[ESRogs]

If Google fixed dots-don't-matter, couldn't someone still sign up for Netflix with jameshfisher+netflix@gmail.com?

If Netflix checks for + address duplicates, then that's not an issue. But you could still have the situation where someone signs up for, let's say, Hulu with your standard jameshfisher@gmail.com account. And then you could still end up paying if you forget whether you ever signed up for Hulu or not (maybe you were about to sign up and didn't, maybe you planned to in the future).

Email validation seems like the most important defense against this kind of thing. Dots mattering seems secondary.

[rowyourboat]

Right. The +-suffix suffers from the same problem as the dots-don't-matter-policy: While some implementations use + as a separator between a mailbox name and a suffix, there is nothing in the RFC that encodes that, so different server implementations could just as well see + as a regular letter of the local part. Netflix has no choice but to treat james.h.fisher@gmail.com, jameshfisher@gmail.com and jameshfisher+netflix@gmail com as different email addresses. Really, to the left of the @, almost anything goes, and how an MDA maps the local part to a specific mailbox is completely up to the implementer.

As you point out, the only way around this email verification.

[Pxtl]

A similar problem exists for weird services like Amazon that allow multiple accounts for the same email address (unless they finally fixed that stupid idea?).

[mcpherrinm]

Multiple accounts with the same email haven't been available for many, many years. I'm not sure exactly when registration for these was disabled, but it was 10+ years ago. Possibly 15-20 years ago.

I think it was a valid design decision at the time, before accounts on websites were widespread and a family might only have a single email address from their ISP.

The rise of free webmail accounts from Hotmail etc changed that, of course. And now we have a shared understanding of how accounts on websites should work. Neither of those were true in 1994.

[Pxtl]

Good to know. I had accidentally created multiple accounts for myself around '05 or so and was really surprised by it. Iirc back then they also required separate accounts per-country, but I could be wrong about that.

[uiri]

I don't think they require separate accounts per-country, but my only experience is with .com and .ca. They might do the accounts on a per-realm basis (North America, Far East, Europe, etc.) rather than strictly per-country.

[tough_luck]

I have same account (same mail) with amazon that works across their .com, .in, .fr., .co.uk

[stordoff]

They still do AFAICT (I had to sign up for a Japanese account relatively recently).

[AnssiH]

Amazon Japan and Amazon China are the only ones that have separate accounts from the rest of the Amazon sites.

[scrame]

Naw, I left about 10 years ago and out was still there, and still had co-workers at a different job asking me about it a couple years later, because they got bit by it.

The justification I heard was that someone would have a personal and business (or library) account to the same email, but it definitely persisted longer than you think.

[mcpherrinm]

Well, they were enabled but you couldn't create new ones when I joined 7 years ago. I was under the impression they'd long since been retired at that point. Given the turnover there, ancient lore could have only been a year or two before that.

I had to jump through some hoops to get one of the accounts to test something I worked on with them.

[ams6110]

Doesn't seem stupid to me. In the real world can have multiple accounts with a business using the same physical address. Why should contact information be limited to a single account? Why should an email address be assumed to uniquely identify a person? Email sharing is still very common, and many organizations have addresses like info@ or help@ that don't identify anyone at all and could be read by any number of people.