False positives using "[email protected]"

[simonsmiley]

I'm not sure if this should be handled in any way. I wrote a test and used the above email to check to see if rejection would work. Turned out that facebook and linkedin treat this specific email in a special way.

I don't know if this should be taken care of or not. Just wanted to put it out there...

[WriteCodeEveryday]

Interestingly enough, "[email protected]" with "password" redirects to a signup page on Facebook.

This is a 302 redirect which is considered to be a "pass". If you attempt any other username / password combo, you get a standard "password is wrong" prompt.

example.com is an email for illustrations and may have some specific logic for it. "This domain is established to be used for illustrative examples in documents. You may use this domain in examples without prior coordination or asking for permission."