My feedback

  1. 1,950 votes
    Sign in
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    81 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    CJ commented  · 

    I understand the problems with complexity of the + (stripping useful information, etc) but what about periods? If my email is


    I can put periods anywhere in that email address and they will all resolve to me.


    You're not adding a suffix, just inserting periods. How complex would it be to detect variations like that? Perhaps a way for a user to opt-in, noting "please check for period variations on my email address"? That way you're not scanning an astronomical number of permutations against a list. For example, knowing I've opted in and my email starts with "pr" look for all breached emails starting with the letters "pr" and strip the periods from them in a temporary list, and compare with mine?

    The reason I ask is because I've used a lot of period variations and can't always remember the way I've used them. I only got notification of a recent breach from a vendor themselves, not HIBP. I could add as many as I could remember to the HIBP mailing list, but don't want to stuff your database with that if this will be added at some point.

Feedback and Knowledge Base