My feedback

1 result found

1. Enable search and notifications for email addresses using the "+" syntax

   2,646 votes

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   117 comments  ·  General  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   An error occurred while saving the comment
   Joe Kirwin commented  ·  Dec 21, 2021  ·  Edit…  ·  Delete…

   Lead with an example:

   Search for pwned.hibp@gmail.com and (if this was a real account) pwnedhibp@gmail.com and you'd get different results. Yet for all intents and purposes it's all your data that had been leaked as they are the same account.

   Would it be possible to define some canonicalizers for very popular email providers that remove superfluous things such as periods from the address both in the breach corpus and when searching?

   I realize that there could be some user that likes to leverage things like
   pwned.hibp+salesConference@ to track down which party exposed some breach, but I feel like that use case is not as broadly useful as giving people a full breach list.

   References:
   - https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html

   Save Submitting...
   Joe Kirwin supported this idea  ·  Dec 21, 2021