diff --git a/management/mailconfig.py b/management/mailconfig.py
index 4cb57027..da83cd18 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -435,9 +435,11 @@ def add_mail_alias(address, forwards_to, permitted_senders, env, update_if_exist
 				email = email.strip()
 				if email == "": continue
 				email = sanitize_idn_email_address(email) # Unicode => IDNA
+				# Strip any +tag from email alias and check privileges
+				privileged_email = re.sub(r"(?=\+)[^@]*(?=@)",'',email)
 				if not validate_email(email):
 					return ("Invalid receiver email address (%s)." % email, 400)
-				if is_dcv_source and not is_dcv_address(email) and "admin" not in get_mail_user_privileges(email, env, empty_on_error=True):
+				if is_dcv_source and not is_dcv_address(email) and "admin" not in get_mail_user_privileges(privileged_email, env, empty_on_error=True):
 					# Make domain control validation hijacking a little harder to mess up by
 					# requiring aliases for email addresses typically used in DCV to forward
 					# only to accounts that are administrators on this system.