Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
How spammers can create multiple fake accounts with one Gmail address (verekia.com)
6 points by mmahemoff on July 3, 2012 | hide | past | favorite | 7 comments


> Reject email addresses containing unusual symbols like “+”

No, please do not do this. It's a very useful feature for properly sorting email from multiple sources, and lets you know easily what providers are selling your information (thus letting you selectively block those providers).

Not to mention that this will do nothing to spammers, other than minorly inconvenience them.


I don't think spamming and email addresses are in anyway correlated at all. If spamming made me a lot of money, I'd just register a domain like 12345immaspamyou12345.com and make as many email addresses as I want anyway.

Rejecting legitimated email addresses in the name of security is the sort of dick move you'd expect from a bank.


When I saw this title, I thought "Oh no someone has figured out what plus addressing is"

There are already enough people not allowing + in address fields, by pure neglect. Now if we add FUD to that...us geeks who love and know these things will be the ones suffering.


Some may suggest to convert the email address into it's base form and store it in an extra field. So mike+extra@gmail.com would become mike@gmail.com. Use the extra field to block any new signups that match an existing base address. But this has a high chance of blocking valid email addresses. Different email providers allow different aliases: plus, hyphen, dot, equals. That, combined without knowing which each email service a domain is using, makes this method very difficult to get right.


Email aliases are not limited to gmail - most MTAs (Postfix, sendmail, etc) have allowed '+' aliases for years now.

I think it's bad advice to just simply filter those out - your customers may be using them to filter emails, track the usage of their email address, etc. Restricting what you think is a valid email address, rather than what I type in, is a pretty assholish move.

On top of all that, it simply won't stop spammers.


It's not limited to + either. Hyphen, equals, dot are also valid at different email providers.


base+extension@domain type mail addresses are incredibly useful for legitimate people. For starters, they can be used to track who is leaking your personal information out.

So I hope this alarmist note does not prompt anyone into banning the "+extension" email addresses.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: