Open RokeJulianLockhart opened 1 year ago
Indeed, plus addressing is the problem - rwx1m7@rokejulianlockhart.anonaddy.com works. Remember when implementing e-mail dependent registration that you read the entirety of the relevant RFCs or use a well-tested library.
I believe this was initially implemented to prevent bot signups.
I think that that's an ineffective solution since I quite easily bypassed it using AnonAddy, but you could at least notify the user and not send the e-mail message until the sub address is removed.
I would also normally use plus addressing. Please consider adding support for it.
@ciroiriarte, have you tried https://anonaddy.com in the meantime? I use a different (also plus addressed) e-mail address for each service, and it works better than mere plus addressing does, especially for situations such as this.
I attempted to register using
rwx1m7+RWX1MZ@rokejulianlockhart.anonaddy.com
. When I received the code, clicking the verify button didn't work. I was about to consider this a problem with my browser, but when I tried to click the e-mailed link instead, the consequent page (https://app.singlelink.co/verify?email=rwx1m7+RWX1MZ@rokejulianlockhart.anonaddy.com&code=145330&newSignup=true) appeared to depict my address incorrect sanitized in some manner: