What is wrong with this email address?



  • abcd+xyz@domain.com  ?

    or, 

    a...bcd@domain.com ?

    I'm probably repeating a story but I'm sick of websites that are too smart to understand perfectly valid email address as.. well, valid. Or are they specifically preventing people from using (gmail's) disposable addresses or something similar to figure out which site sells its user's email addresses?

    Recently I started receiving spam on my email account where I ALWAYS used the +xyz type disposable addresses. However, the spam was addressed to my normal abcd@domain.com address. I know out of frustration I used the real address on 1 or 2 sites which didn't accept addresses with a +, but now I don't know who to blame.

    Also interesting is the fact that none of the spam I get is addressed to any one of the disposable addresses. It seems that companies who are sure that they won't be selling their customer list to spammers are also the ones which are confident and hence, don't refuse such disposable addresses.
     



  • Yeah, this keeps bugging the hell out of me as well.

     On the other hand, if I were a spammer, or selling my e-mail database, it would cost me very little effort to strip the +abcd part from each e-mail address, so you wouldn't be able to blame my site anyway.



  • I use a similar approach, except that I set my mail server to use - as the delimiter, and bounce everything that comes to address without the - part. - is much less likely to be seen as "invalid".



  • They could either use the fameous regexp ("exp" as in "exponential") to prefilter wrong e-mail adresses, or just send a test e-mail, which is the ultimate way to test the validity of the address. The later would require the server to send an e-mail to whatever you typed in, probably resulting in lots of bounced traffic, though.



  • If you need a disposable email address, you can also use services such as mailinator (anything received through it is made public though, so beware).

    Of course some websites will filter this host, but it's still handy against compulsive registration, when bugmenot fails.
     



  • Since GMail lets you invite yourself to GMail, I just created a spam@gmail.com type account which I give to websites. If they send me a verification email, I can still check my spam@gmail.com account to find the link.



  • My company uses email addresses of the form firstname.lastname@domain.ext.  In our mail logs, there are a LOT of emails just going to firstname@domain.ext.  I'd wager that most spammers simply strip everything after the period.  I know that it's not just random massmailing, as one of our senior people has an unusual first name, and we get plenty of email with just that first name.

    Sucks for the spammers that the firstname-only ones just bounce!



  • [quote user="RiX0R"] On the other hand, if I were a spammer, or selling my e-mail database, it would cost me very little effort to strip the +abcd part from each e-mail address, so you wouldn't be able to blame my site anyway.[/quote]

    The + trick is far too easy to circumvent for spammers. The only use I've ever found for it is circumventing unique address checks in web forms (mainly for testing).

    To keep tabs on how your email address is used, your far better off securing a machine/domain and using unique usernames 'yahoo@mymachine.com' or 'google@mydomain.com'. These are nice, because there's no way to recover your actual email from them, and you have to opt in at receiving mail from them. When you're done with google, just remove the alias.
     



  • I think a lot of web sites find +s to be invalid because they think you've typed a space in the form. It've had to go back and forth with a couple webmasters explaining that + is a valid character before the @ in email addresses.

    I've also used = as a delimiter. It seems to be less overloaded.



  • a...bcd@domain.com is malformed.

    The email address is an RFC 2822 addr-spec which is defined as

        addr-spec   =  local-part "@" domain        ; global address

    local-part = word *("." word) ; uninterpreted
    ; case-preserved

    A local part is any number of <word>s separated by ".".   A word is either a string of non-specials ("." is a special) or a double quoted string possibly containing specials other than dquote, so you can have dots between words but not adjacent and not at the beginning or end.

    The + character is allowed though.
     



  • [quote user="Reweave"]

    If you need a disposable email address, you can also use services such as mailinator (anything received through it is made public though, so beware).

    Of course some websites will filter this host, but it's still handy against compulsive registration, when bugmenot fails. [/quote]

    www.spamgourmet.com is also nice.  Again, some sites filter, but most do it via javascript so you can actually disable javascript and enter your spamgourmet address. 


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.