FilterHN

Email address validity checks suck

6 points

1 day ago

| 7 comments

I use the + operator in my email address.

For example, I just signed up for a second line of internet for my homelab with Spectrum. I provided my email address "me+spectrum@example.com". The sales rep's systems accepted it just fine, but when I try to create an account on their online portal, it's suddenly not a valid email address.

This is arguably worse than requiring passwords to contain symbols and numbers.

I bet there's more weird rules that are hurting other people as well.

RFC 2822 Section 3.2.4 [1] says:

    atext           =       ALPHA / DIGIT / ; Any character except controls,
                            "!" / "#" /     ;  SP, and specials.
                            "$" / "%" /     ;  Used for atoms
                            "&" / "'" /
                            "*" / "+" /
                            "-" / "/" /
                            "=" / "?" /
                            "^" / "_" /
                            "`" / "{" /
                            "|" / "}" /
                            "~"

+ is valid atext.

I suspect what's happening is they've got some rule against the word "spectrum" or something. Or perhaps they're a bad company and just HAVE to have base-level addresses to sell to the advertisers?

- [1]: https://www.rfc-editor.org/rfc/rfc2822#section-3.4.1

▲

OhMeadhbh

1 day ago

[-]

I always assumed they did this because they DON'T want you to be able to filter their spam email or know who they sold your email address to. It may be a bit cynical to call the entirety of the internet a shallow money trench intended to put plastic marketing messages in front of increasingly jaded digital natives. But there are a lot of companies that behave that way.

To make things more annoying, I once had an email address that had a three-level domain, think me@email.example.com instead of a domain with two components like me@example.com. I found more than one email validator that insisted that this was illegal.

▲

dtnewman

1 day ago

[-]

I do the same thing as you but with owning the root domain, so no need for a +. In other words, I would use spectrum@example.com for this (i have a catchall rule so it forwards to the same place). I’ve never had an email validation issue and this actually makes more things validate, since some websites require you to enter a “business email” and this passes that (I think they basically filter out Gmail and others).

▲

MountainMan1312

23 hours ago

[-]

I own the domain as well, so there's no reason I couldn't just do that.

▲

mitchellpkt

21 hours ago

[-]

> I suspect what's happening is they've got some rule against the word "spectrum" or something

I've avoided this by using only the first few and/or last few letters of the service in the email tag (e.g. "HaNe" instead of "hackernews"). It's an easy filing system for me, doesn't trigger concerns about phishing, and makes for shorter handles.

▲

lobito25

1 day ago

[-]

To my business, emails containing + are considered disposable because some users abuse them to create temporary accounts for trial services, etc.

▲

dtnewman

1 day ago

[-]

Why is this an example of users abusing them?

▲

codegeek

21 hours ago

[-]

This is the unfortunate cost of spam. I can totally understand why most services try and filter out disposable emails or at least emails that look disposable. It is far from a perfect system but unless spam and abuse is 100% solved, this is the reality.

▲

dlcarrier

1 day ago

[-]

They do it on purpose. Gmail allows adding dots between any two letter in the local side of the address, so I'll add them in different locations, for each account I have to make with an organization that prohibits the plus aliases.

▲

MountainMan1312

1 day ago

[-]

I ended up calling customer support and they added it on their end.

At least they did it this time. One time I went to get an oil change at Valvoline. They asked for my email and I reluctantly gave a +valvoline email address and the manager straight up would not type that into the computer. Dude thought I was up to some major shenanigans.

▲

ClassyJacket

1 day ago

[-]

I don't get why they do this.

Email validation can be done by sending an email to the specified address. Why bother differentiating between "invalid" and "valid but doesn't exist"?

Just check there's an @ symbol with something before it and something after it and if so, send it an email.

Any reason not to do it this way?

▲

palata

1 day ago

[-]

They don't want you to use disposable emails, so they make whatever check they find reasonable to prevent it.

I hate it, of course, but that's what they do.