Dark mode switch icon Light mode switch icon

Type carefully or deamons shell arice

7 min read

I’ve owned way too many domain names. Some of them I use for actual production projects. Some of them wait for their turn to host a new brilliant business idea. Others I buy for funsies because they look cool. Yes, I agree my spending habits are questionable. But sometimes this is too much fun for wrong reasons.

You see, when you own a domain name, you can attach an email address to it. That way people can send their nudes to you at literally.whatever.here@myfancydomain.com. The trick is that it’s no longer relevant what you type before the ‘@’ sign. All you have to do is to get the recipient’s domain name part right, i.e. that part after ‘@’ sign (myfancydomain.com in our example).

Gmail offers similar functionality by disregarding a dot ‘.’ altogether (you can receive email at penisland @gmail.com, pen.island@gmail.com as well as other uncanny variations) and supporting a plus sign ‘+’ (you can subscribe to your favorite newsletter about pens at penisland+newsletter@gmail.com, sign up for a Twitter profile using penisland+twitter@gmail.com and many, many others - any mail sent to these addresses will reach your inbox).

Email providers that support custom domains usually offer a ‘catch-all’ option which does this nothing before ‘@’ sign matters trick. It’s a powerful feature that makes managing incoming email way easier and unlocks many cool usage ideas as long as our anti-spam measures are good enough.

Because you see folks, when you decide to go ahead and enable catch-all email with your domains, you cross the point of no return. You will see things you may not want to see. Domains somebody else has owned before become scary in particular. Domains that look similar to other existing domains are dangerous tool if you know what you’re doing.

No, I didn’t forget the password. You did.

It all started with notifications from a social media site I stopped using a while ago. I distinctly remember the moment of quitting every single social network because I usually do it out of frustration. I was 100% positive those notification emails shouldn’t have reached my end.

That wasn’t a big deal until the email frequency was low. Easy enough for a filter to redirect them to trash. But sometimes I get impatient too quickly and this is where things get hairy. I had an idea.

Let me click here… Check my inbox… Set up new password. Whoa. It worked.

The annoyance of unsolicited notification emails from a dead wannabe-Facebook stopped forever.

And did I mention I sniped a cool domain name a few months ago? No? All right. Now you know.

Nigerian prince but not exactly

The other day I got an email informing me about a thank-you note and an award from a local council in a town I had no idea existed. I was also supposed to receive a paper copy of the thank-you note to my postal address.

Sadly, the award never arrived. Maybe it was because I never replied to that email, because you know, I suck at replying to emails.

But more importantly, I wasn’t a famous hang glider like a certain guy whose email address on his website looked very similar to mine.

Famous? Oh stahp it you

Okay, unsolicited photography newsletters were kinda cool because I’m interested in photography. But I don’t necessarily print all of my photos so it’s probably a waste of time to pitch this kind of services to me.

Looking at weird Google documents I clearly wasn’t an intended recipient got old way too quickly.

Then, one evening, I was approached by a teacher from some school asking for a short personal headline and a few works of mine, claiming I was a ‘famous graduate’.

Does it have anything to do with the fact one of the domain names I had bought a few months earlier had quite a long ownership history? Maybe. You tell me.

You’re hired. Maybe. I don’t know?

Another day I started working on a personal project that was using a very short internet domain so that I could squeeze as many characters into the URL as possible.

Then I got a job application. Someone wanted to become my business development officer. Boom, another one followed shortly. Application letters, references, passport scans.

Hang on. I was building a side project, not a startup featured in TechCrunch.

Doing the best of my Google skills I found a job opening both of these gentlemen referred to. And yes, you guessed it right. Applicants were supposed to send their applications to an email address that in fact belonged to your struly. Except I don’t remember running an oil company somewhere in Africa.

There’s no ‘Luke’ in real estate business. Unless there is.

Meanwhile on the other side of a planet, some property management company was happily minding their own business. Until their business became partly my business regardless of whether I liked it or not.

First, it was an invoice for security services.

Then, some welcome emails from free trials of paid online services.

Then, a payment alert for security services.

Some random email threads discussing stuff I didn’t really want to know about.

I was even treated with some communication from a disgruntled coworker, sent via MMS from an iPhone.

The domain name of a company in question, unlike mine, contained a digit at the beginning. Someone forgot to include that number in their email. And it all snowballed from there.

Casino, not royale

But most of all, I would like to shake hands with that gentleman who decided to sign up for an online casino using an adress in another domain of mine. Dude, I’m glad you were smart enough to use all of the bonus you were eligible for because you know, I like playing poker for money. Especially when someone else sponsors my games.


Yes, I have more stories like that. No, I don’t feel comfortable sharing them. No, I no longer use catch-all email with domains that have online presence way too rich for my liking. No, I am not writing this to brag.

You see, Google’s motto ‘don’t be evil’ wasn’t really a moral paradigm. It was a covert way of saying ‘don’t compete with us at being evil’. I never tried because I prefer better and less stressful ways of wasting my time.

But it didn’t have to be me. Believe me, I could easily make a very questionable use of those juicy details about random people online.

If there is something I would like the internet to take away from this piece, it’s the following:


Especially on a touch screen. Especially when it’s an address, bank account number, your social security number or any other detail that offers no room for error. Especially when you’re on the rush.

Slow down and look critically at the atrocities your autocorrection just committed. Maybe think twice before sending.

Don’t drink and text.

Also, there’s a difference between fancydomain.com, 2fancydomain.com and fancydomain.com.pl. I kid you not. Just like Poland in Europe and Poland in Maine are not the same places, similar addresses on the internet might not (and in 99% cases will not) point at the same resource.

I agree user interfaces of our computing devices don’t always cater for wide range of human imperfections. Not all input fields on forms we fill have reliable validation, if any. It doesn’t change the fact it is still your sole responsibility to get your message delivered to each and every person you want without inviting extra guests to the conversation. People lose money due to mistyped bank account numbers. Space equipment gets lost in space if numerical data isn’t precise enough. Antisocial nerds write blog posts about cases like that.

What does even ‘struly’ mean? Nevermind, I’ll leave it as is.

Originally published on by Łukasz Wójcik