Do all email providers ignore periods in front of @?

46
votes

I know that gmail lets a user insert as many periods as he/she wants in an email address before the @ sign. Gmail also lets users append the email address like this: [email protected]. All those "different" email addresses are essentially the same address. (Link to google blog describing these "features")

I want to prevent users from creating multiple accounts with what is essentially the same email address. I decided to store email addresses in my database with those periods and anything following and including a + sing stripped, but now I am wondering: Is it a standard to ignore periods in front of the @ sign that email providers are mostly following?

3
email
At most someone could clarify is this is specified in the SMTP standard. If, as I suspect, the answer is not, then who could know what all providers support or not.madth3
no SMTP RFC only specifies . or + are valid characters on the left side of @Pascal Belloncle
See RFC 5233.chepner

3 Answers

31
votes

This is really specific to gmail, but this applies to google apps for domain as well, so you would only be able to do it for @gmail.com

I wouldn't do this, this is only going to alienate your honest users and not prevent anyone determined to create multiple accounts.

29
votes

Over the last few days, I encountered the same problem. After researching on the web and checking a few things, I found that:

  • DOTS MATTER IN: Microsoft Outlook, Yahoo Mail, Apple iCloud ID
  • DOTS DON’T MATTER IN: Gmail, Facebook ID
  • DOTS STRICTLY PROHIBITED: Twitter

Source: An article on Slate

I came to the conclusion that a majority of users use services offered by Microsoft, Google, or Yahoo. So I can have an application-specific regex like this.

var eml_exp = /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@(gmail.com)$/i;
if(eml_exp.test("email@addrss"))
//if it's a gmail address, then remove periods from local part and also anything
// after `+` sign . Then compare the address in your existing user table,
// if you find it unique or unused then let the user to register.

You can read manuals of other known services also and implement according to them.

"Don't forget to open source your work :p"

Update

According to this SO question Adding + text before the @ in an email , you may block use of + sign the whole problem of yours and mine will get solved.

2
votes

"I want to prevent users from creating multiple accounts"

Maybe, like the others here say, that is not a good reason to ignore periods.

However a good reason can be to prevent users from accidentally creating different accounts. Let's say, a web app has recently been installed, and not yet configured to work with Gmail OpenAuth. So people type their addresses manually, to sign up with local email + password accounts.

Later, the web app configures OpenAuth and a Sign in with Gmail button. Now people with a gmail address, click that button to sign in. And ... in some cases, people accidentally manually typed their addresses with no dots, or with dots, or different dots, when they typed by hand (well, keyboard) previously.

Now, the app thinks the addresses are different, and auto-creates a new account for the user. S/he then wonders: "Where is all my old stuff? That I created before with this account? I logged in with the same email address!"

Real life example of this happening: https://meta.discourse.org/t/discourse-creates-new-users-if-dots-are-present-absent-in-google-email-address-when-logging-in-using-google/66151

I would think that for non-technical people, ignoring dots in Gmail addresses is the user friendly approach.

To let technical people create many accounts using the same Gmail addr (for testing purposes), you can choose to consider whatever+with-tags@gmail a different address. — Everyone happy :- ) (Astroturfing & spam filters can take into account that [email protected] and [email protected] is the same person.)