Comment on For security reasons
scrion@lemmy.world 6 months agoThe local parts of email addresses are standardized, and there is an RFC handling subadressing as well, see RFC 5233 - it’s not like Gmail invented this behavior.
Also, RFC 5321 clearly states (2.3.11) that the local part of an email must only be interpreted by the receiving server, so that part should not be parsed, modified or mangled in any form - the assumptions poor web forms or validation libraries make these days are incredibly annoying and simply not compliant.
So no, non of your suggestions are good, let alone ideal. Ideally, people would simply implement the specs and stop making lazy and false assumptions. In the case you cited, it turns out email validation is simply not the proper tool to limit how often the form can be submitted. Similar websites use e. g. text messages.
neatchee@lemmy.world 6 months ago
Requiring SMS validation is a massive barrier to entry and not a viable option for a service like Change.org that relies on a certain level of participation.
scrion@lemmy.world 6 months ago
I’m aware of that, but let’s be honest here: social and political changes are not introduced, let alone solved, by technology.
You said it perfectly: this is about business needs. I’d like to argue to make the barrier for entry even higher (tie it to a form of citizen identity) and mandate the petition must be reviewed / acted upon once it has become significant - frameworks like this do exist already in several countries.
Everyone has multiple email addresses today, does that not fundamentally erode the validity of change.org as a platform for direct democracy then? I do believe this is the case, so I’d love if another website would at least stop violating already existing standards and force their erroneous interpretation of how email addresses work down our throats.
neatchee@lemmy.world 6 months ago
Oh yeah don’t get me wrong, I think change.org as a product is hot sticky garbage. I don’t take anything they produce seriously lol