You should not be deliberately programming data leaks into HIBP!
Just because Google started to support this "+tag" idea does not undo the fact that + has been a valid char left of the @ in internet email addresses since there have been internet email addresses. Go read the RFCs.
Now, if you want to do it on a domain-by-domain basis after verifying that a domain that supports "+tag" otherwise does not allow + on the left of @ in any other email address, all power to you, but please do not do it for all domains "because Google supports it". The internet has already had far too much non-standards conformant cr*p to deal with because of attitudes like that in past (when variously Sun, IBM and MS have been the problem actors).
Nick
You should not be deliberately programming data leaks into HIBP!
Just because Google started to support this "+tag" idea does not undo the fact that + has been a valid char left of the @ in internet email addresses since there have been internet email addresses. Go read the RFCs.
Now, if you want to do it on a domain-by-domain basis after verifying that a domain that supports "+tag" otherwise does not allow + on the left of @ in any other email address, all power to you, but please do not do it for all domains "because Google supports it". The internet has already had far too much non-standards conformant cr*p to deal with because of attitudes like that in past (when variously Sun, IBM and MS have been the problem actors).