[nzach]

My guess is that you probably know what I'm going to write, but a lot of people don't realize this 'Gmail trick' doesn't really work.

The problem is that foo+bar@gmail.com and foo@gmail.com are delivered to the same inbox, so if you are trying to scam someone it is safe to remove anything after the + in a gmail address.

And having a custom domain on gmail doesn't improve your situation, because with just a simple 'dig mx' you can know if the domain is hosted on gmail and apply the same regex to remove all labels.

So, to be less inflammatory the feature works as expected. But it only protects you if the bad actor is really dumb/lazy or if he is honest.

[jamesboehmer]

I do the same as the person you're responding to. There is no '+' in my email, I just create random strings @mydomain. It's impossible for a scammer to know they all go to one inbox.

[fiddlerwoaroof]

The other thing Gmail does is ignore `.` in the local part. So, one other trick would be to use particular dot patterns for specific accounts.

[Moru]

I have seen spam messages using random distribution of '.' in mails for years to my gmail.

[radlad]

If everything goes to a + address, then any email sent to your base address is invalid and can be trashed.

[nzach]

Some people really love putting dumb validation rules for emails in forms... You would be surprised to know how many system in the real world will just refuse anything that is not a letter or a number in your email.

And the 'fuck them, I won't do business with them' attitude doesn't really work if the system that wont accept your email is the local gas company.

And there is another problem, some systems will just remove any label without informing you. I've had this problem logging in some random websites. My account was created with foo+bar@gmail.com but to log I had to use foo@gmail.com.

[radlad]

Not surprised at all, I've been using the Internet and writing software for a couple decades now. Heck, I might've written one of the validators you're complaining about. But they are typically written to avoid +, for the exact reasons you described.

For those sites, you can add a dot in your username. Then you can ignore any emails sent to an address without the presence of a dot or a plus.

I'm sure there are sites that don't accept dots either, but I've never run into one. So you have to make an exception? Oh well.

I agree that it's easiest to do with service@domain.tld, like the grandparent suggested.

[centur]

IIRC dot is one of the characters that can't be discarded when checking local addr part (RFC 5322). So fubar@domain.tld and fu.bar@domain.tld are different addresses really. As far as I understand - it's a Gmail's team decision to configure local addr interpretation and allow `helloworld@gmail.com` and `hello.world@gmail.com` to be treated as the same address. I'd expect that dot trick rarely works anywhere outside of gmail world.

+ sign is part of the standard (`atext` token, RFC 5322), so sites, which disallow it in address are doing it wrong. The fact, that industry adopted a practice of using everything after + sign as a "tag" is not captured anywhere so this creates even more mess in already messy space (e.g MS followed GSuite in this too and added subaddressing - https://learn.microsoft.com/en-us/exchange/recipients-in-exc...)

[joseph_b]

I have a feeling spammers don't "dig" anything before removing labels, if they remove them at all.