[Email-SIG] Email Address Validator
Stuart Bishop
stuart at stuartbishop.net
Wed Oct 20 11:30:13 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Dixon Cowles wrote:
| I think that a function that will check an address for correct syntax
| would be somewhat convenient to have, but I think that one that's
| right only 99% of the time would probably be worse than none at all.
|
| In particular, I'd be rather surprised if someone could implement all
| those rules with just a regular expression. Two of the four examples
| you sent along don't like the (I'm pretty sure) legal address
| "fred&barney"@example.com. And none of them like matt@[127.0.0.1]
| which isn't used much but I'm not aware of its having been declared
| illegal recently.
|
| In your list of bad addresses, I'm pretty sure that "brian" and
| "brian at localhost" are both legal.
I'm not sure I entirely agree. Whilst many odd strings of characters
might be valid email addresses, I wouldn't want to let them get into my
systems as if you see them in the real world they are certainly
erroneous, malicious or test data. When I want an email address, I want
something much more limited (foo at bar.com), in some cases allowing
brackets to encode the name in there as well. Its like bang notation -
plenty of systems will refuse to deal with it now because of its use in
relaying spam, but it was still technically legal last time I looked.
It would be possible to validate the domain using DNS, or at least
confirm the TLD is valid, if the tool is for Internet addresses rather
than something only meaningful to the local network (foo at mail.intranet,
bar at localhost).
| I suspect that the lack of email address validators out there stems
| both from the difficulty of writing one and the fact that they're not
| all that critical. I've always thought that if the MTA can deliver a
| message, that's fine. And if it can't, the user will get it back.
Mmm... a few checks to catch typos or obviously illegal addresses (to
catch people attempting to fit their postal address into an email
address form field for example), but I've never worried about proper
domain validation and all the 'icky MX record checking that is involved
(which seems rather pointless anyway since the address might suddenly
become valid again in 5 minutes time when some router that was just
rebooted comes back online).
- --
Stuart Bishop <stuart at stuartbishop.net>
http://www.stuartbishop.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBdjAkAfqZj7rGN0oRAv/1AKCAyRBqhV4d36pQ0byQqVMG0jPVkQCbBDt3
631qxjZoZJrS1DHCztxAg8U=
=CRhu
-----END PGP SIGNATURE-----
More information about the Email-SIG
mailing list