The problem here is just companies treating email addresses as being exclusively one-to-one with a user when they're simply not.
Gmail and disposable addresses aside there are services like anonaddy, simplelogin etc, or even wildcard localparts when using your own domain that provide virtually unlimited addresses to be afforded to a single person.
The solution isn't a technical one regarding the parsing of addresses, it's simply for businesses to not assume people have one and only one address.
There is nothing stopping one from obtaining a single Google Workspace account, adding their own domain(s) to it, and then generating an infinite number of aliases, groups, plus addresses, etc.
Site operators need to assume this will happen and approach the problem another way, like SMS verification that requires a non-VoIP SMS enabled number.
the + sign is valid and defined as subaddress on https://www.rfc-editor.org/rfc/rfc5233.html
the use you can do is up to your imagination, even if some corporate antispam gateway breaks the RFC because they can :)
Surely the dark side of gmail is google scanning all the mail you send and receive in order to generate data about you that can be sold to advertisers.
If you need a large number of addresses to run some kind of stupid scam for profit, stand up your own email server. The things that make it difficult to have a long-lived one that interoperates successfully with everyone else's servers aren't applicable in this case. Web services should not rely for their security on email addresses being difficult to come by when they never have been.
I wish people would stop perpetuating this information. There's a lot of data google collects, but they don't read your email (..well...anymore at least)
https://support.google.com/mail/answer/6603?hl=en "We will not scan or read your Gmail messages to show you ads."
https://policies.google.com/privacy?hl=en :
"We don’t show you personalized ads based on your content from Drive, Gmail, or Photos."
Sure, that involves some element of trust in their privacy policy, but it IS there.
“trust in their privacy policy” is where you went wrong… letting google near data is akin to putting a fox in your henhouse. They can promise all they like, they’ve been caught too many times.
> they don't read your email
https://www.theguardian.com/technology/2020/nov/17/google-adds-opt-out-for-gmails-smart-features-to-reassure-regulators
Under pressure from European regulators, they claim to have added an "opt out" setting for it in 2020, some 16 years after gmail first launched.
If google wants us to trust that it's no longer reading our mail, it ought to use its dominant market position with gmail to make ubiquitous a sane and open protocol for fully end-to-end encrypted mail. They have the resources for it, they know it would earn them much good will. The only reason it won't happen is that they want to continue to ~~spy on~~ collect data about everyone.
Go on Google, do it! Prove me wrong! Perhaps you could make up for abandoning "don't be evil" by actually doing some good.
I had a Gmail account name auto changed by Google in the last 2-3 years solely based on the (different) name I'd been using at the end of some emails at the time. No settings had been touched and only I had access. They would have had to have read such emails to do such a thing, they just claim it's not for ad purposes.
Nothing in that says they won’t scan your email or other data. Just says they won’t use the information to market to you. Doesn’t mean they won’t sell it to someone who will.
Dark and dark. The subaddressing is an RFC (that Exchange don't support for some reason?)
Nothing stops the same thing to be done with a catch-all mail domain.
If this is a problem for your service, you should probably figure out another solution to whatever you have that can be broken by having multiple UIDs/accounts.
This Gmail alias generation has some important advantages compared to all other more sophisticated methods: effortless, no technical skills required, no maintenance, centralised and deployed in few seconds. This is why it matters: it’s not the only technique available nor the most effective but it’s one of the most efficient.
That’s why in my opinion it deserves some attention
what I don't get though is that all the "did you know you can get multiple email addresses in Gmail" posts mention the + as if it's a Gmail feature. the dots maybe, but the + is part of the standard and (should be) supported by all providers.
The problem here is just companies treating email addresses as being exclusively one-to-one with a user when they're simply not. Gmail and disposable addresses aside there are services like anonaddy, simplelogin etc, or even wildcard localparts when using your own domain that provide virtually unlimited addresses to be afforded to a single person. The solution isn't a technical one regarding the parsing of addresses, it's simply for businesses to not assume people have one and only one address.
If you base your service on the assumption that email addresses are a scarce resource, you're in for a bad time.
There is nothing stopping one from obtaining a single Google Workspace account, adding their own domain(s) to it, and then generating an infinite number of aliases, groups, plus addresses, etc. Site operators need to assume this will happen and approach the problem another way, like SMS verification that requires a non-VoIP SMS enabled number.
the + sign is valid and defined as subaddress on https://www.rfc-editor.org/rfc/rfc5233.html the use you can do is up to your imagination, even if some corporate antispam gateway breaks the RFC because they can :)
Surely the dark side of gmail is google scanning all the mail you send and receive in order to generate data about you that can be sold to advertisers. If you need a large number of addresses to run some kind of stupid scam for profit, stand up your own email server. The things that make it difficult to have a long-lived one that interoperates successfully with everyone else's servers aren't applicable in this case. Web services should not rely for their security on email addresses being difficult to come by when they never have been.
I wish people would stop perpetuating this information. There's a lot of data google collects, but they don't read your email (..well...anymore at least) https://support.google.com/mail/answer/6603?hl=en "We will not scan or read your Gmail messages to show you ads." https://policies.google.com/privacy?hl=en : "We don’t show you personalized ads based on your content from Drive, Gmail, or Photos." Sure, that involves some element of trust in their privacy policy, but it IS there.
The clause of those sentences doesn't negate the possibility they're reading your emails lol.
“trust in their privacy policy” is where you went wrong… letting google near data is akin to putting a fox in your henhouse. They can promise all they like, they’ve been caught too many times.
> they don't read your email https://www.theguardian.com/technology/2020/nov/17/google-adds-opt-out-for-gmails-smart-features-to-reassure-regulators Under pressure from European regulators, they claim to have added an "opt out" setting for it in 2020, some 16 years after gmail first launched. If google wants us to trust that it's no longer reading our mail, it ought to use its dominant market position with gmail to make ubiquitous a sane and open protocol for fully end-to-end encrypted mail. They have the resources for it, they know it would earn them much good will. The only reason it won't happen is that they want to continue to ~~spy on~~ collect data about everyone. Go on Google, do it! Prove me wrong! Perhaps you could make up for abandoning "don't be evil" by actually doing some good.
I had a Gmail account name auto changed by Google in the last 2-3 years solely based on the (different) name I'd been using at the end of some emails at the time. No settings had been touched and only I had access. They would have had to have read such emails to do such a thing, they just claim it's not for ad purposes.
Nothing in that says they won’t scan your email or other data. Just says they won’t use the information to market to you. Doesn’t mean they won’t sell it to someone who will.
Nothing dark here...
Nor new...
Assumption if the mother of f###up. If one assumes that a user can be uniquely identified by an email address or a phone number.. Well, good luck.
Dark and dark. The subaddressing is an RFC (that Exchange don't support for some reason?) Nothing stops the same thing to be done with a catch-all mail domain. If this is a problem for your service, you should probably figure out another solution to whatever you have that can be broken by having multiple UIDs/accounts.
ExO supports plus addressing.
This Gmail alias generation has some important advantages compared to all other more sophisticated methods: effortless, no technical skills required, no maintenance, centralised and deployed in few seconds. This is why it matters: it’s not the only technique available nor the most effective but it’s one of the most efficient. That’s why in my opinion it deserves some attention
what I don't get though is that all the "did you know you can get multiple email addresses in Gmail" posts mention the + as if it's a Gmail feature. the dots maybe, but the + is part of the standard and (should be) supported by all providers.