Bug description: When choosing the email you can simply add “+placeholder” before the @ and it works as a diferent email
Expected Behavior: it detects it as the same email
Current Behavior: it does not detect it
Steps to reproduce: go to the email signup then, when choosing an email that is already registered, for example “email@example.com”, simply put “firstname.lastname@example.org” (placeholder can be anything) and you can create an account (you will also receive the confirmation email as gmail ignores anything after the +)
Bug appears at this link: https://replit.com/signup
Browser/OS/Device: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/220.127.116.11 Safari/537.36
Replit Profile: https://replit.com/@ShyMike
I dont know if this is intentional but maybe it isnt
I cant really make a screen recording as my pc is bad but i will try to explain it better:
You can have an account with the email “email@example.com” and another account with “firstname.lastname@example.org” using only one email (email@example.com)
Why should the
+2 or whatever be allowed?
You can’t add it to your email address?
that’s in gmail, you dont need to create a new account or anything… just umm use the +2 in the replit signup
Also, I tend to use dotted versions of my email to further identify the source of my emails.
I also use it for that purpuse thats how i randomly stumbled upon it
Wait how does theses ‘dotted versions’ do anything? How does it help you to ‘further identify the source of your emails’?
+2 they are comments which don’t show up (IIRC) but dotted version let me know “oh thats my alt!” when looking at the To filed.
Anything after the + is ignored so you can do like +randomWebsiteHere for a specific website
So um… do other websites have the same problem as this?
Some block it (or just wipe anything after the + using regex) some dont
Does this also work with dots in the emails?
Because if so, a regular email like
firstname.lastname@example.org could be
It should, as that is standard.
It’s not ignored per se, if you check the
To line in emails that use a
+ed email, it’s still in the field.
well dotted emails is part of a gmail feature IIRC, and the plus sign along with the banana<email@example.com> would probably work as well.
By varying the +2 or the location of the period when you sign up for a site you can determine which website sold/leaked your email/info.
For example, I know that any emails without a period in it are most likely spam since I only ever use a period in my name. Of course, this increases the amount of spam but it also means that I get emails that might otherwise never get to me.
firstname.lastname@example.org and how is it already in use ?!?!?!?