is safe, neither paid google apps users...
It's here: http://www.google.com/apps/intl/en/group/index.html
I use Apple Mail for backup. The only issue is the TTL setting for the DNS MX record. Some domain hosts set this to 24 hours, which means it may take up to 48 hours for all mails to get through after you switch to a different mail server.
To backup my "cloud" data, I need to click through vendor specific data download pages every time and then download gigabytes of data every time.
A backup of my local data is semi-automatic by running a shell script that rsync's everything to my USB HDD. I like local better, I think.
You never said "how" you lost your account...
On a side note, it's sh*t like this that make law makers create crazy laws that would stop poor support like this.
I for one would almost want government intervention to make sure when cloud services cut you off, they don't take hostage of your data and history too. I recognize it's a terrible/horrible solution, but if the companies themselves can't do the right thing, government mandate would have to be next. Cause in this case, it's not like we can vote with our wallets to make it go away when the stuff is free.
Also, imagine the number of jobs Google could create if they hired and trained a support staff for all their products? There's a lot of stuff that would still benefit from a human touch.
Yes that's the danger for Google all it takes for one case to go very high profile and they will be living with the court/government sanctioned remedy - that is why banks and other organizations have independent ombudsman - they want to avoid the government stepping in.
> I have been a Gmail user probably since 2004, and I have tens of thousands of work-related and personal emails stored in my account, some of which being extremely important to me.
We tell people they need backups. With a TOS like "we can shut you down at any time for any reason", you definitely need backups for Gmail too if it's important.
https://www.backupify.com/
GApps backup 36 bucks a user a year.
Isn't the question of why the account was locked just as pertinent as how?
What would be racing through my mind was my account hacked, as if so maybe other services I use be hacked.
Or did I possibly break the terms of service? If so, what may have been the justified reasons for me doing so, or Google's reason for preventing me so?
That's where full communication with Google would be so essential to remove the ambiguity and resolve what may be a bigger question at hand.
Im glad this happened, because while painful, it makes people think about their total dependence on a corporation being nice to them.
You can take back your power by using smaller corporations for essential services such as email, making sure they are NOT located in the USA (should be obvious, but I feel I should reinforce that you cant get privacy in the USA).
Then again, if you use Google, perhaps you dont care about privacy in the first place.
This is a little scary, a lot of people rely on Gmail. Im sensing a fundamental shift from "Free" to "Pay for it" for exactly this reason. When you are a free customer, no one has to care about you. When you are a paying customer, you suddenly have a voice.
And no, having ads does not mean that you are paying. Someone else is paying for those ads, if anything they are sponsoring your ability to enjoy a free service devoid of customer support.
Except he was paying, and still got no voice.
I wonder why gmail can't suspend people by giving them readonly access. It could be time bounded, say 30 days, to allow people to migrate data off.
For the record, if you just read this and you can't/won't switch off, make sure you have recovery options set to recover your account. You can setup: - An alternate email - A phone number - Alternate email addresses - A recovery question
Note, however, that the latter will only work if your account hasn't been accessed in 24 hours. If you have 2factor enabled, make sure you have backup codes printed as well.
Cloud-based services are great, but I think it is wise to store a local backup of your data. I wrote an app called CloudPull (http://www.goldenhillsoftware.com/) to do exactly that for your Google account. Whether you use my app or an alternative, you need local backups.
The site went down. Cached: http://webcache.googleusercontent.com/search?client=safari&#...
That sucks. Reading your tragedy I am about to set up a new main identity with local mail storage:
- getting a dedicated domain
- getting either google apps or another web mailer
- setting up new email address for 50+ services
- finding some local client, doing backups and what ever
mail account migration is a lot of work ...
Thanks for such an eye opener!!
Good luck gettings yours back, I'm going to back up mine this weekend!
I mean no disrespect, but if you have no backups for something it's your fault when it's gone.
Google's support sucks and they desperately need to improve it. But people also need to back things up, dammit.
Google's lack of customer service never ceases to amaze.
Don't put your stuff in there, because they are not going to treat it with the same importance that you do.
Are there any good alternatives to gmail that include tools for migrating an existing gmail account?
I avoid using Google services, but for the ones I do use, I have a separate account for each.
So is there anything he did that caused this? Or did it just happen completely random?
Considering the post is titled "How I lost access to my Google account today," there is a lack of how.
It's well known that your data should be redundant, this is one of those 'I didn't make a backup' posts.
User since 2004. Wow. Is there a way to export tens of thousands of emails from Gmail?
Well, there's IMAP and POP. That should do the trick.
This guide show you how: http://helpdeskgeek.com/how-to/export-all-email-from-gmail/
I tried this, but Thunderbird simply locked up due to the sheer volume of emails (I subscribe to LKML and other high-volume mailing lists). I haven't been able to find any good backup solution anywhere, and articles like this really scare me.
Thunderbird 11 is much better than Thunderbird 3.x was at handling a GMail backup. I've just finished backing up ~120,000 messages using Thunderbird 11 (archiving them into monthly folders about once an hour during the backup), and it's doing fine. (I tried the same thing a year ago with Thunderbird and gave up after 45 minutes.)
good to hear. I had tried THunderbird in the past but it would just crash. Just started today for first time in a year and just upgraded from V7 to v11. Working good so far.
Try getmail. I've used it to suck down a very large amount of mail.
I prefer fdm[1], but I agree that cli mail fetch tools are great for this.
[1]: http://fdm.sourceforge.net/
http://www.dataliberation.org/
Yes, any email client will make a local copy of your Google emails.
If you use multiple operating systems, or you want to use a high quality open source client, best choice is Thunderbird (this is what I use).
On Windows the default email client is Outlook.
On Mac, iPhone, iPad the default email client is named Mail.
All of the above email clients will save your emails from Gmail on your HDD.
I used getmail: http://datalinkcontrol.net/dlc/content/gmail-backup-getmail (Leave out the password from the config to be prompted when you run getmail.)
The OS X Mail.app does an excellent job of backing up your Gmail account using the standard POP3 and IMAP protocols.
Every email I've received in the last eight years is stored on my MacBook, indexed in Spotlight, backed up in Time Machine, and available for offline reading whenever I need it. If my Gmail account was suspended tomorrow it would be a nuisance, but I would not lose any data and could recover from it quickly enough.
If you're on a Mac, DEVONthink Pro Office has an option to import email into a database. The archive option in DEVONthink keeps all the attachments and everything, and you can easily search for an open an email, and it will open in your local mail client.
I've found it very helpful.
is there not a business opportunity here? to make something as reliable as Gmail, but with better care and attention to Users, that a person could roll their own mail service from it?
if things are important, set up a google apps for domain, people.
www.backupify.com lets you backup your gmail to another location
Congrats on making it to page one, your account will be restored within hours.
Many have their adsense and Adwords linked to suspended Gmail accounts too. It can cripple their business.
Yea, unfortunately not everybody has the good fortune of making it to the top of HN. I had a personal Gmail account wrongfully disabled over a year ago, and after filling out every form I could find and not receiving any helpful feedback for a year, I just gave up and decided to cut my losses. However, after reading this article I checked to see if it was still disabled and, lo and behold, I was logged in! I still don't know whether to be happy or pissed, but at least it works for now.
My advice for those that have other Google services tied to an email account: do not use that account to send email. You minimize the odds of getting banned and frozen out of a lot of things