From: John Stracke <francis(_at_)ecal(_dot_)com>
The mapping address -> person is pretty strong, and mostly single-valued.
Interesting. Hypothesis: this might happen because (a) ISPs (in the US) try
to avoid reusing addresses in order to avoid ECPA problems; and (b)
corporations try to avoid reusing addresses because they'd rather have email
bounce than have confidential information go to the wrong person.
To the contrary is the corollary to "never attribute to malice that
which can be explained by stupidity." The corollary goes something
like "never attribute to careful planning or reviews by lawyers
(e.g. privacy issues) that which can be explained by laziness."
It's hard to know when a username is truely defunct. If you recycle a
username too soon you cause grief, from mail going to the wrong place to
not forwarding ex-employee mail (many outfits still do) to not being able
to accommodate a customer that left inadvertently (e.g. failed to pay a
bill) to minimizing hassles with false spam complaints. You must wait at
least a few weeks and probably at least 3 months before recycling a
username. That implies that the lazy tactic of rarely or never recycling
usernames is best. And that has implications for the (address->person)
relation.
Note also that the "dictionary attack" spammers are trying hard to teach
people to pick usernames that are globally unique. (Those are the spammers
with lists of several 100 and perhaps 1000's of common usernames that they
mix with their lists of domains. Never mind that their lists make dandy
spam traps, addresses that trap SMTP bodies that are rejected when later
sent to real addreses.)
Vernon Schryver vjs(_at_)rhyolite(_dot_)com