Don't use regular expressions to "validate" email addresses

[Ben Finney]

Steve Holden <steve at holdenweb.com> writes:

> Ben Finney wrote:
> > I don't "validate" email addresses by regular expression.
> > 
> Just as a matter of interest, are you expecting that you'll find out
> about the undeliverable ones? Because in many cases nowadays you
> wont, since so many domains are filtering out "undeliverable mail"
> messages as an anti-spam defence.

I wouldn't expect a program to treat a user-supplied email address as
known-good until receiving a confirmation email with a cookie, or some
out-of-band confirmation (e.g., the email addresses are seeded by some
trusted source).

Until then, it's an untrusted piece of user-supplied data, to be kept
around for a limited time pending confirmation, and then discarded.

-- 
 \       "Man cannot be uplifted; he must be seduced into virtue."  -- |
  `\                                       Donald Robert Perry Marquis |
_o__)                                                                  |
Ben Finney