As a reminder, there is no legal expectation of privacy for the outside of your mail. Envelopes are no different than post cards. Anyone can legally read them.
Years ago, I'd signed up for the Informed Delivery service, which is where these images originate.
When I moved, I forgot to cancel the service and so received pictures of the next person's mail. It was simple to cancel.
After filing a change of address form, I got quite a bit of mail still going to the old address. The forwarded mail, if it arrived at all, was significantly delayed.
It also costs money after a period of time, then expires.
Therefore, the thicker the better and use privacy envelopes if you are really concerned.
You write that as if it's accidental.
Anyone with access to them. You can absolutely not read my postcards, for example, because you don't have a key for my mailbox.
> As a reminder, there is no legal expectation of privacy for the outside of your mail.
Just because it's legal doesn't make it a great thing to happen.
1. I get the pictures DAYS before the actual mail (weekends ignored). Why?!
2. I sometimes don't get pictures of the mail at all, particularly mail that's not bulk mail--it's from individual to individual.
I could give a flying fuck that I'm going to be getting 5 advertisements in a few days. I want to know when I'm getting ACTUAL mail and this system doesn't seem to capture that effectively.
Someone over at USPS had the brilliant idea to save the photos they were taking to sort the mail anyway and email it to people at the addresses that the mail was being sorted to, and to do it for free.
It's basically repurposing a critical piece of infrastructure to give you a little QoL bonus with your mail, and we should be really thankful anyone thought to do it instead of complaining about what's lacking. Especially when policymakers use every attempt to defund it so they can get their ultimate goal of privatizing mail and package delivery.
I'd bet it's because the envelopes are photographed in some central location, the photos get sent at the speed of light but the physical envelopes only start getting to the last mile physical delivery people after.
If you look at the email, the promise isn’t “coming today” but “coming soon”.
I've had many many bank statements from India.
I've had someone in California order a brand new BMW and got the details for collection.
I've had paypal invoices and statements (this is one funny because they refuse to action the delink).
I used to reach out and tell them I didn't sign up for their service. But honestly, after doing it for a few years I gave up.
Now, I mark as junk and move on.
The best one I had was a dating site in Canada, I got it while sat next to me partner.
I get DoorDash order notifications, Uber notifications, etc
I am not sure how they signed up with my email as I never got a sign up notification
Part of this also is because email / gmail is not case sensitive Jsmith@gmail.com is the same as jsmith@gmail.com. I see a lot of Jsmith vs jsmith (like how I actually use my email).
Nothing is getting stolen from me but not sure how this is actually working for people.
I understand from the security side why they wont, but I wish there was something they could do. I could easily log in and change a password then cancel the account, but I figure there's probably some legal trouble if I did that.
It's a little less true now with some of the newer protections, but only today I received a fairly subtle spam/scam supposedly from the main email address of a major retailer, so I think it's still sensible to never every trust the "From:" part of an email.
gmail is not case sensitive. email systems are allowed to be case sensitive, most choose not to be. This used to be an issue to deal with when pre-internet legacy email addresses (like Lotus Notes corporate email, or Outlook/Exchange systems) were put onto the internet.
So, assuming case matters is foolish.
> The local-part of a mailbox MUST BE treated as case sensitive.
Oh so much fun with my yearly quiz testing students about case-sensitivity! They're always wrong because thinks are so horribly broken.
It is absolutely foolish, assuming case _may_ not matter in the Internet. Case does not matter, true, except it does.
One of my favourite parts: URL paths are case-sensitive, except most servers do not care (because of a case-insensitive filesystem), and they're not always case-sensitive, e.g. for the mailto-scheme the path is case-insentive, because the path is actually an e-mail adress (which is itself case-insensitive).
The plausible deniability this email address gives you is remarkable
It's like regular people don't use email unless forced to and forget what it is when giving it out...
Google doesn't offer anything in the way of migration or consolidation of various email-linked data (e.g., store purchases) so I just let mail accumulate and delete everything manually once every few months.
The second one 'す' matched only 10 Japanese spam messages.
Another one which might match is Japanese punctuation, such as the comma 、 and the period 。
https://www.tofugu.com/japanese-grammar/particle-no-noun-mod...
I was not able to use comma 、 and the period 。 because I think FastMail disables searches on common punctuations, so those matched nothing.
(In case people are wondering, I sometimes scan through my Spam folder to check for false positives, i.e. things which were incorrectly marked as spam. It's difficult to do that when it is flooded with Japanese spam.)
It did show me early on why web apps need to verify email ownership.
I always assumed that the "default" email addresses get flooded with spam nowadays. I can't imagine the email address lee@gmail.com or similar to be usable by now
My Floridian namesake has a troubled existence - I get emails from debt collectors, the police, court summons, and his employer, an HVAC company.
He also likes Dolly Parton and crystal meth, and goes to rennaisance fayres.
My namesake from BC likes to go to nightclubs and Costco, and is very busy on the gay dating scheme.
I find it sweet they like to keep me in the loop.
One bigger item was that people were sending details regarding an estate & inheritance. This included an attorney office in Finland (to be clear, I'm also originally from Finland). After finding out I sent email to their DPO as this likely qualifies as GDPR security incident as the emails contained things like names, SSNs, addresses & of course details regarding how inheritance was split. I never got an answer so I reported it to Finnish DPA. I got reply from them pretty quickly that they contacted the DPO and that DPO will be in contact with me soon & the case is closed from DPA side. This was 4 months ago, I'm yet to be contacted by them.
And he's actually not the only person doing this! As far as I can tell, the only unusual thing about my Gmail is that it's relatively short and has no numbers. I suspect people just forget to add the digits at the end of their own address.
I just canceled her membership in a bowling league, and when the league reached out to ask why, I told them I have no idea who <her name> is. I stopped getting email meant for her after that.
I've used my personal experience in a design meeting where some newer PMs were IMO unreasonably sure that users wouldn't mistype their own email address. Oh, let me tell ya, they absolutely 100% do.
I was expecting this person to be you.
It really makes you appreciate proper email address validation - all sorts of services let people sign up, don't validate and there's no good way to have your email address removed from their account...
I have the same issue. My gmail is {{my last name}}@gmail.com Just my last name. It's not that common, but there are about 500 people with it according to US Census data.
> I used to reach out and tell them I didn't sign up for their service. But honestly, after doing it for a few years I gave up.
Same here. It's surprising that most of the services don't use double-opt in before sending emails.
Some day, I want to use an LLM to identify those emails and label them.
I get my fair share of misaddressed mail but it doesn’t help that I share the same name as the CEO of a major hotel chain’s timeshare business so I’ve getting tons of complaints about that :/
GMail doesn't care about dots, so you could say your email address is f.i.r.s.t.l.a.s.t@gmail.com for all the good it does. Using the dot probably does more harm, as it makes people think it's a legit differentiator.
I left the catch-all on my domains email going for a year or two before I had to disable it. The sheer amount of house blueprints, sensitive information about transfers etc was overwhelming.
Still, bizarre that the situation was allowed to occur in the first place by Google. Clearly they need to beef up their account creation checks a bit.
Have you tested whether you can receive email directed to firstlast@gmail.com? Perhaps theirs is really firstlastt@gmail.com and all their contacts "correct" it.
They claimed that it was a typo and I believe them. Places don’t validate email and people make alot of typos.
Suspect their real email is something like “firstlast10” or “firstlest” (minor spelling variant). Not sure if they deliberately misspell their email or are just stupid.
For a while really thought amount was compromised.
Slowly I realized they are just idiots and assholes. They don’t always pay bills, buy $100 T-shirts, own crappy vehicles, and seem to conduct business with people who don’t verify email either.
Even once got into an argument with an idiot persistently claiming he owned “firstlast.com” (as I replied to a thread using such from my email server. I’ve owned the domain for 20+ years). He was a certifiable idiot, also by trade…
I also get a lot of “mcafee subscription” PayPal scam mails. Also have seen a lot of spam real subscription accounts created using the same email but with wildly different names. Suspect it is fraudsters testing credit cards.
The sheer number of big name companies that don’t validate emails surprises me…
What evidence do you have that this happened, aside from the fact that you're receiving mail intended for him and sent to that address?
Unless you have something much stronger than that, chances are the other guy actually has firstlast2@gmail.com (or whatever) and frequently forgets to add the number.
The best one so far is I've been on a group e-mail chain from some folks in France (I'm in the US) who organize a skiing trip each year to the Alps. I initially sent a couple "I am not the Phil you are looking for!" e-mails, but they continue to re-add me. I have thought about one day just showing up since I've been "invited" and have all the details for booking and just seeing what hilarity ensues.
That email is my first name dot last name but at one point I had been able to secure both first name at email provider dot come and last name at email provider dot com which somehow I abandoned. I wonder what level of erroneous emails I would have received at them.
One lady, a general manager of a factory, sent a zip file with her VPN client, a list of backup MFA codes and a list of SCADA and IT systems for a large factory.
A police detective sent a video from a paratransit bus that was in an accident. I got a bitcoin years ago. One dude had a hobby of test driving luxury cars from almost every dealer in the Washington DC region. I have a $50 gift card for an Australian electronics store.
Also, when Venmo was new, and they were playing extra fast and loose, they set me up with someone else's bank account, so I just closed the Venmo account and used PayPal instead, which was a different company at the time.
Unfortunately people in countries of my parents native language seem to think my email address is theirs, and I get EVERYTHING. Vacation photos, medical records, car service reminders, the whole lot.
What's interesting is that none of the spam filters seem to have a "I'm a dumb American, I cannot read this language, therefore anything in this language should be spam" rule.
UPS has dropped the last 3 of my packages to my neighbor's house. They try to be helpful though. They took pictures of the packages, sitting against various walls and doors that I didn't recognize at all. I had to guess which of my neighbors.
I feel it’s a major invasion of privacy. I don’t want to know stuff about my neighbors like who they bank with, have student loans with or which doctors they go to. They also find out those things about me. But not much we can do about it.
I receive about 6 letters a year, though the average was 33 per person last year.
There's a new (well, it was several years ago) townhome in the town to the west that has exactly the same street address as mine, just a different city and ZIP code (just one digit different). We got their mail, packages, etc. a LOT for years. The best was when we got home and FedEx had dropped of a set of 4 overnighted tires on our porch.
The townhome is a rental, and sometimes, even when Amazon sends me a photo of their front porch, the townhome tenants claim they didn't get anything of ours. Either they're theives or they have a lot of porch pirates.
It's similar to if you hold a flashlight to the back of an envelope and can then see 'through' it to read the paper inside.
I also have a number of mailings from my bank that include things like account balances & numbers, with no privacy pattern. So it seems hit or miss.
Another vector is the plastic window many envelopes have to show the addressee printed on the paper inside. I have another healthcare related letter I can read through that.
Please stop getting people riled up about fake problems. You are pissing in the pool.
From what I can tell this was a capability the USPS has had for a while, probably going back to the days of anthrax spores being sent to politicians. The USPS was probably directed to track where every piece of mail came from and image the outside of it.
Informed Delivery was just a monetization of that system. Note that some pieces of mail trigger ads from third party companies.
> Note that some pieces of mail trigger ads from third party companies.
of course they do (although the mail itself is like 95% ads anyway with junk mail so I guess I won't really complain)
I don’t think that’s accurate. They already had the scanning/imaging pipeline for routing and sorting. It wasn’t until later that they realized it’d be a good service to email the images to the recipients every morning – hence, Informed Delivery. It’s like a side-project that grew into a bonafide feature.
The fact that you can get pictures from this system is the innovation but imaging has existed for much longer than this product.
I legitimately can't remember the last time I received actual mail in my mailbox. Everything goes to e-boks.dk.
Alternately, if you're away and something important is arriving, you can ask someone to check in on it for you. Maybe they would normally just stack it all up, but this one is interesting enough from the envelope that you'd like them to take a look inside.
If you are waiting on a particular piece of mail it sometimes can be handy to know it'll be in your box soon instead of repeatedly checking the tracking or double-checking with the sender. If you don't receive mail every day, and your mailbox is at all exposed to the elements, it can remind you to check the box that day.
And if your mail is delivered where other people have access to it—a spouse, kids, roommates, etc.—it can let you know to check in with them if you don't see something that they may have put in an unusual place.
I am the treasurer for an organization related to my job. We don’t usually get mail and the PO Box is located a few towns over. I rely on the emails to know when I need to visit the PO Box. It saves me gas and time, so I love it. Even if the PO Box was nearby, the emails would still save me time and hassle.
That said, it's not really terribly unusual to actually just receive someone else's mail. I've gotten mail that was meant to go to my neighbors a number of times. So I reckon that an issue like this probably isn't a big deal in the long run; if it was that big of a concern, then actually accidentally delivering to the slightly-wrong-address would be worse.
They send the daily digest saying "You have 1 mailpiece arriving soon." Instead of the usual picture of the 'mailpiece', it's an image illustrating the episode. There is no physical mail corresponding to this alert, it's electronic junk mail. Spam. Ugh. There is no opt out for these apart from canceling the service entirely.
Informed Delivery also highlights mail lost in (some part) of the delivery process. Such as delivered to the wrong PO Box or the wrong address, or who knows what other creative methods they might think of. Then there is a process to point that out and "trigger a search"... and get only automated "Eh, what are you gonna do" kinds of answers.
Can't wait for being able to stop receiving paper entirely. Which will be a while because the other guys (the online guys) also love to build broken systems.
i stopped using the email notifications and check it occasionally now
That said I do also get misdelivered mail, which I don't get Informed Delivery for. I've gotten tax documents, jury summons, settlement checks, you name it. People really need to file a change of address.
More than Occasionally
I’m not sure that any of the cases are that big of a privacy breach: It’s more inline with either getting the neighbor’s mail in your mailbox (which in my experience happens at about the same rate) or getting previous residents‘ mail in your mailbox (although my current carrier, after checking with me, intercepts most of these on her own initiative so I don‘t have to deal with them).
My belief is that the informed delivery system is using optical recognition while the sorters are using the barcodes.
Just having thought once in a while about how complicated addresses are, I can only imagine all the things that can go wrong. (both for the post office, and for example, credit cards/banks that have to use addresses in validation of purchases, etc)
Imagine an apartment building with many units. Think of how people differently specify on the address lines which unit they live in? What if they leave off their unit #? What about apartments that are numbered "345 1/2 Second Street"?
What about a new person with the same last name that appears at an address? What do you do about that? Is an address that differs by a very subtle letter a different household? E.g. "345b Second Street"? Should you ship a package there or approve a credit card, or is that likely to be an attempt to fraudulently divert mail to someone else who is nonexistent?
I'm sure it's endlessly complicated, and I have no idea. But I know it will be complicated.
For example, my address is 150 Main Street and it would send me photos of mail addressed to 158 Main Street.
I don't consider this a vulnerability, per se. This is the the usual level of uncertainty when dealing with physical objects.
I sometimes only check the box once a month, and it's not uncommon it's full of bill pay checks for people's rent lol.
At one point, I entered the wrong address when I was forwarding my mail. As a result, I got my mail sent to a strangers PO Box. As a side effect, I then began to receive Informed Delivery for this stranger to this very day.
In addition, I once had the Post Office disable my address. It was like a 101B address and they didn’t consider it legitimate with the city. As a result, they were unable to forward mail when I left that house, and once again, and they were unable to disable the informed consent for this house.
As a result of this, I see every piece of mail that two separate strangers receive. I have gone to the post office a half dozen times in the last 5 years to try to disable this, and have repeatedly been told there is absolutely nothing that can be done.
Contact your federal senators and/or federal house reps, and tell them that USPS is sending pictures of other peoples' mail.
Or if you dont want to do that, then contact USPS Office of Inspector General. uspsoig.gov/
The IG's are absolutely terrifying if you're on the wrong side. And you're 100% in the right, and they're in the wrong.
What was your experience with an IG?
I've never understood why departments are reporting to themselves and not an independent inspector.
Granted, politicians and the people they appoint will do anything to justify their actions, even across organizations, but it might open the door for political opponents to call each other out, on their bad actions.
Probably half of people get their mail in an unlocked mailbox that anyone can casually open and peek at before you get home from work. And every postal worker can of course see the information as they handle the mail.
Not saying that's ideal, but just pointing out that this doesn't represent a tremendous loss of privacy.
Just because there's other privacy issues with physical mail doesn't mean there ought to be even more when it comes to digital mail notifications.
The first time I noticed this was after I had renewed my passport. I got a notification saying that I was expecting a package in Tacoma. I was so confused, thinking maybe someone has stolen my CC number. The ln I remembered my passport should be on the way. I freaked out, contacted my ex and asked her to go back there and talk to the current resident to see if they had my passport. Then I got another notification, logged into the USPS website, and saw that I had notifications for this guy's mail at my old house.
I know this because after I moved out of a place and started traveling for a while, I set up forwarding to my parents' address, and after clicking the "informed delivery" checkbox I immediately started getting photos of all my parents' mail.
The USPS sometimes does some really strange things. The address was for the aunt's house but forwarded to my old apartment.
We started having serious issues with valuable mail turning up missing. Car registration tabs, checks, statements , priceless letters . Informed delivery was inconsistent with physical delivery -- and the postmaster said that's expected. Some valuables were delivered to the wrong address and forwarded weeks later by conscientious neighbors.
What I came to discover is that USPS does not maintain quality controls , neither e2e or at the last line. The post office does not have any sort of log of delivery issues that I could tell. No real testing or auditing is being done (auditing, red-teaming, e2e testing). I doubt they could provide a quantitative measurement of reliability at any level of the system. If a zip code or subdivision had 5% mail go missing over a week, I doubt they would notice or have a protocol for resolving it.
The postmaster and staff did do their best to address the issue, with good customer care and attentiveness. But the issue was never resolved. I now send valuables via other vendors , and rely on USPS for junk mail.
In South Africa we have the South African Post Office which has consistently and increasingly been made redundant/irrelevant by the actions of one particular organization far more so than any other: The South African Post Office
One of their biggest self-inflicted loss of relevance was due to a large strike by their workers in the early 2010's. Because of the prolonged strike people were not receiving their statements in a timely manner. At the time the law required that financial institutions send statements by post, due to this incident the government allowed the law to be changed and they were now allowed to send them by email instead.
For decades now the Post Office has had a reputation of stealing from mail. When my grandmother was still alive she used to always send a birthday card with a cheque by post to all her grandchildren for their birthdays, for around the last 10 years she was still alive the envelope I received had always been slit open and clearly "inspected", fortunately it seems they didn't feel these low value cheques were worth the effort.
Something else which used to keep the Post Office slightly relevant is that it was about the only place you could go to get your annual car license renewed. Every time you'd go there would be a huge queue waiting for the single teller who could process these while there were like 4 other tellers sitting at the other counters doing nothing. A few years back the organization which manages the licenses (not the post office) made a very surprisingly completely painless online system where you could pay by credit card and have it arrive at your door within a couple of days by courier.
In 2013 when I moved into a new house, I went to the local post office to arrange a P.O. box. To which they said "Sorry, we have none available, we can put you onto a waiting list for if one becomes available", it seems it never occurred to that branch's post master to perhaps look into making additional P.O. boxes available.
I have other stories of their general incompetence, but you get the idea. They've only been able to get away with it due to it being a government owned organization with seemingly zero effort by the government to hold management accountable for the grossly poor management, something that's pretty much the norm with most of our government and government run organizations.
Informed delivery showed me a picture of the envelope containing my child's social security card, along with 2 other mail pieces for the day.
You can guess which one somehow didn't reach the mailbox. It's been months trying to get a replacement and now at under a year old my son already has to worry about identity theft his whole life.
duxup•1d ago
My post office for a good year was horrendous about delivering me my neighbor's mail. I felt like a Jr. Mail Carrier in training ;)
Last few years they've been SPOT on.
I tried informed delivery but honestly it's more of a hassle for me as my wife says "this should have arrived today" and of course it doesn't so she thinks it's stolen and ... it arrives 3 days later.
nemomarx•1d ago
duxup•1d ago
Amusingly, for some obscure software, I write those emails ;)
pwg•1d ago
I feel like this one happens because the driver needs to meet quota today, so they scan the package delivered today, then when they are in the area tomorrow they actually deliver the package.
Unfortunately, this makes "delivered today" not a reliable indicator of "I actually received the package today".
stetrain•1d ago
I have multiple times seen an "Out for Delivery" package switch to "Delivered" or "Delivery Attempted" at 10pm, presumably when the driver ended their shift and didn't want to be penalized for the undelivered packages. They usually showed up the following day.
crazygringo•1d ago
Exactly this, it's infuriating.
And you can usually tell because a) it's marked as delivered at a time rounded to a perfect hour, like 2:00 pm or 9:00 pm (not 8:34 pm), and b) there's no delivery photo, when there always is otherwise.
But yeah, it's the driver not being able to make all deliveries (probably not their fault), but needing to fake the metrics. Usually they drop it off the next day or two days later, but other times it just gets lost, and it's harder to get a refund from the seller because it says delivered. So e.g. eBay will side with the seller in a dispute.
zippergz•1d ago
crazygringo•1d ago
They tend to package and label orders as they come in, that's the only thing you can do to be efficient -- you can't let them build up.
But then they only drop off (or get pickup) 2x/week, e.g. Tues and Fri. Which might be fine if that's what their shipping times indicate.
But then the buyer gets confused because they assume it was mailed immediately, which it wasn't. But there's no way for a seller to print shipping labels from eBay in advance without eBay marking it as "shipped".
It gets even more confusing because with bulk pickups or dropoffs, they often don't even get scanned when the carrier receives them. They won't show as actually in the carrier's hands until they reach the first major hub, which can easily be a day or even two later.
nobody9999•1d ago
AIUI, Amazon's policy is that credit cards don't get charged until the order ships.
As such, some shadier folks will create the label long before the item is actually shipped. However, since the label has been created, the order is now marked as "shipped" and the credit card is charged even though nothing has been packed, let alone actually shipped.
Symbiote•22h ago
I assume they do this to avoid complaints of slow delivery when the sender takes a whole to post the item.
kube-system•1d ago
duxup•1d ago
Yes I'm aware of that ;)
JohnFen•1d ago
Mine still is. Misdelivered mail has done more to help me get to know my neighbors than anything else. It's pretty community-building.
wombatpm•1d ago
sitzkrieg•1d ago
saghm•1d ago
pwg•1d ago
Same here (minus the "stolen" part). Wife overlooks the disclaimer on the page saying "delivery soon" and assumes that today's photos should be of today's deliveries. Continually pointing that fact out has not (yet) dissuaded her from this belief of "today's photos equal today's deliveries"
Spooky23•20h ago
The gotcha is that the staff shortfalls and prioritization of Amazon and parcels means your route based mail may not be serviced correctly.
saghm•1d ago
After college, I lived in an apartment for over four years where apparently the woman who had previously been in it switched to a different apartment in the same building (which was quite large, so I don't think I ever met her). In the first couple of weeks, we for a couple pieces of mail of hers that we'd leave with the doorman, and he'd give it to her (or maybe have it put in her mailbox instead), and this stopped happening after that for a while. A few years later, we started getting some mail for her again out of nowhere, and the first time I brought it down to the doorman, he mentioned that the person delivering mail to our building had switched recently. I have no clue why someone who hadn't delivered to the building before would be inconsistently delivering mail to her old address, but it basically never stopped happening during my remaining time there.
duxup•1d ago
If I got a bad delivery I got a lot of other people's mail, like someone not paying attention and just grabbing multiple addresses at once and tossing them in my mailbox.
PopePompus•1d ago
UncleOxidant•1d ago
voidUpdate•15h ago