I'm locked out of my 6 year old Chipotle account because they now say my email address is invalid when I login. Here is me asking for their help:
I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
I signed up to an insurance company here in Japan with first.last+something@domain.com and they later changed their rules and I couldn't sign in at all. They told me to open a new account. I didn't want to pay them once let alone twice. Never doing business with them again.
Same. Nowadays I just use a catch-all email address. Companyname@domain.tld. Allows me to name, shame, and block the company that leaks my email address.
I like to use the Gmail feature where you can add +randomstring to your email and it still gets to the regular email to sign up to random sites. But this way you can identify and block spam if that email get's compromised. Technically this Google catch all feature also isn't following the email standard but at least it's useful.
Problem with that is that you can very easily strip off the + and any bit after it to get your “normal”
email address.
Then again, when they find out mine is a catch-all, they can spam me as well… I guess you never win.
Oh for sure. But my gmail address is pretty much a burner address for sites I don't want to provide my regular firstname.lastname@provider.com one. So nothing big to loose there.
In what sense do you think this isn't following the email standard? The plus sign is a valid character in the local part, and the standard doesn't say how it should be interpreted (it could be a significant part of the name; it's not proper to strip it out) or preclude multiple addresses from delivering to the same mailbox.
Unfortunately the feature is too well-known, and the mapping from the tagged address to the plain address is too transparent. Spammers will just remove the label. You need either a custom domain so you can use a different separator ('+' is the default but you can generally choose something else for your own server) or a way to generate random, opaque temporary addresses.
If you want to talk about non-compliant address handing, aside from not accepting valid addresses, the one that always bothers me is sites that capitalize or lowercase the local part of the address. Domain names are not case-sensitive, but the local part is. Changing the case could result in non-delivery or delivery to the wrong mailbox. Most servers are case-insensitive but senders shouldn't assume that is always true.