By Adam Dodge

Anyone who has spoken with me online can attest to the fact that I am truly awful when it comes to spelling. This is something I have dealt with for as long as I can remember. I believe the fact that I was reading well before I started to learn phonetics has a lot to do with this. I was able to memorize entire words instead of having to sound them out, so I never really had to learn what letter combinations make what sounds. Therefore, I was never good at spelling words I could speak or speaking words I could read. To this day I still have trouble pronouncing words I do not recognize, but enough about my past.

This evening I decided to download the new Gmail Mobile Mail App that Google recently released and try it out. I have to say that I am impressed the application so far. However, something interesting happened when I was using it. I decided to send myself a test message at my address, so I went into my contacts and selected what I thought was my e-mail address. However, it seems that I selected a preexisting contact that had a typo in it. Yes I am that lazy and I never deleted it. In fact, I still haven’t.

Instead of sending it to [myemail] I sent it to [myemail] Of course I received a nice e-mail undeliverable bounce message from the e-mail server. I found it interesting that Google didn’t jump on this typo domain as large companies often do. Curious, I visited and found it to be a design and engineering company with a playful disclaimer about typos posted at the bottom of the main page.

However, this got me thinking about the potential abuses of e-mail that typo domains can facilitate. For example, say an individual sets up a typo domain for a major e-mail website like Gmail. This individual then sets up a program to monitor e-mail messages sent to this typo domain. An unethical individual would then be able to simply harvest both the sender and the receivers e-mail addresses from this e-mail and resell them to Spam companies at will. Spam issues aside, e-mail typo harvesting can expose an organization’s private and unpublished e-mail address as well.

As the title suggests, typos might just be more then an annoyance. Will this possible danger ever become a reality? Do we really care if it does? After all, most of us use some form of contact list. Typos are quickly found and removed (unless you are me). If typos do not occur frequently, harvesting these incorrectly addressed e-mail messages would most likely not be worth the effort. Unfortunately, I do not have any information on the number of e-mail typos that sites like receive so I do not know how widespread the problem actually is.

After visiting the web site and browsing around for a few moments, I have no doubt as to the good intentions of the fine people over at Gamil. However, next time I might not be so lucky…

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.