Lot of good comments and suggestions here. There is just one thing here that I miss. For the proof of the email address to support this you could do an e-mail verification. I understand that getting the UI right for people to specify whatever their settings are would be tricky, but let's say you could select "I have e-mails with plus suffixes", then the verification e-mail would be sent to `your.mail+generated_random_suffix@your.provider` and if you are able to verify it, at least the notification for new pwns could be working. Of course the variations would have to have their own select box or something, but that allows for incremental feature addition when people would request their particular settings. That would also show how many people actually care about anything else than "+suffix" format without the need to implement everything at once. Of course I would also love the `breachedaccount` API to support this, but I understand that is more complex to achieve.
One more thing that I have noticed here is that when Troy run the stats, only the plus sign addresses were calculated, not the .dot syntax or other suffix/prefix combinations. And it is fine, it is as impoosible to get better stats as it is to implement this completely as if you can do one, you can do the other. However that proves that partial, temporary implementation is better than nothing.
Lot of good comments and suggestions here. There is just one thing here that I miss. For the proof of the email address to support this you could do an e-mail verification. I understand that getting the UI right for people to specify whatever their settings are would be tricky, but let's say you could select "I have e-mails with plus suffixes", then the verification e-mail would be sent to `your.mail+generated_random_suffix@your.provider` and if you are able to verify it, at least the notification for new pwns could be working. Of course the variations would have to have their own select box or something, but that allows for incremental feature addition when people would request their particular settings. That would also show how many people actually care about anything else than "+suffix" format without the need to implement everything at once. Of course I would also love the `breachedaccount` API to support this, but I understand that is more complex to achieve.
One more thing that I have noticed here is that when Troy run the stats, only the plus sign addresses were calculated, not the .dot syntax or other suffix/prefix combinations. And it is fine, it is as impoosible to get better stats as it is to implement this completely as if you can do one, you can do the other. However that proves that partial, temporary implementation is better than nothing.