How Plus Addressing Can Prevent Spam

I'm Kev and I'm a Cyber Security professional from the UK. I started this blog so that I could share my thoughts on the things that interest me. That's usually technology, Linux, open source, and motorbikes.

Leave a Reply

Comment as a guest.

  1. II use the same technique since a many years. I recommend using your own MTA and using – instead of +. Many times I find webforms refusing addresses with a + on it

    1. Fastmail’s solution seems to be the best (see link in article). I use Fastmail and have not had anything flagged yet. I assume that’s because it’s using a subdomain for the “plus” address, not and actual plus symbol.

  2. I’ve been using “plus addressing” for a while now and, for the most part, it Just Works. However, there are those odd occasions where it doesn’t — usually the result of faulty input validation logic (the service won’t allow you to create an account using a “plus address” or the service allowed you to create an account using a “plus address” but won’t recognize it after the fact when logging in). I also had a weird issue with Heroku where they (initially) wouldn’t recognize me as the account owner because I couldn’t send them an email using the “plus” variant of my email address associated with my account.

    1. I think the solution that my host has is probably a little better, where you don’t actually use a plus address, but rather a sub-domain. If you look at the Fastmail link in the article, you will see what I mean. I’m yet to have that flagged by any web form.

Read Next

Sliding Sidebar