Anecdote, but I've never been able to use Claude (directly) because their defense systems seem overly sensitive to your email address. I signed up for Claude using a relatively new Outlook email address that I set up for an independent purpose. My account got instabanned. Like, I couldn't proceed at all. I don't even know what the Claude UI looks like. All I could do was appeal using a Google Form.
I appealed and got a standard Google Forms response. There was no follow-up after that. It never got fixed and I never tried again... plenty of free, more accessible fish out there, and various agents like Copilot give me access to Sonnet anyway.
But now I wonder, what is it about the account that triggered this block. If it was because of the reputation of the account, how did Anthropic even know that this account was created a few weeks ago?
There are vendors like Emailage that somehow determine the age of email addresses. Very useful because fraudsters tend to buy credit cards and bank accounts, then need to complete the identity by registering an email address for that identity.
Historically, outlook emails have been very easy for this compared to gmail addresses, which require phone numbers, etc.
One of the reasons "aged" account marketplaces got more popular. People buy from vendors that farm a ton of these accounts and wait to sell them, or those reselling compromised accounts (especially with EDU accounts before institutions actually implemented security controls).
Same here - though I used my personal email domain with claude as the local/username. They autobanned that one and then banned my actual personal email. The only one that worked was a Google login. My appeal had a boilerplate response.
Technically (or, at least, historically), they should have used the indefinite pronoun "one" i.e. "...because their defense systems seem overly sensitive to one's email address". But I imagine that would've got more comments than using you/your.
Maybe they should read that article (that was on HN) from the other day and switch to using account numbers with no customer information since that'd be about the same difference anyway given this behavior.
The funny thing is that if you ask Claude if you should use email address as a primary key it will pretty adamantly warn you away from it:
> I'd recommend against using email as the primary key for a large LLM chat website. Here's why:
> Problems with email as primary key:
> 1. Emails change - Users often want to update their email addresses. With email as PK, you'd need to cascade updates across all related tables (chat sessions, messages, settings, etc.), which is expensive and error-prone
Well it does eliminate a whole list of problems related to account takeover, account recovery workflows, legal questions regarding which email owns the data, etc. Sometimes less is more. Secure, reliable, simple.
That's pretty obvious to anyone who had to maintain a high traffic site. Just the tip of the iceberg (I haven't included additional legal issues and other):
1.1 Strong protection against account takeover
Email change is one of the most abused recovery vectors in account takeover (ATO).
Eliminating email changes removes:
Social-engineering attacks on support
SIM-swap → email-change chains
Phished session → email swap → lockout of real user
Attacker must compromise the original inbox permanently, which is much harder.
1.2 No “high-risk” flows
Email change flows are among the highest-risk product flows:
Dual confirmation emails
Cooldown periods
Rollback windows
Manual reviews
Fixed email removes an entire class of security-critical code paths.
1.3 Fewer recovery attack surfaces
No need for:
“I lost access to my email” flows
Identity verification uploads
Support-driven ownership disputes
Every recovery mechanism is an attack surface; removing them reduces risk.
If anything, this makes account takeover and account recovery way more difficult. It probably makes a bunch of legal stuff easier for them, but that’s about it.
>When creating an account, please make sure you use an email you'll have long-term access to.
I'm just guessing, but the above might suggest a potential incentive: They would like you to hand over a valuable/longterm email, as opposed to a temporary email (for supposedly more privacy or testing), by making it difficult to change it later.
'Dark patterns are the pavement of todays corporate infrastructure.'
I know, what’s so special about email? The common thing between your accounts, that the company that has a lot of chat history is allowing you not to change?
I can only assume there is some database structuring issue where things would potentially be broken if emails aren't update correctly, but I'm just guessing.
It sort of makes sense. These guys were AI labs before they were ever web developers. They prompted me to switch to a business account, so I did but my business email is not my personal email and I promptly lost all the old chats. Well, all right then.
Perplexingly, this business account is as bad as a Google Workplace account. It has restrictions on it that I didn't have when I was on my own account. As an example, I can't share chats outside the organization. Fine, all right then.
I wonder how they'd handle this under the GDPR, which has an explicit "Right to rectification".
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You can't change ChatGPT email address, either, fwiw.
The email I signed up for got compromised a couple of months ago and I ended up having to delete my entire GPT account, losing all my history, to recreate using a new email.
It was super annoying and, out of hundreds of websites I had to update, only OpenAI and Anthropic wouldn't let me change my email. A few of them required contacting support with some sort of proof, but at least doable.
Is there a way to export out of one account into another?
I made the mistake of using my company provided ChatGPT account for non-work stuff. It was fine before the memory features came out. But now I'm regretting not having a separate personal one.
I don't know. I actually find it harder and more stressful to write code in a way that does not meet a certain quality level. it require me to actually think more.
It's king of weird, but I have tried over the years to develop a do-just-what-is-necessary-now mindset in my software engineering work, and I just can't make my mind work that.
For me, doing things right is a way for me to avoid having to hold too much context in my head while working on my projects. I know the idiomatic way to do something, and if i just do it that way, then when I come back to it I know it should and is architectured.
I appealed and got a standard Google Forms response. There was no follow-up after that. It never got fixed and I never tried again... plenty of free, more accessible fish out there, and various agents like Copilot give me access to Sonnet anyway.
But now I wonder, what is it about the account that triggered this block. If it was because of the reputation of the account, how did Anthropic even know that this account was created a few weeks ago?
Historically, outlook emails have been very easy for this compared to gmail addresses, which require phone numbers, etc.
Everything else including email and username should be changeable (provided there's no conflict with other accounts)
I had to switch emails so I had to create a new account.
Seems bonkers.
Unless there is some deep technical reason why things have to be this way, which I very much doubt.
And now they can't change it? Where is Claude when you need him/her
> I'd recommend against using email as the primary key for a large LLM chat website. Here's why:
> Problems with email as primary key:
> 1. Emails change - Users often want to update their email addresses. With email as PK, you'd need to cascade updates across all related tables (chat sessions, messages, settings, etc.), which is expensive and error-prone
> [Edited for length]
1.1 Strong protection against account takeover
Email change is one of the most abused recovery vectors in account takeover (ATO).
Eliminating email changes removes:
Social-engineering attacks on support
SIM-swap → email-change chains
Phished session → email swap → lockout of real user
Attacker must compromise the original inbox permanently, which is much harder.
1.2 No “high-risk” flows
Email change flows are among the highest-risk product flows:
Dual confirmation emails
Cooldown periods
Rollback windows
Manual reviews
Fixed email removes an entire class of security-critical code paths.
1.3 Fewer recovery attack surfaces No need for:
“I lost access to my email” flows
Identity verification uploads
Support-driven ownership disputes
Every recovery mechanism is an attack surface; removing them reduces risk.
I'm just guessing, but the above might suggest a potential incentive: They would like you to hand over a valuable/longterm email, as opposed to a temporary email (for supposedly more privacy or testing), by making it difficult to change it later.
'Dark patterns are the pavement of todays corporate infrastructure.'
Obviously, there's a way to do that still. Not saying it's a good idea. But if I had to guess as to why, that's the one that comes to mind.
Perplexingly, this business account is as bad as a Google Workplace account. It has restrictions on it that I didn't have when I was on my own account. As an example, I can't share chats outside the organization. Fine, all right then.
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
https://gdpr-info.eu/art-16-gdpr/
Obviously if you change your email address, the old one ceases to be correct, even if it was correct before.
The email I signed up for got compromised a couple of months ago and I ended up having to delete my entire GPT account, losing all my history, to recreate using a new email.
It was super annoying and, out of hundreds of websites I had to update, only OpenAI and Anthropic wouldn't let me change my email. A few of them required contacting support with some sort of proof, but at least doable.
I made the mistake of using my company provided ChatGPT account for non-work stuff. It was fine before the memory features came out. But now I'm regretting not having a separate personal one.
Edit: For ChatGPT (not sure about Claude) https://help.openai.com/en/articles/9106926-transferring-con...
maybe they should ask CC to fix this...
It's king of weird, but I have tried over the years to develop a do-just-what-is-necessary-now mindset in my software engineering work, and I just can't make my mind work that.
For me, doing things right is a way for me to avoid having to hold too much context in my head while working on my projects. I know the idiomatic way to do something, and if i just do it that way, then when I come back to it I know it should and is architectured.
Can this be used as a dagger to the heart of all the arguments about the revolutionary nature of what we currently call AI?
What a mockery this is.