A recent update by Google allowing users to change their Gmail address has drawn attention, but cybersecurity experts say it does little to solve deeper issues tied to email privacy and security.
The feature, which has gained visibility following its rollout in the United States, lets users modify their primary Gmail address while keeping the old one active as an alias.
The change has been framed as a way to move beyond outdated or inappropriate usernames created years ago.
Google CEO Sundar Pichai highlighted the shift in a public post, noting that users no longer need to be tied to early-era email identities.
However, experts say the update does not address the main problem facing email users today, widespread exposure of email addresses to marketers, data brokers and cybercriminals.
Once an email address is used online, it is likely to be stored across multiple databases, making it a long-term target for spam and phishing attempts. Changing the visible username does not remove that exposure, especially since older addresses continue to function.
Jake Moore, a cybersecurity specialist at ESET, said the ability to edit email addresses reflects a broader shift in how digital identity works, but warned it could introduce new risks.
“Old addresses will still work as aliases,” he said, adding that this could increase the risk of impersonation and phishing attacks.
Security researchers also point to the absence of a built-in privacy feature similar to Apple’s “Hide My Email,” which allows users to generate disposable email addresses for sign-ups and online transactions. These temporary addresses can be disabled at any time, limiting long-term exposure.
Without a comparable system, Gmail users who change their address may still need to share their primary email widely, continuing the cycle of data exposure.
The update may also create new vulnerabilities in the short term. Cybersecurity reports indicate that attackers are already using the feature as a lure in phishing campaigns, sending emails that direct users to fake login pages designed to steal account credentials.
There are also early signs of increased spam activity. Online forums have reported a rise in unwanted emails, with some researchers suggesting the address change feature could allow attackers to bypass existing spam filters and start fresh.
According to security researchers cited by industry outlets, many email filtering systems rely heavily on known sender addresses.
If attackers rotate or modify those addresses, they may temporarily evade detection until new filters are applied.
At the same time, changing a Gmail address does not stop unwanted messages from reaching the original account, since it remains active in the background.
Experts say the update highlights a broader issue in email security. While giving users more flexibility over their identity, it does not reduce reliance on a single, permanent address that is repeatedly shared across services.
They suggest that more effective solutions would include tools that limit how widely a primary email address is distributed, along with stronger controls over incoming messages.
For now, users are being advised to treat emails related to the new feature with caution, particularly those that include links to account settings, as these may be part of phishing attempts.
