I really thought that no serious company out there would still do stupid validity checks that have nothing to do with the respective RFCs. Actually there is at least one.

Some days ago, I bought the excellent game Braid at Impulse (check it out if you haven’t heard about it) and paid using PayPal.

So far so good. However I use a address containing a “+” for my PayPal account to achieve a little bit of more security by not using a address which can be found on the net. To stress it further: a “+” is perfectly legal in an email address! That’s also why neither PayPal nor any mail server ever complained. In order to actually download and play the game, I had to install a client which resembles pretty much the Steam client and create an account. This account is bound to an email address. My purchase is bound to the PayPal email address. Anybody seeing the problem coming?

To cut it short, I couldn’t create an account using my PayPal address as the client claimed the address invalid. So I created an account with my “normal” email address and...couldn’t activate and thus play the game!

Support took nearly 48 hours to do the simple task of re-registering my purchase to my regular address and I’m quite frankly not very happy, so I doubt I’ll ever buy something again there. In other words: Due to idiotic tests which aren’t based on any standard and neglecting the possibility, that an seemingly invalid address might come into the system, they lost a customer.

Think about it.