Checking if email is valid

avi.e.gross at gmail.com avi.e.gross at gmail.com
Sun Nov 5 08:06:39 EST 2023 

Grant (and others),

I am asking about the overall programming process of dealing with email
addresses beyond checking the string for some validity.

You mentioned requiring you type in your email twice as one example. I
generally do a copy/paste to avoid typing or have my browser fill it in.
Rarely the code is set to force me to actually type it in. And I note sites
that force me to do too much typing of any kind or make me jump through
hoops like having to get an email or text with a secondary number to type in
or make me look at pictures and find the right ones and so on, encourage me
to not use them much. There is a price for taking away convenience even if
you see it as some form of security. Yes, there are tradeoffs.

It really may be important to know what you want from your email addresses.
If I sign YOU up for something like the Word of the day in a dozen languages
by supplying your valid email address, then checking if it looks valid is
less useful than sending an email to that address and asking the recipient
to opt-in and verify they legitimately want it. If you want to ensure that
your newsletter is still wanted, you may do something similar every year or
so to everyone, or perhaps just those that have not had activity. If a
mailbox starts rejecting messages, perhaps you send messages to their
secondary contact info or just remove them.

There are many such strategies and some may be way harder to implement than
a simple and perhaps simplistic syntax check.

I do wonder how much it sometimes matters when we see real-world scenarios
where people who died a decade ago remain on voter registration rolls. If my
mailing list has a few hundred bad emails on it, the costs of sending may be
small albeit dealing with rejection messages may clog my logs.

As for fake email addresses, there are many ways to play that game that are
unlikely to be caught. Will they realize there is nobody at
erewhon at gmail.com? If you want to know if someone is going to sell your
hello.there at gmail.com address could you supply hell.other.e at gmail.com and
then monitor mail that you will still receive as it seems google ignores
periods in your email name? And, since others generally see the above as
distinct, you can even use such a method to sign up for something multiple
times.

Complexity leaves room for loopholes.

Still, obviously there are good reasons to do what you can to do some
validation at many points along the way and especially when it may be
critical. Asking someone to type in a new password twice when they cannot
easily see what they are typing, is obviously useful as the consequence of
losing it is high. Are getting the email addresses right as important?

I know my wife registered a fairly common name of the jane.doe at gmail.com
variety that is now useless as it keeps receiving messages someone provided
or typed in wrong that were supposed to go to janedoe@ or doe.jane@ or
janedoe123@ or j.doe@ and so on. These include receipts, subscriptions to
newsletters and much more.  Some are inadvertent but the reality is she
stopped using that email as it is now mostly full of SPAM as the others ...








-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com at python.org> On
Behalf Of Grant Edwards via Python-list
Sent: Sunday, November 5, 2023 12:39 AM
To: python-list at python.org
Subject: Re: Checking if email is valid

On 2023-11-04, Michael Torrie via Python-list <python-list at python.org>
wrote:
> On 11/4/23 02:51, Simon Connah via Python-list wrote:
>
>> Wow. I'm half tempted to make a weird email address to see how many
>> websites get it wrong.

In my experience, they don't have to be very weird at all.

>> Thank you for the link.
>
> Nearly all websites seem to reject simple correct email addresses
> such as myemail+sometext at example.domain.  I like to use this kind of
> email address when I can to help me filter out the inevitable spam
> that comes from companies selling off my address even after claiming
> they won't.

I've always suspected that's intentional. They refuse those sorts of
e-mail addresses because they know that's what they are used for. If
they allowed "plus suffixed" e-mail addresses, then all the crap they
want to send to you would go into /dev/null where it belongs -- and we
can't have that!

> So I suspect that nearly all websites are going to reject other
> kinds of weird email addresses you can create that are actually
> correct.

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs.  People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

--
Grant
-- 
https://mail.python.org/mailman/listinfo/python-list

More information about the Python-list mailing list