Ask HN: How do you normalize emails (such as removing + form a Gmail id)?
2 comments
Are there really that many rules in the wild?
I think generally if you strip periods for Gmails (but not for Microsoft accounts), truncate anything after a plus, and go all lowercase, it should normalize enough.
e.g.
[email protected]
becomes [email protected]
Technically the user part of email addresses can be case-sensitive, but I've never seen a real-world example of that.
The plus sign (plus addressing) is usually a vendor-added feature, but I think it's generally safe to truncate. (Your users might get annoyed though, because they might be using that to separate different accounts)
The period thing is provider-specific too. Gmail just ignores them, but Microsoft treats them as distinct accounts. Yahoo might too. You can't always tell when a third-party domain is hosted on one of those (unless you want to do a mxlookup for every address).
Maybe instead of outright blocking similar-looking emails, you can do some other ID verification on those (require a credit card, one of the id verify services, or just have them manually email you for processing, etc.). e.g. "Did you mean _______? Your email address is similar. If you forgot your password, blah blah. If that isn't you, please send our support team a message."
I think generally if you strip periods for Gmails (but not for Microsoft accounts), truncate anything after a plus, and go all lowercase, it should normalize enough.
e.g.
[email protected]
becomes [email protected]
Technically the user part of email addresses can be case-sensitive, but I've never seen a real-world example of that.
The plus sign (plus addressing) is usually a vendor-added feature, but I think it's generally safe to truncate. (Your users might get annoyed though, because they might be using that to separate different accounts)
The period thing is provider-specific too. Gmail just ignores them, but Microsoft treats them as distinct accounts. Yahoo might too. You can't always tell when a third-party domain is hosted on one of those (unless you want to do a mxlookup for every address).
Maybe instead of outright blocking similar-looking emails, you can do some other ID verification on those (require a credit card, one of the id verify services, or just have them manually email you for processing, etc.). e.g. "Did you mean _______? Your email address is similar. If you forgot your password, blah blah. If that isn't you, please send our support team a message."
Sounds like it’s a freemium so increase ads or add an interstitial ad. Perhaps you could force social logins only. Or the Cloudflare wall may help. You haven’t really defined your problem here but I assume you perceive value is being stolen by their methods.
[email protected]
[email protected]
[email protected]
[email protected]
How do we normalize this?
Is there a good resource which at least lists all this email provider specific rules about how email addresses are treated?