Ask HN: How do you normalize emails (such as removing + form a Gmail id)?

Are there really that many rules in the wild?<p>I think generally if you strip periods for Gmails (but not for Microsoft accounts), truncate anything after a plus, and go all lowercase, it should normalize enough.<p>e.g.<p>eX.am.Ple+anyThing@gmail.com<p>becomes example@gmail.com<p>Technically the user part of email addresses can be case-sensitive, but I&#x27;ve never seen a real-world example of that.<p>The plus sign (plus addressing) is usually a vendor-added feature, but I think it&#x27;s generally safe to truncate. (Your users might get annoyed though, because they might be using that to separate different accounts)<p>The period thing is provider-specific too. Gmail just ignores them, but Microsoft treats them as distinct accounts. Yahoo might too. You can&#x27;t always tell when a third-party domain is hosted on one of those (unless you want to do a mxlookup for every address).<p>Maybe instead of outright blocking similar-looking emails, you can do some other ID verification on those (require a credit card, one of the id verify services, or just have them manually email you for processing, etc.). e.g. &quot;Did you mean _______? Your email address is similar. If you forgot your password, blah blah. If that isn&#x27;t you, please send our support team a message.&quot;

Sounds like it’s a freemium so increase ads or add an interstitial ad. Perhaps you could force social logins only. Or the Cloudflare wall may help. You haven’t really defined your problem here but I assume you perceive value is being stolen by their methods.