Skip to content
Naked Security Naked Security

Do you know where your old email addresses are?

A big UK mobile provider is about to kill of a whole list of old email domains. We look at what can go wrong when old email addresses die.

Here’s something that isn’t really news because it’s not new, but that nevertheless got us thinking.

UK mobile phone provider EE, now part of the BT Group, started life as an admixture of two former competitors of BT.

In a previous life, EE was known by the long name of “everything everywhere” (thankfully for professional writers everywhere, that orthographic oddity didn’t last), and in a life before that, it was two separate mobile providers, T-Mobile and Orange.

As often happens in mergers, acquisitions and agglomerations of this sort, the new company often starts out with a bunch of well-recognised brands and services, only to find them fading out over the years until they’re little used and liable to cause more confusion than comfort amongst customers.

At that point, it makes all sorts of sense to simplify, and to dispense with the old brands and branding entirely.

Of course, ditching an old brand isn’t just about logos and letterheads: it can be about domain names, too, and their close relatives, email addresses.

In fact, EE is now just one month away from officially killing off a whole list of UK email domains, formerly part of Orange Email.

Vanishing forever from the EE canon at the end of May 2017 are all email addresses ending in the following:

    Orange.net
    Orangehome.co.uk
    Wanadoo.co.uk
    Freeserve.co.uk
    Fsbusiness.co.uk
    Fslife.co.uk 
    Fsmail.net
    Fsworld.co.uk
    Fsnet.co.uk

Big deal, you might suppose.

After all, we’re guessing that many if not most users around the world, including in the UK, have already made the move to webmail services such as Outlook.com or Gmail.

But here’s a thought.

Whenever old email addresses get killed off, even ones you think you’re done with altogether, you may nevertheless end up in trouble if you are in the habit of “autoforwarding” your old addresses whenever you switch to a new provider, rather than explicitly shutting those old addresses down.

(You don’t need to shut them down instantly, but you need to make a plan to discontinue them after a while, and then stick to that plan.)

In particular, you could end up in serious trouble if you leave an old email address set up as the password recovery destination for any of your online accounts.

Indeed, you may have forgetten about some of your old email addresses entirely, because the autoforwarder means you’ll still see any occasional emails that come in, without needing to think about how they got to you.

But when the service provider finally pulls the plug on your old account by shutting the entire service down, as EE is about to do here…

..then the autoforwarder gets shut down too, so those password recovery emails will vanish without trace.

What to do?

Don’t forget to review your online account settings regularly.

Make sure that all your password recovery email addresses are set for delivery directly to your current, preferred email address, rather than set indirectly via a mail forwarding service.

It doesn’t matter whether your’re a current EE customer, a former Orange customer, or whatever…

…never let any of your password recovery email settings get stuck up that proverbial creek without a paddle.


13 Comments

When we were doing internet at 300 or 1200 bps, many of got accounts from the Baby Bells (Bellsouth, Pacbell, SBCglobal, etc.). Ultimately, when AT&T reconverged, these got sucked in to Pacbell which assumed the AT&T mantle.

About that time the carriers realized that with the appearance of free webmail services they no longer needed to include email services–a big cost sink–in their offering. All the emails were quietly transitioned to rebranded Yahoo! offerings.

I don’t forward anything to this Yahoo! account but I do live in fear that Yahoo! will go belly up and put me in the same situation you describe.

Hopefully they will maintain control of those domains, even if they are not going to use them… Otherwise some enterprising hacker could buy up the domain and scan the incoming mail stream for clues to accounts they could take over with pw resets…

+1.

I notice that at some of those domains expire soon…I assume that EE will want any web servers on those domains to redirect usefully, as happens now, so you’d presume they’ll keep them all going on that account alone, let alone for security and safety reasons.

Maybe what EE should do is look in their .forward file (or eqivalent) and send the soon to be unwitting victims a warning email.

We Have The Technology!

It’s been pretty well announced by EE, so it oughtn’t to come as a total surprise to an remaining users. (Any accounts that are forwarded will have seen warning emails already – though I guess what you are saying is to send a special alert to people with forwarding turned on – asasuming, of course, those services supported forwarding in the first place. Any users who are also Naked Security readers know the answer to that?)

Are they at least keeping the domain registrations to prevent someone else from claiming them?

This is where my thoughts were headed whi;e reading the above. They turn off the mail on those domains. IF they also dump the registrations, anyone can re-register the domain and collect and control all the password reset emails that might pass through there. That doesn’t even take much real talent, you could run that scam from just about any laptop once you owned the domain. I’m pretty sure I’ve never had an email on any of the listed domains, but is “pretty sure” enough?

Eek.

I use to have several freeserve email addresses, but they got killed some years back when I didn’t check them for too long a period. At one point, Freeserve was one of the major ISPs in the UK because they were (one of the, if not the actual) first not to charge a monthly fee but survived on a cut of the telephone call costs. How the mighty fell…

One I signed up for way back in 1995 or so, was nwnet.co.uk – a tiny local ISP that after multiple mergers and takeovers ended up part of TalkTalk – I still checked mail on that one until they shut down all the email and personal webspace on it only a couple of years ago. It does look like TalkTalk are still paying to maintain the domain name though..

Your preferred email may also requires another email address … Oops, that is seems a difficult problem to solve given that not owing a personal domain

I forward my juno.com email to my other email account because I get malware using their desktop software – which has been from over 7 years ago now. Anything that remembers that email account will be forwarded from that account to the other it is not used for send email any more. I should check where the email comes from and change the email address and close the account. Because they do not believe what is happening they wrote ” We do not allow malware on our site ” and another time they misunderstood me and claimed the subject was about advertising. They continue to bill me and take money out of my account just for forwarding email to my other account – my bank card expired with them and number changed yet they always find the way to get money unlike my mothers account that never has problems and every year they forget her bank account information to bill her to get money out of her account.

This is off-topic, but it’s weird that it looks like someone came through and down-voted a lot of quality comments, including comments by the article’s author.

We’ve had bursts of this lately on Naked Security. My comments seem to attract it more than most, though that may simply be a side effect of the fact that I post the most comments because it is part of my job :-)

I just ignore it as trolling, but it is certainly anti-social. It just beggars belief to write a comment like “fixed a typo” and see it downvoted N times.

Sometimes I am tempted to edit a mistake into one of my articles after publishing it, add a comment saying “nyaah, nyaah, I deliberately added a typo to the article” and see if I get a whole load of *up* votes :-)

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?