> It’s likely that more people out there are being filtered by badly-implemented form validation than there are being filtered by their own need of hand-holding.

I wish this was asserted with evidence. The author might suggest this because they have unrealistic views of some users.

> In the year of our lord 2026, you can reasonably expect your users to know how to type their own email address - or even better, auto-input from their OS, browser, keyboard app, or password manager.

This really depends on who your users are.

I have multiple family members who have healthy memory, but can't accurately remember their email address everytime: the localpart, the domain, the syntax, everything.

Sending an email verification isn't sufficient, because if the user has typo'd ".com", they might never receive that email, and the user might never be back, or then have to escalate to support.

Meanwhile, if a site is opinionated on TLDs, they might prevent those users facing issues.

I'm sure there are many sites were users have a large variety of odd email addresses, but also there are sites that cater to mostly non-technical users within 1-2 locales, and so may find the friendliest UX is having opinionated validation.

That's why the article says "verify, not validate". Send an email, have a process for them to confirm they received it.

If the user gets the email and completes the validation, the email is valid. If they fucked up, they don't get the email and the account never gets created.

No one ever gets prevented from creating an account with a legitimate email address, as opposed to "opinionated validation" where that absolutely will happen. Speaking from years of experience having a .info domain which isn't even all that odd, and at one point using gmail-style + addresses regularly. "Opinionated validation" has forced me to use my .com domain without a plus dozens of times.

I know part of this is intentional, those who know they plan to sell your email addresses don't want you to use the plus addresses, but that doesn't make the advice to not filter addresses any less correct.

> I have multiple family members who have healthy memory, but can't accurately remember their email address everytime: the localpart, the domain, the syntax, everything.

I got Gmail early enough that I have (my first name) dot (my last name) at gmail dot com. About twenty years ago, I started getting strange emails. At first I thought they were spam, because they were addressed to me by name but I had never joined those sites. Eventually I figured out that they were addressed to (my first name) (my last name) at gmail dot com. Which Gmail treats as the same address as the one with a dot in between.

Since I had never ever given out a version of my email address without a dot in the middle, I eventually figured out that these emails were meant for someone else who shared the same first and last name as me. But since I don't think Gmail would allow one person to register john.example@gmail.com and then later allow someone else to register johnexample@gmail.com, my name doppelganger must have registered firstnamelastname@yahoo.com, and then forgot the domain and given out firstnamelastname@gmail.com when asked for an email address. And probably never noticed that they weren't receiving emails like "Dear customer, thank you for purchasing (product). Would you like to try (other product)?", so they never realized that they were giving out the wrong email address.

There's something you can do in between - you can check the domain has an MX record.