A more general syntax would be very helpful. I've been using spamgourmet.com for many years, and many of the addresses are valid for a long time period.

Myself and many of my colleagues ONLY use this aliasing, especially since Microsoft added support for it in Office 365 (G Suite has had it for a while). Please please make this a feature!

PS: we would not expect Adobe users to make use of aliases hahaha.

thanks

@Plusplus Most often than not, the e-mail "syntax" validations that block it are Javascript and client-side only. If you're able to register it with NoScript or Javascript disabled, you're generally also able to log-in with the registered "+"-tagged email. I don't remember which service now, but there was one case where I could register it tagged, but the backend automatically trimmed the tag away, and I noticed it because the confirmation email came untagged.

The tides might be changing https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online and in the spirit of catching leaks (however obfuscated), not supporting https://en.wikipedia.org/wiki/Email_address#Subaddressing seems a bit unconstructive in supporting adoption.

Does / did Adobe allow subaddressing? (in all of its registration forms? typical hindrance)

plz plz plz do this... i use the + syntax to keep my logins unique and easily rememberable - which I think we can all agree is what we want most users doing as part of good digital hygiene. here you will be rewarding those taking the appropriate steps so that breaches do not spread further.

including a simple wildcard search where my_email_address+%@domain.com would be really useful. even if you didn't enumerate every variant of my_email_address+%@domain.com in the results but were at least able to link them in the search query. alternatively linking the email addresses (call them the parents) to the children (+something variants) would be fairly fast given that they represent 0.03% of the records and this can be done after the fact as a small post processing routine.

fully agreed, please do it!
and the stats for + sign can be like that because probably tons of people are not aware that it is possible - but most likely they are also not aware of HIBP, password managers and other stuff, and Adobe is quite popular among people with lower IT and security awareness.

I recently changed my email provider and had to change my email for all my accounts. Now I use the "+" syntax on all my accounts and would like to still receive alerts for breaches that affect me.

Manually submitting the ~30 variations of my email address + any I make in the future to hibp would be quite inefficient.

(please do it)

These usecases would be very important to me. Both the plus alias and also the dot.

As a user who wants to keep track of sites breaches or when a company has given my details to other companies without my permission I currently use the + alias: example: name+alias@mail.com

Therefore I would like for HIBP to search for all aliases variations of my email address.
so that I can find in a more precise and efficient manner all the sites where my details have been compromised.

Many thanks for keeping this in your backlog.

This feature is very important!

This would be nice to have as an option.

This addition would be really appreciated. I prefer that all Internet services comply to RFC's: in particular RFC2822.

I use a plus added to my user portion of my email address eg FirstLast+SomeUntrustedService@mailfence.com. This helps me identify email list sharing or breaches.

As a HIBP visitor, I would like the ability to search my email address and automatically include records that might have the plus symbol and trailing alpha numerics so I can see any pwnage.

Example searching for test@example.com should also return test+service123@example.com

Thanks for considering

Mike Chu

Why does the the sign in and sign up boxes in google account page suggest that users including myself without a choice other than to incorporate these *_ + , wasn't an option for me ? asking everyone from Verizon ,Sprint Boost,to family members, then reaching out to Google for direction? and Nada ...what then ? I've lost my mind,completely! Or Ignorant to technology and to the internet one of the two, "ignorant " cause I'm just ain't that detached .A lack of knowledge as said for betterterminolog.I knew my account was compromised and did what I was told. Change password and email. Or both in my case. Every person either in person,by phone ,or browsing help search and trying to explain in the describe issues box I'm not that ignorant to it anymore I kept asking. Kept reading and browsing and learning. is actually leading me to be safer online gain more wisdom and engage in more productive,and practice more meaningful usage on line join in with social media societies and help where I can l'm Just trying to get answers to my online hurts ,habits and hang ups .learning comes with mistakes . Especialy when you got to help your self. In the matter Peace be to you .

An excellent idea!!

It would be a really good addition. I've been using this feature for a while now, but it becomes unmanageable to check each alias.

I would love to see this feature added.

Btw my ISP does not use the plus sign, but rather has two other options, either xyz@mylogin.myprovider.nl or mylogin-xyz@myprovider.nl

I use the plus syntax for all my logins, it'd be great to have this supported in HIBP. I have dozens (if not hundreds) of unique email addresses that I would never know may be impacted by a breach, leaving me exposed. On one hand, I'm more secure in the masses (myname+thissite@gmail.com will have a different login and password than myname+thatsite@gmail.com) so a single breach doesn't mean I need to change hundreds of passwords. But loclaly I'm less secure because I never know if myname+thissite@gmail.com was part of a breach, so my password doesn't get updated.

Paul's comment from last year seems the most feasible. An additional column in the database for an original email address (with the alias, x+y@gmail.com) and your existing email address as a normalized email (x@gmail.com). If you use the 2 repos mentioned by Not That Hard? you could then normalize on input to the database. You could even run against the existing database and just swap out the emails for normalized ones and copy the originals to the new column. Search feature then handles searches with the normalize and strip functions so it's searching for the same thing that would be found in the database.

That provides a solution to resolve the normalization of input to the database without the alias, storing the original address involved, and searching for the email by the normalized and stripped email address. Then anyone searching x+y@gmail.com or x+z@googlemail.com will in face be searching for x@gmail.com, providing them with correct and adjusted results. You simply need to render the alias out in the results by pulling the data and offering it up next to the breach.

Most people in tech expect a breach to leak an email at some point. It'd be nice to know where from and which alias. Also happens that all people in tech rely on your site to some degree, so the people standing to benefit the most are also your biggest advocates. We're all thankful for all the hard work and time you've put into this, so please don't take any of the comments as a knock on you or the site, it's just a feature that could make a huge difference to many.