Support the '+' in e-mail addresses

Why '+' matters

View the Project on GitHub pawlos/support-the-plus

What is this about?

Have you every encountered a situation when your valid e-mail address, which only crime was to have a '+' sign in it, was rejected. Have you ever wondered why it happened since RFC-5322 and RFC-5321 allow it?

Why is that important?

Gmail doesn't have an aliasing mechanism. Instead they allow to add ant part after '+' in the local part of the e-mail address and the message will still be delivered to you. I.e. if your e-mail address is jon.doe@gmail.com then you can also get messages sent to jon.doe+netflix@gmail.com or jon.doe+facebook@gmail.com. Thanks to this you can create filters and have a clean inbox.

So how to change this

Are you a developer? Here's what you to do

Support the plus. Use build-in validation rules for e-mails. Do not write your own. The build-in ones are usually better and by default support the '+'. If not then use proper regexp for validating the local part or the full e-mail address. This one is from the RFC:

(?:[a-z0-9!#$%&'+/=?^_`{|}~-]+(?:.[a-z0-9!#$%&'+/=?^_`{|}~-]+)|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\[\x01-\x09\x0b\x0c\x0e-\x7f])")@(?:(?:a-z0-9?.)+a-z0-9?|[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\[\x01-\x09\x0b\x0c\x0e-\x7f])+)])

Scary? Then check http://emailregex.com for more info.

Are you a user? Here's what you can do

Yell at the owner! Tweet, post on their Facebook or write an e-mail saying that you can't register/subscribe or buy their stuff due to their improper e-mail validation. If enough of us will tell them the same - they will listen!

Are you an owner of the site?

Support the plus! Do not reject e-mail addresses with plus in it. They your developer it's important not to reject any users.

FAQ

Q: But it's due to a security

A: Then you security is broken. '+' is a valid character and if you can't handle it correctly then we fear for other security things you do in your application. If you do not support it at least be honest and tell the truth. Here's the stackexchange topic on the matter.

Support in languages/libraries

Lang/Lib Construct Y/N

If you want to support us then clone this repo, make it better and send a PR. Also use the hashtag #support+ to spread the idea. Thanks.