When some mail service makes easy to access its users list and give probablity to guess mail id its likely to become target for spammers. There should be some way to mitigate this and help users not to fall for these phishing mails. I know its upon users conscience to not to fall for false advertising but here its not a question of user side prevention but service and as a community we should find a solution for it. Perhaps the one way to prevent spammers from getting users mails ids is to provide users the ability to set custom mail id distinct from user id of overall envs platform. So spammer wont be able to guess mailid from default id atleast. Any thoughts?