Saturday 22 August 2009 — This is almost 14 years old. Be careful.
One common complaint about “bad” email validators is that they don’t allow plus signs in email addresses. Sophisticated users use plus signs to have “different” email addresses delivered to the same inbox: email@example.com and firstname.lastname@example.org both go to email@example.com.
It occurred to me though, that the prohibition against plus signs might not be an oversight, but an intentional attempt to prevent one user being able to register with multiple email addresses on a single site. In other words, the very characteristic of plus signs that make them appealing to geeks also make them a useful tool for spammers. As CAPTCHAs show, spammers must be thwarted even if it inconveniences some honest users.
@Peter: if the goal is to prevent spam, then I would expect there *not* to be a specific error message. The less information you give the enemy, the stronger your defenses. Have you noticed when you enter an incorrect password, the message isn't "Password is incorrect?" It's always "your username and password don't match" or something similarly vague.
@Charles: maybe you can help answer this question by telling us: why do you exclude plus signs?
Within these rules any further interpretation of the local part (e.g., of "usr+cat") would, it seems to me, be a matter for the receiving e-mail system. It would be a bit much, therefore, to eliminate addresses containing "+" unless you only did it for systems you knew made this special e-mail box sharing interpretation.
My ISP sends everything in my domain to my e-mail box allowing me a near infinite number of possible addresses. If somebody wanted to play the "+" trick mentioned above they'd only need to get an account like this to get round any such "+" filtering.
Hmmm, I think I might start using ++@mydomain for issues related to a certain derivative of C.
@Jean: This typically means the company is sending spam, otherwise they wouldn't worry about getting filtered.
Add a comment: