How do you normalize emails (such as removing + form a Gmail id)?

Question

People are creating duplicate accounts in our service using the same email id such as:example@gmail.comExample@gmail.come.x.ample@gmail.comexample+anyrandomstring@gmail.comHow do we normalize this?Is there a good resource which at least lists all this email provider specific rules about how email addresses are treated?

solardev · Accepted Answer

Are there really that many rules in the wild?
I think generally if you strip periods for Gmails (but not for Microsoft accounts), truncate anything after a plus, and go all lowercase, it should normalize enough.
e.g.
eX.am.Ple+anyThing@gmail.com
becomes example@gmail.com
Technically the user part of email addresses can be case-sensitive, but I've never seen a real-world example of that.
The plus sign (plus addressing) is usually a vendor-added feature, but I think it's generally safe to truncate. (Your users might get annoyed though, because they might be using that to separate different accounts)
The period thing is provider-specific too. Gmail just ignores them, but Microsoft treats them as distinct accounts. Yahoo might too. You can't always tell when a third-party domain is hosted on one of those (unless you want to do a mxlookup for every address).
Maybe instead of outright blocking similar-looking emails, you can do some other ID verification on those (require a credit card, one of the id verify services, or just have them manually email you for processing, etc.). e.g. "Did you mean _______? Your email address is similar. If you forgot your password, blah blah. If that isn't you, please send our support team a message."

ctrlGsysop · Answer

Sounds like it&rsquo;s a freemium so increase ads or add an interstitial ad. Perhaps you could force social logins only. Or the Cloudflare wall may help. You haven&rsquo;t really defined your problem here but I assume you perceive value is being stolen by their methods.