963 votesAnonymous commented
I'm not sure who loses information about where the breach came from. Could you clarify that?
And I think that if you choose to implement a feature to check against these cases, you will have to do it on a provider by provider basis anyways. Like you mentioned earlier, some providers have different rules (I'll keep in mind that outlook also has this awesome feature).
What about this?
When checking out a breach, instead of just stripping when there's +syntax, you create another column, eg "base_email", and if the email uses + syntax and is from a provider that is known to use +syntax, assign a stripped version of the email, else just the normal email adress(or None)?
And then later when you're sending out notifications, also check the base_email?Anonymous commented
What if you just stripped everything after the "+" and maybe the dots, but only for gmail adresses?
Since they're the largest email provider that actually ignores dots and everything after the plus(I think.)
There is a possibility of getting multiple entries by doing so, because besides finding out who added you to a mailing list and filtering out, another use of the plus and dots is registering multiple accounts with the same email adres on 1 site.