top | item 30347220

(no title)

I also lost access to a previous gmail account - I changed my password with a random generated one, and god (and a google engineer) knows why, I lost access. No amount of appealing would return my access, even if I was wiling to show my national ID card and stuff.

Anyway. About your plan with the email server. We ran such a thing for an organisation in Romania. You'll be surprised how many times our emails ended up in Gmail's spam folders (other providers too, but gmail runs an especially harsh algorithm for spam filtering), even though we had DKIM, SPF and all that jazz setup. You will most likely be locked out of most people's reach, unless you use one of the largest providers. So maybe government regulation is the only realistic way out.

discuss

judge2020|4 years ago

Google doesn't get social engineered into handing over user accounts since maybe a few hundred people have any access to the Google Accounts system proper, less so for the gmail.com organization (Workspace Support can help with recovering an Admin account in an org). Introducing a way to retrieve an account via human intervention makes the chance of someone taking over a Google account via malicious social engineering, incl. faking national ID cards, non-zero. In fact, i'm sure tons of people have been able to take over accounts using account recovery[0] where it'll ask you things like "when did you create this account" and "what was the phone number you put on the account".

0: https://support.google.com/accounts/answer/7299973