For example, I just signed up for a second line of internet for my homelab with Spectrum. I provided my email address "me+spectrum@example.com". The sales rep's systems accepted it just fine, but when I try to create an account on their online portal, it's suddenly not a valid email address.
This is arguably worse than requiring passwords to contain symbols and numbers.
I bet there's more weird rules that are hurting other people as well.
RFC 2822 Section 3.2.4 [1] says:
atext = ALPHA / DIGIT / ; Any character except controls,
"!" / "#" / ; SP, and specials.
"$" / "%" / ; Used for atoms
"&" / "'" /
"*" / "+" /
"-" / "/" /
"=" / "?" /
"^" / "_" /
"`" / "{" /
"|" / "}" /
"~"
+ is valid atext.I suspect what's happening is they've got some rule against the word "spectrum" or something. Or perhaps they're a bad company and just HAVE to have base-level addresses to sell to the advertisers?
- [1]: https://www.rfc-editor.org/rfc/rfc2822#section-3.4.1
Finally after 20 years I wanted to ask a question there and failed at step zero! I have no idea what specific "security" reason they dreamed up (I've never had an issue like that with it elsewhere)
The irony that I might have to create a temporary address to avoid the issue being reported as due to a temporary address is too much for me so I gave up.
It does indeed "suck"
To make things more annoying, I once had an email address that had a three-level domain, think me@email.example.com instead of a domain with two components like me@example.com. I found more than one email validator that insisted that this was illegal.
I've avoided this by using only the first few and/or last few letters of the service in the email tag (e.g. "HaNe" instead of "hackernews"). It's an easy filing system for me, doesn't trigger concerns about phishing, and makes for shorter handles.
At least they did it this time. One time I went to get an oil change at Valvoline. They asked for my email and I reluctantly gave a +valvoline email address and the manager straight up would not type that into the computer. Dude thought I was up to some major shenanigans.
Email validation can be done by sending an email to the specified address. Why bother differentiating between "invalid" and "valid but doesn't exist"?
Just check there's an @ symbol with something before it and something after it and if so, send it an email.
Any reason not to do it this way?
I hate it, of course, but that's what they do.