Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ Recovering Google Workspace: A Detective Story Ivan Drucker For the uninitiated, [1]Google Workspace is the paid version of Google's suite of products such as Gmail (with your own domain, not a gmail.com address), Google Calendar, and Google Docs. It was previously called G Suite, and before that, Google Apps. When it launched in 2006, Google Apps was free, and those who got in early got to keep it at no cost even after Google started charging new customers. This year, after backing down from a deeply unpopular plan of forcing everyone to pay, Google required that free Google Workspace users assert they don't use the product for business purposes (see '[2]Google Lets Legacy G Suite Users Keep Their Email for Free,' 18 May 2022). Well, what would happen if you failed to make that assertion, or, worse, didn't even realize it was required, because you're not the super administrator of your Google Workspace account and the person in that role is long gone? A new client of mine found out the hard way: Google converts the account to a paid version, and then, after a grace period for adding payment information, suspends the whole account, preventing access to any of its mailboxes. This is my tale of obsessively venturing down a deep rabbit hole to recover that account. It is also a cautionary tale about how if an account is important to you, you need to be its maximum-level administrator, even if someone else sets things up for you. (For this reason, I also caution against resold "white label" services, rather than having an account directly at the source. What if your reseller disappears?) Who's the Super Admin? My client'let's call her Connie'had the email for her one-person business hosted at Google Workspace since the early, free days. (Human and domain names in this story have been changed to protect the innocent.) She woke up one day to discover that her email was no longer coming in on any device. Connie accessed her email using Gmail's Web app, so Mail on her Mac did not have a history of existing email, either. When she tried to load Gmail, Connie was informed her account had been suspended, and that she needed to contact her administrator. What administrator? It was my job to figure that out. Google provides no simple way to contact an account's administrator or even identify the administrator's email address. There might be a certain amount of sense to this policy in an organization with a large IT department, but it was a liability in a situation such as this. I asked Connie if someone else had set up the account for her. She thought so, but the only person she could bring to mind was a long-departed employee we'll call John, with whom she was still in touch. Unfortunately, neither of them remembered John's password for his Google account. Worse still, our attempts to reset his password were met only with a directive to contact the administrator... which was theoretically John himself. That made me suspect there was another administrator in play with a different account, but Connie couldn't remember who that might have been. Next, I tried Google's 'Forgot email?' option, which allows you to find a Google account's email address using a recovery email address or phone number, plus first and last name. That turned up personal (non-Workspace) Google accounts for both Connie and John, but no one else. What next? Google's Admin Toolbox has [3]a somewhat obscure form that lets you request a user be promoted to Super Administrator (or contact the administrator, but that wouldn't help us). To submit this form, you have to be able to edit the DNS zone records for the domain to prove that you own it. So I did that, but, alas, to no benefit. The form results said that Google would contact the existing Super Admin, and, if not disputed, Connie's promotion to Super Admin would happen automatically after 72 hours. Except it didn't. Ominously, the form also said that the request would be manually reviewed, and any further information needed would be requested by email... which is hard to respond to when your email account has been suspended. It's a chicken-and-egg scenario. Google clearly hadn't considered this situation. Worried that the suspended account would soon be deleted, and with my client already having been without her email for five days, I had to speak with someone at Google; the only way to do that is to have an active, paid Google Workspace account. So I used my account, and fortunately the support agent helped me despite my issue being about a different account. He directed me to [4]a different form which lets you specify a non-domain email address for contact. That form provided instructions for more DNS zone editing, which I performed, with no great optimism but apparently no other options. My doubt turned out to be well-founded when I received an auto-reply saying that Google support's caseload was overwhelmed, they were closing the case, and I needed to use the Admin Toolbox form. Which I'd already tried. Another hour burned. But, I'm a tenacious guy. And this is when it gets interesting. Poking around, I was surprised to discover that a suspended Google Workspace account still lets you access a user's Google Contacts. Within there, I was able to see the company directory'which revealed the name and Google Workspace email address of that third email account I thought likely to both exist and be the Super Admin. Let's call that person Rachel Kole. This was a partial victory all by itself! I'm the Super Admin! It was the middle of the night, and I probably could have just waited until the morning to ask Connie whether she had any contact info for Rachel, and perhaps I could have found Rachel on the Web, but I was hot on the trail. Also, I really didn't want to go to all this effort only to discover that Google had deleted the suspended account while I waited for more information. I attempted password recovery for Rachel's account, and this time I was given some different options, suggesting that she was indeed the Super Admin. Specifically, I had to identify her recovery email address, with this as the clue: '˘'˘@daw'˘'˘'˘'˘'˘'˘'˘'˘'˘.com. I searched for Rachel by her full name and turned up, on a LinkedIn page, a business whose name might fit the email pattern: Dawson & Kole. Then I searched for Dawson & Kole and found a few references to dawson-kole.com. Bingo. (Though the minimal search results made it hard to tell what the company did.) The dawson-kole.com domain had no website, so I next turned to the ever-remarkable and invaluable [5]Wayback Machine, which revealed that a website for dawson-kole.com had existed between 2008 and 2016, though its contents couldn't be displayed at all, regardless of snapshot date. There was also a more significant hurdle: if dawson-kole.com was indeed the correct domain, and I could correctly guess the full recovery email address, how would I get the two-factor code Google would email to that address? On a hunch, I checked to see whether dawson-kole.com was still registered... and it wasn't! And, fortunately, it had not been re-registered by a domain squatter. So I registered it in my own GoDaddy account. Now I owned dawson-kole.com. Oh yeah. GoDaddy no longer provides free email with domain registration, so I figured I'd create a new trial Google Workspace account for dawson-kole.com. But Google wouldn't let me do that, apparently because that domain was never removed from Google's world, despite there no longer being a registered domain behind it. This seemed like an excellent opportunity to try out the relatively new Custom Email Domain feature of iCloud+ ('[6]How to Set Up Custom Email Domains with iCloud Mail,' 27 August 2021). That process, I was pleased to discover, was a breeze'I signed into iCloud.com, punched in the domain, signed into GoDaddy when prompted, and iCloud took care of the necessary zone record setup. I elected not to create an email address, since I didn't yet know what it should be, and what I ended up with was a catch-all, with any mail sent to any address at dawson-kole.com arriving in my iCloud Mail. Huzzah! After sending some test emails to confirm that I indeed could receive dawson-kole.com mail, I went back to Google Workspace and tried to guess the recovery email address: [7][email protected], [8][email protected], [9][email protected] After the third try shook me off, I was blocked from trying again for a few hours. Much like anyone who has tried to remember an iPhone passcode, I decided to research my next guess carefully. I tried further internet searching but couldn't find Rachel's email address (for dawson-kole.com, anyway). So, I took another crack at the Wayback Machine. But all of its snapshots returned the same thing'a single frame with a broken image. Jumping Back Flash I had an idea as to what was happening: the late 2000s were still the era of Adobe Flash-based websites, and some sites would not render at all if you didn't have Flash Player installed. In 2022, Flash is blocked by every major browser and Adobe itself. I took a look at the source code of the Wayback Machine page snapshot and found the telltale reference to a file ending in .SWF. (It was a bad flashback.) I happened to have an unused 2012 MacBook Pro around, so I started it up into macOS Recovery with Command-Shift-Option-R, which enables installation of whichever version of macOS originally came with that model. Soon I was running macOS 10.8.5 Mountain Lion. Unfortunately, versions of Safari that old are largely incompatible with modern websites due to certificate expiration and lack of current HTML/CSS support. So I tried to download [10]Waterfox Classic, a fork of Firefox that runs on old versions of macOS, but Safari wouldn't let me, so I first downloaded [11]Firefox 48, which is nearly as useless as Mountain Lion's Safari in its Web compatibility but does better with HTTPS issues. Then I used that 2016 version of Firefox to get Waterfox Classic, into which I intended to install Flash Player. (It turns out none of these elderly Mac heroics were necessary. I later figured out that [12]Firefox 84 still supports Flash Player on Intel-based Macs running macOS 12.6 Monterey. Another option would have been to download the SWF file and open it in [13]Elmedia Player, set to run in Rosetta mode if on a Mac with Apple silicon.) Adobe no longer distributes any version of Flash Player, and the final versions of it intentionally ceased to operate after 12 January 2021. So I found, via the [14]Internet Archive, the last version of Flash Player (32.0.0.371) that does not self-destruct after that date. Obviously, getting software from an unknown source carries its risks, but this was an empty computer. I forged ahead. I installed Flash Player, headed back to the Internet Archive, et voilĂ , I was looking at the website of dawson-kole.com, circa 2016. Boom! Holding my breath, I clicked the About link, and there it was, in all its glory: [15][email protected] Jackpot! Recovering Rachel Back to Google Workspace I went, and by this time, I'd been let out of try-again jail. I typed in Rachel's correct recovery email address. A few seconds later, there it was in my iCloud mailbox: six glorious digits delivered to [16][email protected] I fed them back to Google, hoping the password reset process would not make me jump through further hoops, like demanding the account creation date or other obscurata, which I've seen its security algorithm require before. But, happily, I was simply prompted for a shiny new password, which I was more than happy to give it. Once I had changed Rachel's password and logged in as her, I was immediately required to provide payment information, which I did. I then promoted Connie to Super Admin, designated her as the primary administrator, and ensured that she could access all recovery information for all her accounts. There was one final check to make, the most important one. I clicked over to Connie's Gmail, and there it was! All her email back from the dead, or at least purgatory. Then I deleted dawson-kole.com from my GoDaddy account, asked for a refund, and went to bed. Epilogue Connie was overjoyed to have her email returned to her. It's not every day that, as a consultant, I get to be a detective hero, but when it happens, it reminds me why I do what I do. Connie did tell me she remembered Rachel Kole, and it would have made perfect sense that Rachel would have set up Connie's email long ago, but it had been 15 years since their last contact! And, just to say it again, let me preach: always be your own administrator. And if you're a professional or friend setting something up for someone, give that person agency to solve problems without being dependent on you. No one wants to end up where Connie was'a few of the key steps in my recovery process depended on good luck, such as being able to claim the domain and seeing a historic version of a defunct website, so there's no guarantee such an approach could ever be duplicated. Ivan Drucker is the founder and CEO of [17]IvanExpert Mac Support in New York City and Santa Barbara. He is a former software quality engineer for Apple and began using his first Apple II in 1978, at the age of eight. References 1. https://workspace.google.com/ 2. https://tidbits.com/2022/05/18/google-lets-legacy-g-suite-users-keep-their-email-for-free/ 3. https://toolbox.googleapps.com/apps/recovery/form 4. https://support.google.com/a/contact/recovery_form 5. https://web.archive.org/ 6. https://tidbits.com/2021/08/27/how-to-set-up-custom-email-domains-with-icloud-mail/ 7. file://localhost/cdn-cgi/l/email-protection 8. file://localhost/cdn-cgi/l/email-protection 9. file://localhost/cdn-cgi/l/email-protection 10. https://classic.waterfox.net/ 11. https://www.mozilla.org/en-US/firefox/48.0/releasenotes/ 12. https://www.mozilla.org/en-US/firefox/84.0/releasenotes/ 13. https://www.elmedia-video-player.com/ 14. https://archive.org/ 15. file://localhost/cdn-cgi/l/email-protection 16. file://localhost/cdn-cgi/l/email-protection 17. https://www.ivanexpert.com/ .