i have an issue where this attack signature is blocking logins to my application with any emai address starting with email@example.com or any other domain. I have tried the below suggestion to disable this specific attack signature however issue still persists:
Disabling Attack signatures for Parameters (BIG-IP 11.5.0 and later)
Have you generated ASM/Advanced WAF report to see that the signature is detected under the explicit parameter you created? It could be a bug or the signature being detected under the URL so maybe you will need to whitelist it there.