I would suggest that this is all down to the question: 'When is an e-mail address not an e-mail address?' Answer: 'When it's an id.'
AIUI Google is following the standards - any e-mail sent to an ~@gmail address goes to them, they are sending it to the correct mail box (that they have provided) for that e-mail address - and they are, as is their right under the standard, ignoring any dots in the 'pre-@' part the address (which is purely their business). So
ab@gmail.~ and
a.b@gmail.~ are both valid addresses for the same destination - and if an e-mail is sent to both, the destination mail box will (or at least should) get two e-mails. But anything using an e-mail address as an id isn't bound by, or using, e-mail standards - typically I think they just check it has an @ in the middle, without worrying about anybodyelse's rules that may (or may not) comply with the standard.
And this discrepancy - that if your e-mail address is
ab@~ , and somebody can use
a.b@~ as 'their' id (but which is your email), then it is a security loophole: see (and other responses to googling 'google email netflix security fail' )?
So I think in Ellen's case the problem may actually be fraud... (and one that, from what she said, Apple are aware of)
Moral: if you have a gmail address, be aware, and be suspicious of any (money related in particular) e-mails that unexpectedly arrive, addressed to a wrongly dotted version of it. (But note that, as it is 'your' address, you can always go and get the password reset)
Moral 2: if somebody's signing up to your service with an e-mail as id, do your best to ensure it is theirs...
Jeremy? ?
