Specifically, the ability to add any text you want preceded by a plus sign between the username and @ part of an email.
I was pleasantly impressed/surprised when I recently discovered that this could be done with Google Mail. It meant you could supply websites with a customized version of your address, and you would then know the source of any spam you get.
As a “wonder what will happen if” moment after discovering this, I tried the same feature on my other email address (manx.net). It worked!
This makes me wonder how common this feature is on email services, and am I demonstrating my level of naivety by revealing that I only discovered this recently?
I’ve known about this for a couple of years with gmail, but never thought about other providers doing it. I just tested this on the sendmail that ships with Solaris 10, and it works.
I have had problems submitting such an address, though. At least once, I went to actually use this for the obvious reason and the form rejected my address as invalid.
Also, in gmail, at least, you can add or subtract periods from your email address (when sending, not logging in) and it’ll still work. Like: name@gmail.com = n.ame@gmail.com
(You can’t do this with a regex. It is actually possible to prove this mathematically.)
Ia! Ia! Regex Fthagan! This is an extract from a Perl module that validates email addresses. It does so by gently massaging it first, and then feeding it to Shub-Regguroth there. It mentions RFC 822, which was superseded by RFC 2822, which was superseded by RFC 5322. In short, it’s either obsolete or misnamed and it solves the problem the wrong way anyway. However, if you stare at the regex long enough, you see a cool schooner.
It should be noted that since the tag has to be preceded by a valid email address, all a spammer has to do is strip the tag off, and you lose the info about where the email address came from. At least, that is what I would do.
What you need to be able to do is have a tag validation system that only allows certain tags through, and all other addresses (including the plain email address) are rejected. But that would be pretty complex and involved, and breaks the applicable RFCs.
I know way too little about the protocols used in the web to direct data from A to B, and I’ve never heard about that, but does the effect you describe (finding out who’S spamming your or passed on your address to spammers) really work? I would guess these addresses work like catch-alls - all mail sent to an address that has the defaulttext+customtext@somehost.com format will end it the mailbox of defaulttext@somehost.com. This makes it possible for spammers who want to hide where they got the address from to simply remove the customtext and send the spam to defaulttext@somehost.com, or to make up a new customtext to which they send the spam. Or is there a process for the owner of the mailbox to define the customtexts he’s using, with all mail sent to undefined variants bouncing?
I’ve used this Gmail feature a lot. It unfortunate though, most places will reject an email that has a + in it.
I used it yesterday, a crappy online merchant offered me free shipping if I tell 10 friends about their site. myname+1@gmail.com, myname+2@gmail.com… and so on.
All places I’ve used the feature on so far have accepted it. I replaced my sdmb address with one containing +sdmb in it.
I quickly thought of the possibility of spammers simply removing the +customtext part, but I suspect the chance of this being carried out on automated mailshots that use acquired mail lists to be remote enough to make it worth doing.
FWIW, Ipswitch’s IMail Server allows for the hyphenated address. It actually creates a new folder for the user - as in, if I send to ZipperJJ-whatever@zipperjj.com the mail would not be sent to the inbox but to the auto-created whatever folder.
This is handy for auto-creating spam folders for users (tell the spam software to append -spam to the TO address once an email is marked as spam, and they’ve now got a spam folder) but sort of worthless to the user unless they know to check mail in the “whatever” folder by logging in to POP using username-whatever@domain.com.
That’s the CMU Andrew subaddress format and it has been around for ages - at least 20 years.
Even if your (receiving) system supports it, you’re going to run into problems using a subaddress on various web sites. Some email address “validators” don’t accept it, and some systems will accept it but are broken elsewhere - for example, a common problem is that “unsubscribe” links in email messages won’t work unless you change a+b@example.com to a%2bb@example.com (%2b is the code for the plus sign). And some systems will happily let you register with a subaddress, but won’t allow you to log in, or will be unable to send you email.
As an example, note that this site (SDMB) allows you to sign up with a subaddress, but only one of the above addresses gets auto-hotlinked as an email address. And that’s in the commercial vBulletin® software, which is very widely used.
I used to sic Ned Freed (he’s the guy who wrote or co-authored most of the modern email RFC’s [standards]) on non-conforming sites, but it really isn’t worth the bother these days. The clueless outnumber us…
Personally, I’ve given up. Since I am my ISP, I’ve configured my mail server to rewrite anything that comes in as user-something@example.com to user+something@example.com. That way, I can sign up with a hypen in the email address (which everything accepts), but still have my mail program treat it as subaddressed mail and filter it.
spamgourmet will let you do something similar. You can set a limit on the number of emails sent to an address, plus you don’t give out your real address so spammers can’t just strip the tag. I’ve used it for years.
RAAAARGH. I signed up with firstname.lastname@gmail.com and didn’t realize this years ago–if you send mail to firstnamelastname@gmail.com I get it as well. I get more misdirected email than mail intended for me at that address!