Intro
We’ve previously covered what constitutes an acceptable email address syntax according to RFC. If you’ve missed that article, do have a look at that first. Now, we all know all the email addresses generally looks like the format below.
E.g., username@example.com
The “username” or the local part is the identifier for the user’s mailbox account. The “example.com” part is the domain name. The domain name is usually related to your company’s website domain or whatever organization you’re currently attached to.
On the other hand, if we’re talking about personal email addresses, most people would go for one of the free email providers like Gmail, Outlook, Yahoo and so on. In those cases, the domains would look like “gmail.com”, “outlook.com” or “yahoo.com”.
Today, we’re more interested in the local part of the email address. We’ll cover what are dot and plus addressing in email addresses and what they mean.
Dot addressing in Gmail email addresses
Gmail users may or may not be aware that dots in their usernames are irrelevant when it comes to the email address. Let’s look at some of the examples below which are all referring to the same email address.
abcdefgh@gmail.com
ab.cd.ef.gh@gmail.com
abcd.efgh@gmail.com
a.bcd.efgh@gmail.com
Believe it or not, the list of emails above are actually pointing to the same mailbox. Gmail allows users to sign up for accounts using dots in their usernames but in reality, they are ignored for the purpose of determining the mailbox to route emails to. Any number of dots sprinkled throughout the email username will result in the same mailbox.
Whatever Google’s reason for ignoring dots, it can bring some benefits to the users. Some people like to use their full names as their username. Adding dots can help to make the username more readable and memorable especially if the username is very long or in a foreign language. Another benefit is that scammers are not able to sign up for similar Gmail email addresses to perform phishing.
Plus addressing in email addresses
While the dot addressing above is only applicable to Gmail email addresses, plus addressing is more widely supported by a lot of email providers. Plus addressing or sub-addressing refers to the use of a plus sign and some other text after the username. Let’s see some examples below.
abcdefgh+newsletter@example.com
For the purpose of routing the email message, all of the above email addresses will ultimately route the message to the first email address. When determining the final recipient email address, all characters from the plus sign till the end of the username are ignored. As you can see in our examples, the ignored text can be use to label or filter the respective email addresses. In the email client, it is then possible to match those labels to filter the messages into various folders or even trash the message automatically.
NOTE: Some older mail servers may treat the plus sign and subsequent text as part of an actual email address username. In those cases, the examples above would be all different mailboxes. However, this should be a rare occurrence.
Bad things that scammers do with dot and plus addressing
While we’ve mentioned that the dot and plus addressing have benefits for the users, it can also be used by scammers to sign up for multiple accounts on websites. Often, they generate variations of the dot and plus addressing of their base email address, then they sign up for free accounts to get freebies on websites. Fraudsters also rely on dot and plus addressing to keep signing up for free trials of online services.
As you can imagine, if a scammer or bad actor can keep signing up for a free trial of your paid service, you are not earning any money. Operational costs and an indefinite use of your free trials means you actually lose money.
MailboxValidator dot and plus addressing sanitization
Online businesses need to be able to determine if a user is signing up using either a dot or plus addressing email address. Fortunately, the MailboxValidator API is now able to return the base email address after removing the dots and plus addressing. For detection of multiple account users, it is possible to just check the base email address. There is a new field returned by the MailboxValidator API called base_email_address which contains the sanitized email address without the dot and plus addressing.
For more info on the API results, please see the MailboxValidator API documentation page.
While people do use the dot and plus addressing for legitimate reasons, such as making their inbox more organized, scammers can misuse them to make fraudulent transactions online. Online stores need to be able to detect them and block fraudsters. Legitimate customers don’t usually make multiple accounts.
Conclusion
Websites can easily screen user signups by querying the MailboxValidator API for invalid emails as well as checking the base email address. Utilizing good email screening practice like this means less fraudsters and freeloaders on your websites.