Comments on: Email Addresses

By: coolstar

coolstar — Sun, 19 Dec 2010 14:58:29 +0000

@Lab Lemming @23 almost certainly not, but you can say that about lots of stuff, I suppose. It only has to be done once for it to matter to those involved, so I can understand the concern even if the odds of it actually happening are vanishingly small. I can’t quite understand the obsession with gmail though. I’m away from my normal academic post and can still use my academic email just fine, though it does take a bit longer to log on from my host institution (due to my home institution’s incompetence). For the reasons stated by others, I perfer to keep my personal and work emails separate as I don’t really want to read them all at the same place.

By: Lab Lemming

Lab Lemming — Thu, 16 Dec 2010 22:25:58 +0000

Are letters of recommendation faked often enough for any of this to matter?

By: Phillip Helbig

Phillip Helbig — Thu, 16 Dec 2010 19:33:21 +0000

While it is easy to spoof the From: header, it is more difficult (or impossible) to spoof all headers. However, I don’t think people should have to verify an email for its genuineness.

I don’t see the point of sending through Gmail with another email address as the From: header. If you have another email address, why not send from there? (You can still forward incoming mail to Gmail or elsewhere so you don’t have to check regularly everywhere.) OK, if you regularly use Gmail, OK, but if you still have some contact with the institute with the other email address, you can log in and send the email from there.

Another point is that while the From: header is easy to spoof, sending email to it will get it to the rightful owner, assuming a) such an owner exists and b) the account has not been hijacked. So, if I get email from Sean.Carroll@caltech.edu, I can send an email there and if I get a response, I can be sure it is THE Sean Carroll (and confirm that he sent the recommendation). However, if I get an email from Sean.Carroll344@hotmail.com or whatever, the same procedure gets me a response from the owner of that address, who might not be THE Sean Carroll.

There are legitimate reasons for “spoofing” the From: header (I think “spoofing” is too strong here, since it implies something illegitimate). This in itself (e.g. sending with an academic From: via Gmail) shouldn’t be frowned upon. I can understand someone wanting to see an academic address in the From: header though. (Again, the fact that it is easy to spoof is not the point, since I can reply to it and confirm anything I need confirmed.)

By: Lab Lemming

Lab Lemming — Thu, 16 Dec 2010 11:11:31 +0000

On a related note, why do post-docs use their academic email address as a corresponding author address when submitting to journals whose mean submit-to-publish time is longer than the duration of the post-doc?

By: Charon

Charon — Thu, 16 Dec 2010 04:09:08 +0000

I did finally get a gmail address, but I’m still not sure why people are obsessed with using it for everything. I can access my university account via IMAP at work, at home, on my laptop, and on my phone. When I am I ever not able to send email directly from the university address?

And I actually find it useful to keep the gmail and university addresses separate. One for private life, one for work, both accessible anywhere.

Gmail: it is not water. You can live without it.

By: Sean

Sean — Wed, 15 Dec 2010 21:31:25 +0000

It happens more with grad-school applications. But I’ve had at least one place in England that wouldn’t accept a postdoc rec.

By: Chaz

Chaz — Wed, 15 Dec 2010 21:22:54 +0000

Or is it just letters?

By: Chaz

Chaz — Wed, 15 Dec 2010 20:49:27 +0000

“there are still some backwards institutions out there who refuse to accept letters submitted from non-academic email addresses”

Sean, who is doing this? I’m on the market and I’ve been sending applications from my Gmail account.

By: uhmmm

uhmmm — Wed, 15 Dec 2010 15:54:10 +0000

ANON at 16 has never heard of SMTP spoofing. Spoofing is really a strong word, since it is so trivial to issue an arbitrary envelope address; indeed, that’s what gmail does for Anil at 5.

eleusis at 8 is a victim of reformatting; a straightforward copy and paste will fail to verify his message.

By: ANON

ANON — Wed, 15 Dec 2010 15:20:52 +0000

This post is rubbish. I wouldn’t accept letters from gmail either. If I get an email from sean.carroll@caltech.edu, I can be pretty sure that the message is coming from someone at Caltech with the right name. But seancarroll23@gmail.com? I have no way to verify that. Of course I could try calling, but if I’m reviewing 600 graduate school applications and have 1800 letters of reference in front of me, I don’t have time for that.

If you have an academic appointment, you undoubtedly have an academic email address and enough smarts to figure out how to use it. So do it.

By: Jeff

Jeff — Wed, 15 Dec 2010 14:34:50 +0000

Wait, so these institutions categorically exclude the possibility that a non-academic could write a letter of recommendation? Another example of the prevailing notion that a person ceases to exist when they leave the ivory tower.

By: Bee

Bee — Wed, 15 Dec 2010 11:10:56 +0000

Really? I never noticed. How do they decide whether an email address is “non-academic”?

Like somebody else above, I have about 5 or 6 email addresses that are all forwarded to my gmail account anyways. The reason I finally settled on gmail is partly what you say, that it saves me the effort of having to change my address every time I move. The maybe more important reason is that my gmail account has proved to be the most reliable one.

By: Cusp

Cusp — Wed, 15 Dec 2010 06:38:00 +0000

I have gmailed masking my “academic” address (although I have three of those). So, emailed references are OK.

BUT I have one person applying for a postdoc where only paper references are allowed – Huh??

By: Will Hughes

Will Hughes — Wed, 15 Dec 2010 02:17:59 +0000

@10 Miller:

If you don’t configure Gmail to send email through your university’s mailserver, then it’ll send email “from” your university email address, but add “on behalf of” headers which show your gmail address.

As long as your University (or other email provider) has a generally-accessible SMTP server, you can send using your university email address without any indication of your gmail account being added.

- Will.

By: miller

miller — Wed, 15 Dec 2010 01:06:08 +0000

I have six e-mail accounts, and they’re all redirected to my one gmail account. I can also send out e-mails through any of these accounts, using only gmail.

Unfortunately, there have been at least a few cases where this does not work. That is, people see the mail as coming from my gmail account instead of my other e-mail account. This is a problem, because I hate having to use the university mail interface, and I’m also trying to keep my main address secret.

By: Brian Too

Brian Too — Wed, 15 Dec 2010 00:50:45 +0000

@8. eleusis,

While I applaud your intent, I find that in reality nearly all security systems generate problems. Sometimes big ones. That includes PGP.

In fact I think that is a big reason why PGP hasn’t become an overwhelming success. Truth is it could be called a modest success. Not much more.

The average person needs systems that are easy to use, reliable, and low cost. They need systems that can recover even if you suffer a loss of that private key. Systems fail, people forget, jobs change, technology updates.

Most authentication systems are based upon passwords yet the weaknesses of passwords are well known to anyone who cares to know. Biometrics has promise but the technologies are neither standardized nor ubiquitous. RSA keys are pretty good but they expire, they cost money on an ongoing basis, and if you have a low computer skills person, they can be hard to use correctly. RSA keys just aren’t meant for occasional use by the casual computer user.

By: eleusis

eleusis — Tue, 14 Dec 2010 22:20:27 +0000

- —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

For example, I just signed this message. If you had my public key, you could verify not only that it’s me, but that not one character was changed from what I originally wrote, since the gobbledy gook below acts as a cryptographic fingerprint of the content of this message (generated by my private key), and would look completely different if someone used a different key to write it or if they changed a single character. So, as long as no one steals my private key (which is the point of keeping it private , they can’t spoof me or change my messages.

It’s a system that really should be used more in this digital age.

- —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJNB+yvAAoJEO3aTpdPX4OpQX0H/irPDtjupHp0FTcfjl739uhd
80OhaUwQS58qqr1XMFJU7zcx+MuV0vtFkVfxDQjkchs5urX2dIqNtIotoO/dZJvv
XBp9yiNOnXKjj8wVGP5NE/oHeqOUKOMuk4fYg/GbJV7Nc179JPdFv8QTaYBSh5WT
F94Yr/Tg424QPGbpgmtjj/7Ixa8vJmLvu081qdzjydjpF2XUPq6RakQ2V1wnQtK9
LfueL69bn8OG3sYdwrz90YRuxIlhx+R5eHDdh8ZDat9zPZBTfEBC+/MzeTAnhqY2
3nR0n7Ve34MhFID5TFPf2HQ5yGIVOilia9DHVK/dxlOdxFot7xlQgg8VV+BOLSc=
=xjFV

By: eleusis

eleusis — Tue, 14 Dec 2010 22:05:47 +0000

@1 David, you could PGP sign your email. Some software development projects are coordinated by people who live around the world, and they need ways to verify their identity to upload patches to the software repository, and for various other reasonsc. They often use PGP signatures.

http://en.wikipedia.org/wiki/Web_of_trust

By: spyder

spyder — Tue, 14 Dec 2010 21:22:54 +0000

the recipient knows that you are “the” Sean Carroll and not an impostor?

mmmmm… perhaps the phone? Then again, never would a profligate student use a professor’s .edu email address to send a recommendation under the assumed name?

By: Anil

Anil — Tue, 14 Dec 2010 20:42:36 +0000

BTW, if you are using gmail, then you can also send using the “.edu” mail address from gmail. You can make it your default email address so that even though you use gmail the email will have the academic email address on it.