My alarm bells would be going off for one reason only:
Support at google is non-existent. You would never get them proactively calling you about anything. Hell, phoning them and ending up with a human would be a miracle.
Yeah I found that out trying to report my attempt. It’s impossible to talk to a human. It was very dystopian.
I’ve been thinking afterwords what is actually the most resilient to attack digital identity strategy. Does it actually maybe mean owning your own domain and keeping it with a registrar with heavy authentication procedures and then running your own email services? It’s a huge amount of work and even then do you cloud host and then that’s a weakness. Maybe my email address should have 2FA for both sending and receiving messages, does that even exist in some IMAP extension protocol and some obscure email client.
It all sounds crazy yet if you don’t want to risk Google deciding to erase you or let somebody else take over your primary email address then maybe it’s the only possible option for an advanced threat target.
Support at google is non-existent. You would never get them proactively calling you about anything. Hell, phoning them and ending up with a human would be a miracle.