Re: + signs are valid in email addresses.
@JimmyPage, as somebody with an apostrophe in their surname and a reasonable knowledge of the website innards (having supported a few), it never ceases to amaze how many fall at such a seemingly simple hurdle.
I remember looking at some ASP code years ago and thinking "why the hell are they building the SQL on the fly, why don't they just use parameters instead?"
The other benefit is that it makes you less vulnerable to wonderful things like SQL injection, pause for obligatory xkcd reference:
http://xkcd.com/327/
Oh and when it comes to validating input items on a webpage, please either stop the user from entering the verboten characters in the first place, or even better, make the validation interactive so it checks the field as you're populating it and either shows a cheery green tick or a red frowny face along with a suitably annoying message.
I don't want to get to the bottom of something that resembles a morttgage application only to find out then that my chosen username is taken or that you can't find my fscking address!
Any website that has hacked me off to that extent is simply left behind whilst I Google an alternative that does give a stuff about the UI and HCI side of things.