Skip to content

Stijn Crevits

My feedback

1 result found

  1. 2,646 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    117 comments  ·  General  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Stijn Crevits commented  · 

    I too use the +string method to identify sites that leaked my email address to spam lists. So this ofcourse results in a long list of variations of email.address+string@provider.com.
    It would ofcourse be nice if I could receive HIBP notifications for all of them, without having to enter each of these email address permutations.

    But I can understand that this request results in some difficulties, as mentioned by others in the topic.

    To David's comments, it appears that the email provider of Brian Krebs DOES follow the spec to heart and differentiates between email addresses based on capitalization (see https://twitter.com/briankrebs/status/940362654434168833).
    However, the implementation of the spec differs between providers. As mentioned earlier, Google doesn't care about the periods, some providers (or sites) don't allow the use of + or other signs, ...

    The question for ignoring everything after a +-sign would be whether there are email providers who allow registering different email addresses based on the value behind the +-sign. I.e. could foobar+alice@provider.com be a different user than foobar+bob@gmail.com?

Feedback and Knowledge Base