
How spammers can create multiple fake accounts with one Gmail address - mmahemoff
http://verekia.com/security/gmail-aliases
======
falcolas
> Reject email addresses containing unusual symbols like “+”

No, please do not do this. It's a very useful feature for properly sorting
email from multiple sources, and lets you know easily what providers are
selling your information (thus letting you selectively block those providers).

Not to mention that this will do nothing to spammers, other than minorly
inconvenience them.

------
asto
I don't think spamming and email addresses are in anyway correlated at all. If
spamming made me a lot of money, I'd just register a domain like
12345immaspamyou12345.com and make as many email addresses as I want anyway.

Rejecting legitimated email addresses in the name of security is the sort of
dick move you'd expect from a bank.

------
MrEnigma
When I saw this title, I thought "Oh no someone has figured out what plus
addressing is"

There are already enough people not allowing + in address fields, by pure
neglect. Now if we add FUD to that...us geeks who love and know these things
will be the ones suffering.

------
mille562
Some may suggest to convert the email address into it's base form and store it
in an extra field. So mike+extra@gmail.com would become mike@gmail.com. Use
the extra field to block any new signups that match an existing base address.
But this has a high chance of blocking valid email addresses. Different email
providers allow different aliases: plus, hyphen, dot, equals. That, combined
without knowing which each email service a domain is using, makes this method
very difficult to get right.

------
count
Email aliases are not limited to gmail - most MTAs (Postfix, sendmail, etc)
have allowed '+' aliases for years now.

I think it's bad advice to just simply filter those out - your customers may
be using them to filter emails, track the usage of their email address, etc.
Restricting what you think is a valid email address, rather than what I type
in, is a pretty assholish move.

On top of all that, it simply won't stop spammers.

~~~
mille562
It's not limited to + either. Hyphen, equals, dot are also valid at different
email providers.

------
tpsreport
base+extension@domain type mail addresses are incredibly useful for legitimate
people. For starters, they can be used to track who is leaking your personal
information out.

So I hope this alarmist note does not prompt anyone into banning the
"+extension" email addresses.

