It still works, in my experience. Also, stripping out the plus is risky for sites, as it might actually be a part of the address, especially if it's not @gmail.com.
You can get a tad fancier and automatically mark mails without + as spam (only works for new addresses, obviously) or use a dash as separator (if your mail provider supports it). This won't block a targeted attack, yes, but it's usually sufficient to filter a lot of low quality spam and to identify companies that sell or leak your data.
>Also, stripping out the plus is risky for sites, as it might actually be a part of the address, especially if it's not @gmail.com.
Sure, stripping out everything after the + isn't specified in the RFCs, but I know of zero public email providers that allow + in email address AND treats them as separate address (eg. foo+bar@example.com is a different account than foo+baz@example.com).
>You can get a tad fancier and automatically mark mails without + as spam (only works for new addresses, obviously)
Sites that reject + in email address preclude you from doing that.
You can get a tad fancier and automatically mark mails without + as spam (only works for new addresses, obviously) or use a dash as separator (if your mail provider supports it). This won't block a targeted attack, yes, but it's usually sufficient to filter a lot of low quality spam and to identify companies that sell or leak your data.