An error occurred while saving the commentStijn Crevits commented
I too use the +string method to identify sites that leaked my email address to spam lists. So this ofcourse results in a long list of variations of firstname.lastname@example.org.
It would ofcourse be nice if I could receive HIBP notifications for all of them, without having to enter each of these email address permutations.
But I can understand that this request results in some difficulties, as mentioned by others in the topic.
To David's comments, it appears that the email provider of Brian Krebs DOES follow the spec to heart and differentiates between email addresses based on capitalization (see https://twitter.com/briankrebs/status/940362654434168833).
However, the implementation of the spec differs between providers. As mentioned earlier, Google doesn't care about the periods, some providers (or sites) don't allow the use of + or other signs, ...
The question for ignoring everything after a +-sign would be whether there are email providers who allow registering different email addresses based on the value behind the +-sign. I.e. could email@example.com be a different user than firstname.lastname@example.org?