The only way to correctly validate an email address is to send a message to it, and verify that it arrived.
If you’re accepting email addresses as user input (e.g. from a web form), it might be nice to check that what’s to the right of the rightmost @
sign is a domain name with an MX or A record. That way, if a user enters a typo’d address, you have some chance of telling them that instead of handing an email to user#example.net
to your MTA.
But the validity of the local-part (left of the rightmost @
) is up to the receiving server.
Jesus_666@feddit.de 9 months ago
You can use a regex to do basic validation. That regex is
.+@.+
. Anything beyond that is a waste of time.hansl@lemmy.world 9 months ago
There are also cases where you want to have a disallow list of known bad email providers. That’s also part of the parsing and validating.
Tramort@programming.dev 9 months ago
It’s a valid need, but a domain blacklist isn’t part of email parsing and if you conflate the two inside your program then you’re mixing concerns.
Why is the domain blacklist even in your program? It should be a user configurable file or a list of domains in the database.
hansl@lemmy.world 9 months ago
We were discussing validation, not parsing. There’s no parsing in an email. You might give it a type once it passes validation, but an email is just a string with an
@
in it (and likely some . because you want at least 1 TLD but even that I’m not sure).Black616Angel@feddit.de 9 months ago
You are right in that it isn’t (or shouldn’t be) part of the parsing, but the program has to check the blacklist even if it’s in a database.
pkill@programming.dev 9 months ago
fuck any website that requires an account to just READ it’s stupid content and at the same time blocks guerrillamial/10minutemail (looking at you, Glassdoor,I don’t want to get fucking spam just so that I can check approximate salary in a company)
hansl@lemmy.world 9 months ago
Sounds like your gripe is with people requiring accounts for reading public content, and not with preventing usage of automated email creation and trying to limit bots on your website.
ono@lemmy.ca 9 months ago
Imagine giving someone your phone number, and having them say you have to get a different one because they don’t like some of the digits in it.
I have seen this nonsense more times than I care to remember. Please don’t build systems that way.
If you’re trying to do bot detection of the like, use a different approach. Blacklisting email addresses based on domain or any other pattern does a poor job of it and creates an awful user experience.
Feathercrown@lemmy.world 9 months ago
That rejects valid emails
Jesus_666@feddit.de 9 months ago
Which ones? In RFC 5322 every address contains an addr-spec at some point, which in turn must include an @. RFC 6854 does not seem to change this. Or did I misread something?
Feathercrown@lemmy.world 9 months ago
This is a valid address:
user.name@[IPv6:2001:db8:1ff::a0b:dbd0]
Relevant spec: www.rfc-editor.org/rfc/rfc5321#section-4.1.3
And you all doubted me… :P