Guessing email addresses is not recommended

In the Swedish parlament a sender of an email guessed the email address of another person. The guess was wrong, and (as described in for example SvD) sent to the wrong person. Same name, but different political party. Now some people claim opening the email (that was addresses wrongly) might be infringement.

An email address consists of three parts:

• A comment (the name of the person)
• A local part (to the left of the ‘@’)
• A domain name (to the right of the ‘@’)

What too many organisations try to do is to invent a mapping from the name of a person to the local part. So the local part is very similar to the name. Like firstname.lastname. This of course works, but only until two persons have the same name. Like in this case in the Swedish Parliament.

Lesson learned: Guessing email addresses is bad, creating “rules” for how local parts are created so that they are “almost” like a persons name is also bad. Updated: An article in CircleID talk about related issues with “guessable email addresses”, and more specifically honeypot issues with for example gmail of Google.