Does your email provider verify "Backup/contact" email addresses on acct creation?

Discussion in 'other software & services' started by phkhgh, Dec 10, 2023.

  1. phkhgh

    phkhgh Registered Member

    Mods - if there's a better sub-forum for this topic, moving it is fine.

    This happened to me a while back, but not sure how common this gap ? in security measures is.
    What are other users' experience on similar with other email providers? Do they use methods to prevent what's described from happening?

    GMX email (based in DE) - use for general mail, not private / hi-security.
    Received automated msg from their support, to one of my GMX addresses.

    Something like,
    "Congrats - on signing up for a new account <some-fake-name@gmx.com> w/ GMX.
    We're sending this notice to [my.long.time.addy@gmx] because you entered it as the backup / contact address for your new <some-fake-name@gmx.com> account created on MM/DD/YYYY."

    I didn't create a new acct / address. 1st thought it might be spam / scam / phishing, so contacted support & explained someone used my longtime addy as backup for a new acct (gave both addies), but wasn't ME creating new acct or using (my old address) as backup.

    I pointed out, in worst case scenario, the 3rd person could try reseting PW (other maintenance) on another of my GMX addys & long shot -- the info wind up being delivered to their device's IPa.
    [I don't know if GMX could (or not) have the same BU email addy w/ 2 unique IPA's. They didn't comment. From other providers, a couple times I have received personal email addressed to others (some had family pics attached), that clearly weren't a scam / phishing on the sender's or receiver's part.]

    I asked if GMX checked backup addresses entered for new accts (not that the same BU addy can't be used for several unique GMX addresses).
    A: "No, as of now, we don't 'verify' BU / contact addresses at all."
    "But we see your point & passed this incident to our security team "to hopefully improve security in this area." We de-activated the new acct that used your address as BU / contact."

    Far as I know, nothing has changed since then, * except* they no longer allow "security questions" to allow beginning PW reset, etc. Now, must use a BU email addy. a phone #, or nothing.

    I asked if (anyone at) GMX could give assurance, that the worst case scenario I mentioned could NOT happen and a 3rd party would never be able to receive PW reset info, etc., then access my other GMX accts - even temporarily?

    They skirted around an answer, but for this case, made no claim that what I posed could never have happened @ GMX.
     
    phkhgh, Dec 10, 2023
    #1
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice