Earlier this month, I began
using Gmail to both receive and send my email via POP. Previously, I’d just
used it to receive mail. By also sending through Gmail, I get a more complete
archive of all my mail over time. The problem is, despite setting everything to
keep my actual Gmail address hidden, it’s still getting revealed.
Here’s the situation. I want people to email me at my longstanding danny @
calafia.com email address. I don’t want them sending to my Gmail address. The
reason is simple. If I decide to leave Gmail down the line, I can’t take that
address with me. I basically want no one in the world to know it exists. If they
only know danny @ calafia.com, then my mail comes to me no matter where my mail
server is located at, since I own that domain name.
To help ensure this, I never give out my actual Gmail address. To further
ensure my Gmail address doesn’t get out, I make use of two options that should
keep it hidden. As I’ll explain, they don’t. But first the options.
In the Mail Settings area of Gmail, there’s an Accounts section. Within that
section, you can add other email addresses to use along with your Gmail account.
In my case, I added my danny @ calafia.com address. I also make this my default
setting. That means any email I send out from within Gmail should show as if it
is coming from my danny @ calafia.com account.
Indeed, here
are a variety of help pages at Gmail about the topic that give you the
impression that your Gmail address remains hidden, such as:
Keep in mind that each time someone replies to a message you send using a
custom ‘From:’ address, the reply will be delivered to the ‘From:’ address
rather than your Gmail address. If you’d like replies to be delivered to
another account, you’ll need to enter a ‘reply-to’ address. Just click
‘Specify a different reply-to address’ to enter this information. (see
here)Once you’ve completed these steps, all messages you send will appear to be
from the email address you’ve set as your default. (see
here)
In addition to making this change at Gmail, you also have to make changes to
your mail client. Info from Google on this is covered
here. I use Outlook 2003, and specific instructions are covered
here.
However, those instructions do NOT cover the extra steps to take to disguise
your Gmail account.
After you follow the instructions, you should next got back in to edit your
email account. Choose the More Settings button, then the General tab. You’ll see
an Other User Information option. Put an organization if you want, but most
important, put the reply email address you’d like to have. This is supposed to
help ensure that no matter what POP account you send out of, only the email
address you put into that box will be shown.
In other words, even though I send out through Gmail, changing this setting
along with the other change made within Gmail is supposed to ensure that my
danny @ calafia.com address is the only thing seen by those receiving my email.
That’s not what happens, but realizing this can be hard to see. One reasons
is that I find that if you send something to yourself via Gmail from within
Outlook, then Outlook won’t download that from Gmail. I don’t know why this
happens, but it’s pretty consistent. So if you try to send and receive a mail to
check how it looks, it won’t come back into Outlook.
Now let’s say you go to Gmail itself to look at what it shows there. You’ll
just see your name shown above the email you sent. Click More Options, and
you’ll see something like this:
From: Danny Sullivan <danny @ calafia.com>
Reply-To: danny @ calafia.com
To: danny @ calafia.com
Date: Jan 31, 2006 1:18 PM
Looks good, right? Even though I sent via Gmail, my Gmail address is hidden.
Now try this. Email someone you know, then ask them to reply to your entire
email. There’s a good chance you’ll see something like this:
From: Danny Sullivan [mailto:#########@gmail.com] On Behalf Of Danny
Sullivan
Sent: Thursday, January 26, 2006 1:11 PM
OK, I’ve blanked out my Gmail address, but you can see the problem. The
person who got my email was shown my Gmail address. Despite the fact that Gmail
is supposed to keep that that hidden, the "On Behalf Of" modification still
reveals it.
Why does this happen? I’ve done a bit of poking around, and it seems mostly
related to
this:
Will messages I send using a custom ‘From:’ address be marked as spam?
Most likely, no. Even though you’re using a different email address to send
messages through your Gmail account, Gmail still ’signs,’ or validates the
messages. This way, other email services will know your message headers are
not forged.
That signing is interpreted by different mail programs in different ways.
Outlook 2003, for example, tracks that the email has been signed and does the
entire "on behalf of" thing itself. But Yahoo Mail does not. Over there, my mail
just shows as being from Danny Sullivan, danny @ calafia.com.
In Outlook, I can dig deep into the headers and see a trail like this:
Date: Tue, 31 Jan 2006 13:11:44 +0000
From: Danny Sullivan <danny @ calafia.com>
Sender: #########@gmail.com
To: danny @ calafia.com
Subject: test
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Delivered-To: #########@gmail.com
You can see that my Gmail address is being passed along as part of this.
On the plus side, anyone replying to a message that shows your Gmail address
will still send to your other email address automatically, if you’ve set things
up as above. The downside is that some people may email to your Gmail address
manually. I’ve had a few people doing that now.
Overall, I hope they make a change so this no longer happens soon, though
it’s apparently been an issue for several months. For myself, I may have to go
back to using my own POP server to send email. That’s a bummer, because it means
I’ll have to start BCCing anything I want to be archived at Gmail.
{ 8 comments… read them below or add one }
An easy way to see the headers of outgoing gmails is to mail to a non-existent adress (i.e. x@x.x).
Googles mail daemon will reply with an error message containing the email headers in the content.
Danny,
If Outlook is the only one where this problem pops up - except for crafty eyes using the Sender: field - then are you sure it’s GMail doing something wrong?
Actually, according to the rules (RFC 2822:3.6.2), the Sender field *must* be used if the mailbox actually doing the sending is different from the one in the From: field. Technically, I’ll bet this is VERY important for things like SPF and its ilk, and GMail’s not doing anything wrong.
Too, is Outlook?
- bish
What you ask from Google would let spammers send out “trusted spam” from Gmail, or would make many sites mark Gmail as a spam-source (because messages would come from Gmail without proper signature - the signature of the email adress’ domain in this case calafia.com). Maybe the solution would be some trust mechanism under which you sign your letters yourself.
Bish, I suspect there are plenty of mail servers that don’t follow the “rules” for reasons they decide make sense. If Google has verified your email address, there seems to be no good reason not to allow you to send as if you are using it. In fact, that’s the reason why they supposedly have the Custom From feature.
Andrisi, the spam concern is noted, but Gmail is hardly the only one in this situation. Heck, I can configure my own mail server to send mail as if it is coming from someone else. Again, since Google is only allowing these accounts to be created if you verify from a known email address, it seems a non-issue to then let you send as if you are using them.
Two things:
1. If you’re logged into a Gmail address, and sending from another Gmail address, there is no reason why they should include these headers. The mail is being sent from the Gmail servers regardless of what account you happen to be logged into.
2. If they allowed you to enter server information for your other accounts, like any normal email program, you could send from the correct servers and wouldn’t need to include this header information, either. It’s really bad of them to be sending your (possibly private) email addresses to people without your knowledge. For instance, say I have a real name address and a pseudonym address. I don’t want people I interact with in real life to be able to google stuff under my pseudonym, and I don’t want online people to be able to google my real life name and address.
Gmail has messed up the mail consolidation feature by doing this. I switched over to Yahoo Mail, they have included the mail consolidation in the free mail service. It works great.
I also find this quite annoying. I use sneakemail to create multiple aliases, and I can’t send emails from gmail without exposing my real address.
yeah this IS stupid especially if your other email address is a Google Apps account which is coming from the same server anyway