The recent story by Matthew Miller about being victimized by a SIM swap prompted me to change the email address on my Twitter account (@defensivecomput). Twitter doesn't know my phone number, but as I suggest in the Extra Credit section of my DefensiveComputingChecklist.com website, it is far safer to use a different email address with each system that requires one. The email address on file with Twitter was one that I have used with many other companies, so it was time for a change.

First, I created a new email address at a domain that I own (not michaelhorowitz.com) and sent it a test message. All was well.

Then, I logged on to twitter.com and tried to change the email address. The process involves sending an email to both the old and new addresses. Each had a problem.

The message to the old email address was classified as SPAM. Worse, the message said that the email address had been changed, when, in fact, it had not actually changed. Even as I write this, it has not been changed.

The message to the new email address never arrived. I waited a bit, then requested they send it again. Still nothing. I sent another test message to the newly created email address and that arrived just fine. The problem is not on my end. Eventually, I logged out of Twitter, waited a bit, then logged back in. It is still pending a confirmation from the email that never arrived.

Next, I sent a Direct Message to @twittersupport but it wasn't from a supported Twitter client (their own) so they sent me off to their website, to help.twitter.com/forms. There, I select email as the topic and submit a problem ticket. The response:

"Though we cannot respond to individual reports, the information provided helps us make Twitter better for everyone. We appreciate your help!"

If you don't pay for something, you are not entitled to technical support.

- - - - - - - - -

Twitter documentation: How to update your email address is quite trivial. Help with email address confirmation rounds up the usual suspects. If you don't get the email, maybe it was SPAM. Or, you typed it wrong. Or Gmail filed it wrong.

UPDATE June 21, 2019. I was wrong. The messages were being sent to the new email address and flagged as SPAM (just as the messages to the old email address were). How could I make such an obvious mistake? In part it has to do with multiple email addresses in multiple systems being dealt with with multiple email clients. But really, I've been sick and not thinking well. Still, Twitter was wrong telling the old email address that the email address had been changed before it had changed.

An email message. From Twitter??

SECOND UPDATE June 21, 2019. Since, this blog is titled "Twitter has a few problems with email", let me add another problem. Shown here is an email message from Twitter that resulted from my logging in to twitter.com. The box at the bottom, is, arguably, full of lies.

For one thing, it says nothing about the FROM address of the email. A lie of omission. You can not tell anything from the FROM address, it can be faked.

Saying that a padlock icon means a site is secure is a double lie. For one thing, a website is not an email message, so any attribute of a website tells you nothing about whether an email message is actually from Twitter or not. Ignoring that, and just focusing on websites, the statement is clearly false. Every nerd knows this is false. If you believe this to be true, see my DefensiveComputingChecklist.com website and read the sections on Verified Website Identity and Secure Websites.

As for the remaining sentence, the thought is good, but the specific wording makes it false. Many links contain twitter.com that have nothing to do with Twitter. For example:

• twitter.com.badguy.io
• twitter-secure.com
• logon-twitter.com
• badguy.com/twitter.com

How do tech companies make such mistakes?