I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
Probably, from what I can see the address in question isn’t really that exotic. but an email regex that validates 100% correctly is near impossible. And then you still don’t know if the email address actually exists.
I’d just take the user at their word and send an email with an activation link to the address that was supplied. If the address is invalid, the mail won’t get delivered. No harm done.
Actually, one of our customers found out the hard way that there is harm in sending emails to invalid addresses. Too many kickbacks and cloud services think you’re a bot. Prevented the customer from being able to send emails for 24 hours.
This is the result of them “requiring” an email for customers but entering a fake one if they didn’t want to provide their email, and then trying to send out an email to everyone.
Our software has an option to disable that requirement but they didn’t want to use it because they wanted their staff to remember to ask for an email address. It was not a great setup but they only had themselves to blame.
My guess is that would also occur with valid but non-existing e-mail addresses no? The regex would not be a remedy there anyway.
Of course you should only use the supplied e-mail address for things like mass mailings once it has been verified (i.e. the activation link from within the mail was clicked)
That’s exactly what they did. They used something like noaddress@ourbusniess.com to get around the checks we had in place. I’ve intentionally been vague but most people will give their email address to our customers and won’t give a fake one. So under normal situations the amount of bounce backs would be minimal: fat fingering, hearing them incorrectly, or people misremembering their email. Not enough to worry about. Never thought we’d come across a customer intentionally putting in bad email addresses for documentation purposes. They could have just asked us to make the functionality they wanted.
The best of validation is just to confirm that the email contains a
@and a.and if it does send it an email with a confirmation link.TLDs are valid in emails, as are IP V6 addresses, so checking for a
.is technically not correct. For examplea@banda@[IPv6:2001:db8::1]are both valid email addresses.I feel like using
a@[IPv6:2001:db8::1]is asking for trouble everywhere online.But its tempting to try out, not many people would expect this.
try user@123.45.67.89.in-addr.arpa or user@d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa just for the giggles. Mix it with BANG-Adressing:
123.45.67.89.in-addr.arpa!d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa!user
Jeez and I feel like I’m tempting fate just by using a custom domain.
Email standard sucks anyway. By the official standard, User@email.com and user@email.com should be treated as separate users…
Personally I don’t think that sucks or is even wrong. Case-independent text processing is more cumbersome. ‘U’ and ‘u’ are two different symbols. And you have to make such rules for every language a part of your processing logic.
If people can take case-dependence for passwords (or official letters and their school papers), then it’s also fine for email addresses.
The actual problem is cultural, coming from DOS and Windows where many things are case-independent. It’s an acquired taste.
Unicode has standard rules for case folding, which includes the rules for all languages supported by Unicode. Case-insensitive comparisons in all good programming languages uses this data.
Note that you can’t simply convert both strings to uppercase or lowercase to compare them, as then you’ll run into the Turkish i problem: https://haacked.com/archive/2012/07/05/turkish-i-problem-and-why-you-should-care.aspx/
So good that we all use Unicode now. No CP1251, no ISO single-byte encodings, no Japanese encoding hell.
Yeah, living in 2123 sure is good
It’s that capitalization is language dependent, which email addresses shouldn’t be as I hope the rules for France shouldn’t be different than for Dutch. For instance é in Dutch is capitalized as E, but in French it is É. The eszett didn’t even have an official capital before 2017
In most programming languages, case-insensitive string compare without specifying the culture became deprecated. It should imo only be used for fuzzy searching doubles, which you probably will do with ToUpper on all four performance reasons, or maybe some UI validation.
Sure, but we’re just talking about string comparison rules, and Unicode sees all three of those as being equal. For example, a search engine that uses proper case folding rules in its indexer should return results for “entrée” if you search for “entree”, “Čech” if you search for “cech”, etc.
You can’t just use ToUpper for comparisons due to issues like you mentioned, and the Turkish i problem. You need to do proper case-insensitive comparisons, which is where the Unicode case folding rules are used.
offtopic: The eszett strictly speaking was a ligature for ‘sz’, which Hungarian orthography kinda preserved while for German the separated version is ‘ss’, and there’s plenty of such stuff in nature.
Thank you for saying that more clearly.
But then you run into the issue of incredibly trivial impersonation on any email service which doesn’t reserve all variants of registered names
Yes, email as it really exists kinda sucks, but the idea was nice. When it ran over UUCP, LOL.
I know at least one bank that has case-insensitive password in their app 🌚
Life being scary is not news to me
Yeah, no
Sometimes standards are wrong lol
deleted by creator
We’re gonna need a bigger regex
https://pdw.ex-parrot.com/Mail-RFC822-Address.html
TLDs could theoretically have MX records too! Email addresses as specified also support IPv6 addresses! The regex would need to be
.+@.+and at this point it’s probably easier to just send an email.I’m with you, and I agree that is technically correct, but I believe the sheer number of people who might accidentally write “gmail” instead of “gmail.com” compared to people using an IPv6 address (seems like a spam bot) or using a TLD like “admin@com” make requiring the dot worthwhile.
That’s why I have an “allow anyway” button for addresses that look misspelled but are still technically valid.
Edit: believe it or not, that was a typo.