
Ask HN: name@a.com and name+1@a.com should be considered 2 different accounts? - mcs_
assuming your websites has a sign-up and you provide some free credit&#x2F;usage for each new sign ups.<p>In gmail and GSuite accounts (not sure if other email services does the same) you can do the +1 trick.<p>Add +N after your username and receive the email in the same sandbox (which is actually useful in many cases).<p>The point is, knowing that, do you consider<p>user@gmail
user+1@gmail
user+2@gmail
user+3@gmail
user+4@gmail
user+5@gmail<p>as 6 different and unrelated accounts in your db?<p>it is fair to _regex_ the email and remove the +1  trick?
======
_ah
What is the value of the resource you're providing with each signup? Running a
regex is only worth it if you're offering value that you have to pay for, like
a free tshirt or some paid compute credits. And even then, it's only a problem
if you have insufficient cash to cover the abuse.

If however you're offering LOW COST items (ex: digital goods, or a free month
of your SAAS), then absolutely do not filter these. Search for them afterward
and contact them. These are some of your most valuable users: people who are
willing to put up with the pain of creating new logins over and over again
just to use your service. Find out what they love. Find out what it would take
for them to start paying. They can provide intelligence far in excess of the
free service credits you're providing.

~~~
mcs_
Thanks for sharing this prospective.

------
tony-allan
You should always treat that case as distinct email addresses.

If you have problems with one person signing up multiple times then this won't
fix it for you. There are many other ways a person can have lots of email
addresses. You will waste a lot of time chasing your tail.

I reasonably use plus style addresses to establish different identities and I
generally pass on a website if their registration or other processes assumes
things about my address or disallow valid characters in an email address.

I also don't try and rip-off a website by abusing their free services.

------
comboy
You should treat them as unique, Google is not the only e-mail provider.

You can use that knowledge in constructing your anti-spam heuristics though.

------
phillipseamore
A plus sign is allowed in the user part of email addresses. Though it's most
commonly used as a tag (and I've only seen it used that way) it could be used
as an actual address and since the receiving mail server decides how to handle
it you have no way of knowing.

If you choose to strip the tag I'd only do so when processing a new signup and
make sure that the user can login with his user+tag@example.com and that all
email goes to that address.

------
a-saleh
The best solution to this problem I heard was to along these lines:

* have a separation between accounts and users. Account is the entity that pays for the service. Usually account has users associated.

* collect payment/credit card information on account creation

This way, you don't really care about user+1, because you have their payment
info already, and can assume at least some intention to pay after their free
tier is up.

There are many legitimate reasons why somebody while doing evaluation would
create several users, i.e. I do name@a.com as well as name+testing@a.com in
few services.

If you find out that too many of your customers are not willing to pay, look
at it more as a business problem, trying to reach better customers that you
can charge more, rather than to better enforce some account de-duplication.

I think I heard this approach from patio11, Amy Hoy or some interview on
Mixergy?

~~~
mcs_
Thank you, I like the idea of rules. Billing, user, admin etc.

The issue with the credit card verification before trying the product is that
as a user, I do not like that approach.

I want to try first and eventually pay. That is the experience I'd like to
offer.

~~~
toyg
The best approach to credit cards, imho, is the Heroku one: you get a little
bit of stuff no questions asked, but you get twice the free stuff if you
validate a CC. This way, the user has an incentive to put a CC down even if
she’s not going to pay right away, which is good in itself (because you can
then leverage it by making it extra-easy to impulse-buy later, as well as
improving the quality of your db).

For the record, I am one of those people using + as a tag, just so my username
a bit different site by site but still easy enough to remember (yeah I use a
password manager, but a little bit extra hygiene never hurt anyone). I’d be
incredibly pissed off if sites started trying to be clever with it; I guess I
could tolerate a duplicate detector, as long as it doesn’t stop me from
signing up as soon as a + is detected.

If you see people abusing it, I would have a “hunting” routine and gently ask
the worst offenders to shape up lest they get banned.

------
throwaway5250
For max portability, you should not try to notice that these variants might be
the same account.

------
edoceo
The address extension is not always a + symbol.

The . in a Gmail user is a NOOP.

I treat them all as unique

------
csteubs
This is one of my favorite tricks for testing web apps. The only downside is
getting your inbox blown up when the company runs an email blast, but it's
nothing a filter can't catch.

I think these patterns are generally negative for most ecommerce companies
(you've priced too low, you're signing up tons of low-LTV customers at huge
CPA, etc.) and good for SaaS companies that can solicit feedback or otherwise
monetize their "frequent triers".

------
btian
In GSuite it's also possible to redirect all unmatched addresses to some email
address, e.g., invalid1@a.com, invalid2@a.com all go to valid@a.com

You should consider asking phone verification, or keep a credit card of file.

~~~
tony-allan
If you take up the suggestions here you will need to convince me that you are
not abusing an important identifier and that you can protect my data.

My default answer for most sites is that I don't trust you with my phone
number (e.g. Facebook using recovery phone as an undisclosed identifier) and
certainly not my credit card number in some random database.

------
cimmanom
There are email providers other than gmail. In many of these systems, the “+”
character indicates a truly distinct email rather than an alias.

------
jpincheira
Me too, I'd treat them as unique, even those some big companies aren't, most
do, so I'd just go with the flow.

------
paulcole
Just don't accept email addresses with a + in them.

