Problem
We currently have no monitoring to catch abusive signups that exploit email aliasing. A single person can create many accounts using plus-addressing (and similar tricks) on the same underlying mailbox, e.g.:
adam@email.com
adam+1@email.com
adam+2@email.com
- ...and so on
Because each variant is technically a distinct email, they all pass as unique signups today, which opens the door to trial/credit abuse and other forms of gaming.
Proposal
Set up some form of heuristic-based monitoring to flag (and eventually help prevent) this pattern. Rough ideas to explore:
- Normalize emails before comparison: strip the
+suffix from the local part (and, for providers that ignore them, dots) so adam+1@email.com and adam+2@email.com collapse to the same canonical adam@email.com.
- Cluster signups by normalized email (and optionally by shared signals like IP, device, or domain) and surface when a canonical mailbox spawns an unusual number of accounts in a short window.
- Alert / dashboard so the team can review suspicious clusters, rather than hard-blocking initially (avoid false positives on legitimate plus-addressing use).
- Consider whether to escalate from monitoring to soft/hard limits once we understand the baseline.
Open questions
- Where should normalization live (signup flow, ingestion, or a downstream job)?
- What threshold counts as "abusive" vs. normal usage?
- Should this block at signup or just flag for review?
Starting with monitoring/heuristics keeps us from over-blocking while we learn the real patterns.
Problem
We currently have no monitoring to catch abusive signups that exploit email aliasing. A single person can create many accounts using plus-addressing (and similar tricks) on the same underlying mailbox, e.g.:
adam@email.comadam+1@email.comadam+2@email.comBecause each variant is technically a distinct email, they all pass as unique signups today, which opens the door to trial/credit abuse and other forms of gaming.
Proposal
Set up some form of heuristic-based monitoring to flag (and eventually help prevent) this pattern. Rough ideas to explore:
+suffixfrom the local part (and, for providers that ignore them, dots) soadam+1@email.comandadam+2@email.comcollapse to the same canonicaladam@email.com.Open questions
Starting with monitoring/heuristics keeps us from over-blocking while we learn the real patterns.