Now if only websites will stop rejecting plus-addressed email addresses as invalid. The most frequent offenders are mom & pop websites that you just _know_ are going to get breached.
I use [email protected], with my own lastname.email domain. Fastmail makes configuring your dns records for this super simple.
It's always fun interacting with customer service reps when they for example confirm my email address... "errrrrr yeah so we email you at ourname@...?"
The other problem I ran into is [email protected] is really awkward to read over the phone. I ended up switching to [email protected], which passes all validators and doesn't sound as sketchy. Using a subdomain, I don't seem to catch any of the spam that gets targeted to catchall domain addresses.
Also, I once encountered a site where spam+xyz worked for signup but failed validation on the login form. I think it was something important too, like a utility or bank.
I use qmail, where - has been the extension for, well, since it was created. If you're a postfix person, you can use + or -, with recipient_delimiter.
You're less likely to bump into issues with -.
Some shops don't like their trade name in the email, so rot13 (g? in vim) solves that if your goal is to trace back the leaks. I have not found a reliable way of auto dropping mail from bad sources, sometimes companies change name which makes it hard to validate From with recipient.
I simply changed my mail configuration to use a different character, in my case _ though X would have worked as well.
I wish seive were better supported in mail clients. It works fine on the back end, but I edit my .seive file by logging into the server and sparking up Emacs rather than being able to handle it directly from my mail client.
Odd that you are talking about security breaches with this..
I figured sites wouldn't want to accept it because they know you are most likely filtering their emails so they have a much less chance of getting through to you.
If someone is stealing emails/passwords from a site obviously they will just strip characters after the plus to obtain your normal email address?
It's been nearly 20 years since I added that feature. I assumed at the time everyone would do it when they saw how handy it is. For some reason that didn't happen...
Panix.com has a similar feature. If you are [email protected], you can use <anytag>@dcoder.users.panix.com, which avoids the problem of places that don't understand "+". I usually use [email protected] for each company I deal with. (Note, I am not actually "dcoder".)
It's a little longer to read over the phone, but I've never had trouble with it. And I've been able to tell a couple of companies that their email databases had been hacked or stolen.
I really wish FastMail would add an option to use a minus instead of a plus since most forms properly handle minuses, but many do not properly handle pluses.
It reminds me a gag from the last season of What we do in the shadow. A character puts a toothpick on his lip and suddenly none of the other characters recognise him.
Like if spammers and hackers were not aware of the + notation, and like if it wasn’t trivial to extract the underlying email address by removing anything after the +...
Unless you have an alias that completely obfuscate the underlying email, I just don’t see the point.
I agree. But there are other corner cases where that would be helpful. I’ve worked at a lot of software as a service companies where your email address has to be unique per client for a multi tenant system.
We would create different users for different roles. I would love to be able to use one email address distinguished with a tag.
I use these all the time with my outlook.com account (and Gmail before that). You are right that they don't help with spam. However, they add an extra layer of security because now my logins have both a unique email address and password. Of course, a password manager is mandatory.
I moved all my public emails from [email protected] to first.last@wellknownmailprovider
and then spent a lot of time changing my email address in accounts that I've had a really long time.
Shocked at how badly that went, actually. For certain service providers, I couldn't change my email address and was encouraged to open a new account, which would've meant losing certain records in the old accounts. I couldn't consolidate.
And companies that have different email addresses for their accounts and their mailing lists -- not helpful.
And finally, companies that disable the "update your email address" link in footer of popular email list services, so your only option is to unsubscribe -- good going (not).
I understand the appeal of this feature for sorting, but it seems ineffective for things like "figure out who sold my email to the spammers" because everyone knows about it and it's elementary to just trim off everything after the plus sign.
Unless you do some kind of verification and filter email sent to addresses without a valid suffix?
Since I have my own domain, I receive all emails addressed at [email protected]. Of course, different values of "whatever" end up in different directories, and should one of those display an insufficient SNR, it would go straight to /dev/null. This way the "proper" address, i.e., the one that goes to the actual inbox, is not easy to extract.
The hard part is social acceptance. This morning the Whirpool technician was very puzzled by me giving him [email protected] as my email, although he accepted my explanations in the end. (I might use more opaque identifiers, but then I would forget about what is what, so for the moment I am trying to stick with this scheme, until it becomes too difficult)
The process for sending email /from/ a + address is tricky.
First -- in GMail at least -- you have to explicitly set up a + account as being in your list of "from" accounts and then you have to remember to use it every time you reply!
Not to mention forgetting the email I gave them when resetting passwords sucks, too. "Was that foo+hn or foo+ycombinator or foo+ycombinator.com or foo+hackernews or... hm... uhhh..." (You need a centralized password manager, in other words.)
I've had several issues where I've replied and sending from the base-address means the conversation goes awry ("We don't recognize this email address"), or at best I still expose the base address because I only remember to reply using the laboriously-created-from-plus address about a fourth of the time.
Exchange was originally an X.400-based groupware system, SMTP support was somewhat of an afterthought. Exchange has a long history of not implementing SMTP properly with protocol violations and proprietary payloads (TNEF) and headers (e.g. Thread-Index)
I've been using "Microsoft 365" since 2012, outlook w/ a custom domain and all the grandfathered features. The +tag has always been supported, and I can't really tell what the difference between "Office 365" and "Microsoft 365" is, since the latter appears to include the former, if not identical.
No it hasn’t. RFC 822 essentially says “local-part is whatever you want it to be” and defines no semantics. Certainly it doesn’t say “you can put a plus on and anything after that will go to the same mailbox”. That’s a far more modern notion, and one that is far from ubiquitous. Rather, it says things like this:
> The local-part of an addr-spec in a mailbox specification (i.e., the host's name for the mailbox) is understood to be whatever the receiving mail protocol server allows. For example, some systems do not understand mailbox references of the form "P. D. Q. Bach", but others do.
1982? Back then Microsoft's attitude toward the Internet was "embrace, extend, and suffocate." It made little sense for them to work with the nuances of standards, according their business model back then.
I have added this capability to every commercial web property I've worked on.
I think if you have the means, you should always get a custom domain for your email address. Your email address is the key to your online identity. You should own it, and not lease it from someone else.
And it is not like you have to manage your own email servers. You can use services like fastmail or any number of email providers to receive email on your own domain. You also have the ability to change your implementation without changing your address. You can decide to host it yourself, or go to another provider without having to tell all your contacts that you are changing your email.
It becomes trivial to actually give out email addresses that are customized for the service. Instead of [email protected] you can give out [email protected].
In my opinion, the money you spend for your own domain for email, is well worth it.
I wonder why there are no email providers that offer an infinite number of aliases that cannot be associated with the primary address. Simply offering any aliases would soon fill out easy-to-remember addresses, but can't email providers offer a feature to add a randomly-generated address such as [email protected]? This way, users can use a different email address on a different web service when registration, which would reveal no information about the user and drastically improve users' privacy. In addition, it is easy to track down which web service is at fault in the event of receiving spams via sold user data.
I don't think it is the only reason. Labels in Gmail are still really nice. Microsoft Outlook rules will often duplicate messages and smart folders using search filters don't work between browser and email client. Using IMAP they are simply virtual directories like they should be.
Microsoft Calendar is also pretty bad too. Like in a large organization you'll often have people leave the company. When you delete a series in Outlook with multiple people it tries removing the history for everyone which is important dates. There are a lot of nuances that would prevent me from ever switching to Office. Even OneDrive is tied to SharePoint and it is way too easy to break.
[+] [-] Hnrobert42|5 years ago|reply
[+] [-] isoprophlex|5 years ago|reply
It's always fun interacting with customer service reps when they for example confirm my email address... "errrrrr yeah so we email you at ourname@...?"
[+] [-] beagle3|5 years ago|reply
[+] [-] paledot|5 years ago|reply
Also, I once encountered a site where spam+xyz worked for signup but failed validation on the login form. I think it was something important too, like a utility or bank.
[+] [-] 6c696e7578|5 years ago|reply
You're less likely to bump into issues with -.
Some shops don't like their trade name in the email, so rot13 (g? in vim) solves that if your goal is to trace back the leaks. I have not found a reliable way of auto dropping mail from bad sources, sometimes companies change name which makes it hard to validate From with recipient.
[+] [-] gumby|5 years ago|reply
I wish seive were better supported in mail clients. It works fine on the back end, but I edit my .seive file by logging into the server and sparking up Emacs rather than being able to handle it directly from my mail client.
[+] [-] mrlala|5 years ago|reply
I figured sites wouldn't want to accept it because they know you are most likely filtering their emails so they have a much less chance of getting through to you.
If someone is stealing emails/passwords from a site obviously they will just strip characters after the plus to obtain your normal email address?
[+] [-] amf12|5 years ago|reply
[+] [-] ahalam|5 years ago|reply
[+] [-] jph00|5 years ago|reply
It's been nearly 20 years since I added that feature. I assumed at the time everyone would do it when they saw how handy it is. For some reason that didn't happen...
[+] [-] lawn|5 years ago|reply
[+] [-] snorremd|5 years ago|reply
Wish every provider would support this as I’m sure spammers have caught on to the plus addressing scheme.
[+] [-] D-Coder|5 years ago|reply
It's a little longer to read over the phone, but I've never had trouble with it. And I've been able to tell a couple of companies that their email databases had been hacked or stolen.
Disclaimer: just a satisfied customer.
[+] [-] metaphor|5 years ago|reply
[+] [-] jeremiahlee|5 years ago|reply
[+] [-] cm2187|5 years ago|reply
Like if spammers and hackers were not aware of the + notation, and like if it wasn’t trivial to extract the underlying email address by removing anything after the +...
Unless you have an alias that completely obfuscate the underlying email, I just don’t see the point.
[+] [-] scarface74|5 years ago|reply
We would create different users for different roles. I would love to be able to use one email address distinguished with a tag.
[+] [-] snielson|5 years ago|reply
[+] [-] jasonv|5 years ago|reply
and then spent a lot of time changing my email address in accounts that I've had a really long time.
Shocked at how badly that went, actually. For certain service providers, I couldn't change my email address and was encouraged to open a new account, which would've meant losing certain records in the old accounts. I couldn't consolidate.
And companies that have different email addresses for their accounts and their mailing lists -- not helpful.
And finally, companies that disable the "update your email address" link in footer of popular email list services, so your only option is to unsubscribe -- good going (not).
[+] [-] DenseComet|5 years ago|reply
I've been trying to move in the other direction and its been exactly as much of a pain as you've mentioned.
[+] [-] forgotmypw17|5 years ago|reply
Unless you do some kind of verification and filter email sent to addresses without a valid suffix?
[+] [-] giomasce|5 years ago|reply
The hard part is social acceptance. This morning the Whirpool technician was very puzzled by me giving him [email protected] as my email, although he accepted my explanations in the end. (I might use more opaque identifiers, but then I would forget about what is what, so for the moment I am trying to stick with this scheme, until it becomes too difficult)
[+] [-] Traubenfuchs|5 years ago|reply
[+] [-] throw0101a|5 years ago|reply
* https://en.wikipedia.org/wiki/Email_address#Subaddressing
Equals specifically is used by mailing list software (esp. Mailman) for bounce processing (VERP):
* https://en.wikipedia.org/wiki/Variable_envelope_return_path
[+] [-] inanutshellus|5 years ago|reply
First -- in GMail at least -- you have to explicitly set up a + account as being in your list of "from" accounts and then you have to remember to use it every time you reply!
Not to mention forgetting the email I gave them when resetting passwords sucks, too. "Was that foo+hn or foo+ycombinator or foo+ycombinator.com or foo+hackernews or... hm... uhhh..." (You need a centralized password manager, in other words.)
I've had several issues where I've replied and sending from the base-address means the conversation goes awry ("We don't recognize this email address"), or at best I still expose the base address because I only remember to reply using the laboriously-created-from-plus address about a fourth of the time.
[+] [-] paledot|5 years ago|reply
[+] [-] donmcronald|5 years ago|reply
[+] [-] throw0101a|5 years ago|reply
This has only been allowed since RFC 822 (1982). Is there any reason why Microsoft did not support this from the beginning (of Exchange)?
[+] [-] poizan42|5 years ago|reply
[+] [-] randunel|5 years ago|reply
[+] [-] chrismorgan|5 years ago|reply
> The local-part of an addr-spec in a mailbox specification (i.e., the host's name for the mailbox) is understood to be whatever the receiving mail protocol server allows. For example, some systems do not understand mailbox references of the form "P. D. Q. Bach", but others do.
[+] [-] OliverJones|5 years ago|reply
I have added this capability to every commercial web property I've worked on.
[+] [-] Markoff|5 years ago|reply
[+] [-] RcouF1uZ4gsC|5 years ago|reply
And it is not like you have to manage your own email servers. You can use services like fastmail or any number of email providers to receive email on your own domain. You also have the ability to change your implementation without changing your address. You can decide to host it yourself, or go to another provider without having to tell all your contacts that you are changing your email.
It becomes trivial to actually give out email addresses that are customized for the service. Instead of [email protected] you can give out [email protected].
In my opinion, the money you spend for your own domain for email, is well worth it.
[+] [-] hadcomplained|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] ahnberg|5 years ago|reply
Tired of Microsoft users subscribed to mailinglists constantly breaking threading.
[+] [-] tmaly|5 years ago|reply
I created a new account without it, but I could not bring over my past reviews.
[+] [-] etaioinshrdlu|5 years ago|reply
[+] [-] altreality2050|5 years ago|reply
[+] [-] techntoke|5 years ago|reply
Microsoft Calendar is also pretty bad too. Like in a large organization you'll often have people leave the company. When you delete a series in Outlook with multiple people it tries removing the history for everyone which is important dates. There are a lot of nuances that would prevent me from ever switching to Office. Even OneDrive is tied to SharePoint and it is way too easy to break.
[+] [-] donmcronald|5 years ago|reply
[+] [-] CodesInChaos|5 years ago|reply
[+] [-] miraj18|5 years ago|reply
[deleted]
[+] [-] curiousgal|5 years ago|reply
[+] [-] m0xte|5 years ago|reply