[cheschire]

And then the spammers (or other illegitimate source) just add this to their processing…

^([^@+]+)\+[^@]*(@.*)$

[epistasis]

The use case here is using a unique email address to help verify the sender of the email, it's not connected to spam usage.

[cheschire]

So you’re suggesting the sender use the + modifier on the from address?

[epistasis]

Here's the suggestion:

>Use <service>@<yourdomain> as your email address when signing up, and check the To header when receiving emails.

The user of the webservice specifies a unique email per webservice; knowledge of that unique email address serves as a hint that the email came from someone that has discovered that email address, i.e. the webservice itself.

[cheschire]

Right, so 99% of the time that’s a spammer that is going to use that discovered email. I updated my message to specify other illegitimate sources to cover that less than 1%