Email address validity checks suck

I use the + operator in my email address.

For example, I just signed up for a second line of internet for my homelab with Spectrum. I provided my email address "[email protected]". The sales rep's systems accepted it just fine, but when I try to create an account on their online portal, it's suddenly not a valid email address.

This is arguably worse than requiring passwords to contain symbols and numbers.

I bet there's more weird rules that are hurting other people as well.

RFC 2822 Section 3.2.4 [1] says:

    atext           =       ALPHA / DIGIT / ; Any character except controls,
                            "!" / "#" /     ;  SP, and specials.
                            "$" / "%" /     ;  Used for atoms
                            "&" / "'" /
                            "*" / "+" /
                            "-" / "/" /
                            "=" / "?" /
                            "^" / "_" /
                            "`" / "{" /
                            "|" / "}" /
                            "~"

+ is valid atext.

I suspect what's happening is they've got some rule against the word "spectrum" or something. Or perhaps they're a bad company and just HAVE to have base-level addresses to sell to the advertisers?

- [1]: https://www.rfc-editor.org/rfc/rfc2822#section-3.4.1

6 points | by MountainMan1312 14 hours ago

8 comments

mitchellpkt 1 hour ago
> I suspect what's happening is they've got some rule against the word "spectrum" or something
I've avoided this by using only the first few and/or last few letters of the service in the email tag (e.g. "HaNe" instead of "hackernews"). It's an easy filing system for me, doesn't trigger concerns about phishing, and makes for shorter handles.
OhMeadhbh 10 hours ago
I always assumed they did this because they DON'T want you to be able to filter their spam email or know who they sold your email address to. It may be a bit cynical to call the entirety of the internet a shallow money trench intended to put plastic marketing messages in front of increasingly jaded digital natives. But there are a lot of companies that behave that way.
To make things more annoying, I once had an email address that had a three-level domain, think [email protected] instead of a domain with two components like [email protected]. I found more than one email validator that insisted that this was illegal.
codegeek 1 hour ago
This is the unfortunate cost of spam. I can totally understand why most services try and filter out disposable emails or at least emails that look disposable. It is far from a perfect system but unless spam and abuse is 100% solved, this is the reality.
dtnewman 5 hours ago
I do the same thing as you but with owning the root domain, so no need for a +. In other words, I would use [email protected] for this (i have a catchall rule so it forwards to the same place). I’ve never had an email validation issue and this actually makes more things validate, since some websites require you to enter a “business email” and this passes that (I think they basically filter out Gmail and others).
[-]
- MountainMan1312 3 hours ago
  I own the domain as well, so there's no reason I couldn't just do that.
lobito25 7 hours ago
To my business, emails containing + are considered disposable because some users abuse them to create temporary accounts for trial services, etc.
[-]
- dtnewman 5 hours ago
  Why is this an example of users abusing them?
dlcarrier 8 hours ago
They do it on purpose. Gmail allows adding dots between any two letter in the local side of the address, so I'll add them in different locations, for each account I have to make with an organization that prohibits the plus aliases.
[-]
- MountainMan1312 8 hours ago
  I ended up calling customer support and they added it on their end.
  At least they did it this time. One time I went to get an oil change at Valvoline. They asked for my email and I reluctantly gave a +valvoline email address and the manager straight up would not type that into the computer. Dude thought I was up to some major shenanigans.
ClassyJacket 14 hours ago
I don't get why they do this.
Email validation can be done by sending an email to the specified address. Why bother differentiating between "invalid" and "valid but doesn't exist"?
Just check there's an @ symbol with something before it and something after it and if so, send it an email.
Any reason not to do it this way?
[-]
- palata 5 hours ago
  They don't want you to use disposable emails, so they make whatever check they find reasonable to prevent it.
  I hate it, of course, but that's what they do.
joehacker 13 hours ago
[dead]