Unfortunately, the same sites that are naive enough to use MD5 for cryptographic hashing are also likely the same sites naive enough to use oversimplified regexes that fail to validate all possible inputs.
(If I had a dollar for every time the 'emailaddress+foo@gmail.com' failed to validate....)
(If I had a dollar for every time the 'emailaddress+foo@gmail.com' failed to validate....)