Thanks JoshFraser, I have appended a note to the blog post to check your comment on here. Although the Google Apps team may have altered their policies according to my blog post which I contacted them about 2 months ago. This issue is still a serious matter. I would have still been able to access the person's Amazon account using a wildcard email address. Although it does lessen the blow if a social engineer takes a hold of your domain as they might not be able to get into your GMAIL, but the real lesson here is you shouldn't let your domains expire with any form of identity or online accounts still attached to them.
It's also a cautionary tale of what you leave up on the cloud when you abandon your email account. I could have potentially found a lot more damaging information from gaining access to this persons email.
> This issue is still a serious matter. I would have still been able
> to access the person's Amazon account using a wildcard email
> address.
That's just a general 'loss of domain' issue. It would also be much
harder. This Google Apps issue allows you to exploit everyone using
that domain without any prior knowledge. Without access to the
previous Google Apps accounts, you would have to be specifically
targetting someone. (Note: This is the same for any service similar to
Google Apps.)
It's also a cautionary tale of what you leave up on the cloud when you abandon your email account. I could have potentially found a lot more damaging information from gaining access to this persons email.