On the one hand, it’s extremely convenient for young academically-oriented people to grab an email account with Gmail or some other generic provider. The nature of the profession is that you will jump around from institution to institution — grad school, postdocs, faculty positions — and it’s extraordinarily annoying to have to keep switching email addresses with every move. Changing jobs is hassle enough as it is.
On the other hand — it’s letter-of-recommendation season, and there are still some backwards institutions out there who refuse to accept letters submitted from non-academic email addresses. Grrr. Get with the program, people!
Okay, not every blog post will be deep.
Update: prodded by Anil in comments, I verified that indeed Gmail is smart enough to let you use Gmail to send from any other email address you have. Just go to “Settings,” then “Accounts and Import,” then “Send Mail As.” Obviously you can’t use just any address, only ones you can verify. Hooray for Gmail!
Since it’s very easy to impersonate people using email how do you ensure that when you send a recommendation email the recipient knows that you are “the” Sean Carroll and not an impostor?
What about professional society emails? I think the IEEE has me sucked in for life because I have a pointer address from them. It always points to my current email, and I never have to worry about it.
Pingback: Tweets that mention Email Addresses | Cosmic Variance | Discover Magazine -- Topsy.com
I am just beginning to find out about this backwardness myself. What’s up with people — they should join us in the Digital Age.
BTW, if you are using gmail, then you can also send using the “.edu” mail address from gmail. You can make it your default email address so that even though you use gmail the email will have the academic email address on it.
the recipient knows that you are “the” Sean Carroll and not an impostor?
mmmmm… perhaps the phone? Then again, never would a profligate student use a professor’s .edu email address to send a recommendation under the assumed name?
@1 David, you could PGP sign your email. Some software development projects are coordinated by people who live around the world, and they need ways to verify their identity to upload patches to the software repository, and for various other reasonsc. They often use PGP signatures.
http://en.wikipedia.org/wiki/Web_of_trust
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
For example, I just signed this message. If you had my public key, you could verify not only that it’s me, but that not one character was changed from what I originally wrote, since the gobbledy gook below acts as a cryptographic fingerprint of the content of this message (generated by my private key), and would look completely different if someone used a different key to write it or if they changed a single character. So, as long as no one steals my private key (which is the point of keeping it private :), they can’t spoof me or change my messages.
It’s a system that really should be used more in this digital age.
– —–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJNB+yvAAoJEO3aTpdPX4OpQX0H/irPDtjupHp0FTcfjl739uhd
80OhaUwQS58qqr1XMFJU7zcx+MuV0vtFkVfxDQjkchs5urX2dIqNtIotoO/dZJvv
XBp9yiNOnXKjj8wVGP5NE/oHeqOUKOMuk4fYg/GbJV7Nc179JPdFv8QTaYBSh5WT
F94Yr/Tg424QPGbpgmtjj/7Ixa8vJmLvu081qdzjydjpF2XUPq6RakQ2V1wnQtK9
LfueL69bn8OG3sYdwrz90YRuxIlhx+R5eHDdh8ZDat9zPZBTfEBC+/MzeTAnhqY2
3nR0n7Ve34MhFID5TFPf2HQ5yGIVOilia9DHVK/dxlOdxFot7xlQgg8VV+BOLSc=
=xjFV
@8. eleusis,
While I applaud your intent, I find that in reality nearly all security systems generate problems. Sometimes big ones. That includes PGP.
In fact I think that is a big reason why PGP hasn’t become an overwhelming success. Truth is it could be called a modest success. Not much more.
The average person needs systems that are easy to use, reliable, and low cost. They need systems that can recover even if you suffer a loss of that private key. Systems fail, people forget, jobs change, technology updates.
Most authentication systems are based upon passwords yet the weaknesses of passwords are well known to anyone who cares to know. Biometrics has promise but the technologies are neither standardized nor ubiquitous. RSA keys are pretty good but they expire, they cost money on an ongoing basis, and if you have a low computer skills person, they can be hard to use correctly. RSA keys just aren’t meant for occasional use by the casual computer user.
I have six e-mail accounts, and they’re all redirected to my one gmail account. I can also send out e-mails through any of these accounts, using only gmail.
Unfortunately, there have been at least a few cases where this does not work. That is, people see the mail as coming from my gmail account instead of my other e-mail account. This is a problem, because I hate having to use the university mail interface, and I’m also trying to keep my main address secret.
@10 Miller:
If you don’t configure Gmail to send email through your university’s mailserver, then it’ll send email “from” your university email address, but add “on behalf of” headers which show your gmail address.
As long as your University (or other email provider) has a generally-accessible SMTP server, you can send using your university email address without any indication of your gmail account being added.
– Will.
I have gmailed masking my “academic” address (although I have three of those). So, emailed references are OK.
BUT I have one person applying for a postdoc where only paper references are allowed – Huh??
Really? I never noticed. How do they decide whether an email address is “non-academic”?
Like somebody else above, I have about 5 or 6 email addresses that are all forwarded to my gmail account anyways. The reason I finally settled on gmail is partly what you say, that it saves me the effort of having to change my address every time I move. The maybe more important reason is that my gmail account has proved to be the most reliable one.
Wait, so these institutions categorically exclude the possibility that a non-academic could write a letter of recommendation? Another example of the prevailing notion that a person ceases to exist when they leave the ivory tower.
This post is rubbish. I wouldn’t accept letters from gmail either. If I get an email from sean.carroll@caltech.edu, I can be pretty sure that the message is coming from someone at Caltech with the right name. But seancarroll23@gmail.com? I have no way to verify that. Of course I could try calling, but if I’m reviewing 600 graduate school applications and have 1800 letters of reference in front of me, I don’t have time for that.
If you have an academic appointment, you undoubtedly have an academic email address and enough smarts to figure out how to use it. So do it.
ANON at 16 has never heard of SMTP spoofing. Spoofing is really a strong word, since it is so trivial to issue an arbitrary envelope address; indeed, that’s what gmail does for Anil at 5.
eleusis at 8 is a victim of reformatting; a straightforward copy and paste will fail to verify his message.
“there are still some backwards institutions out there who refuse to accept letters submitted from non-academic email addresses”
Sean, who is doing this? I’m on the market and I’ve been sending applications from my Gmail account.
Or is it just letters?
It happens more with grad-school applications. But I’ve had at least one place in England that wouldn’t accept a postdoc rec.
I did finally get a gmail address, but I’m still not sure why people are obsessed with using it for everything. I can access my university account via IMAP at work, at home, on my laptop, and on my phone. When I am I ever not able to send email directly from the university address?
And I actually find it useful to keep the gmail and university addresses separate. One for private life, one for work, both accessible anywhere.
Gmail: it is not water. You can live without it.
On a related note, why do post-docs use their academic email address as a corresponding author address when submitting to journals whose mean submit-to-publish time is longer than the duration of the post-doc?
While it is easy to spoof the From: header, it is more difficult (or impossible) to spoof all headers. However, I don’t think people should have to verify an email for its genuineness.
I don’t see the point of sending through Gmail with another email address as the From: header. If you have another email address, why not send from there? (You can still forward incoming mail to Gmail or elsewhere so you don’t have to check regularly everywhere.) OK, if you regularly use Gmail, OK, but if you still have some contact with the institute with the other email address, you can log in and send the email from there.
Another point is that while the From: header is easy to spoof, sending email to it will get it to the rightful owner, assuming a) such an owner exists and b) the account has not been hijacked. So, if I get email from Sean.Carroll@caltech.edu, I can send an email there and if I get a response, I can be sure it is THE Sean Carroll (and confirm that he sent the recommendation). However, if I get an email from Sean.Carroll344@hotmail.com or whatever, the same procedure gets me a response from the owner of that address, who might not be THE Sean Carroll.
There are legitimate reasons for “spoofing” the From: header (I think “spoofing” is too strong here, since it implies something illegitimate). This in itself (e.g. sending with an academic From: via Gmail) shouldn’t be frowned upon. I can understand someone wanting to see an academic address in the From: header though. (Again, the fact that it is easy to spoof is not the point, since I can reply to it and confirm anything I need confirmed.)
Are letters of recommendation faked often enough for any of this to matter?
@Lab Lemming @23 almost certainly not, but you can say that about lots of stuff, I suppose. It only has to be done once for it to matter to those involved, so I can understand the concern even if the odds of it actually happening are vanishingly small. I can’t quite understand the obsession with gmail though. I’m away from my normal academic post and can still use my academic email just fine, though it does take a bit longer to log on from my host institution (due to my home institution’s incompetence). For the reasons stated by others, I perfer to keep my personal and work emails separate as I don’t really want to read them all at the same place.