Comments on: What is a valid email address? http://www.hm2k.com/posts/what-is-a-valid-email-address The research of an internet entrepreneur and IT consultant Fri, 12 Mar 2010 12:15:54 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Chris http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-197055 Chris Tue, 09 Feb 2010 07:54:36 +0000 http://www.hm2k.com/?p=205#comment-197055 "I believe erratum ID 1003 is slightly wrong. RFC 2821 places a 256 character limit on the forward-path. But a path is defined as Path = "" So the forward-path will contain at least a pair of angle brackets in addition to the Mailbox. This limits the Mailbox (i.e. the email address) to 254 characters." http://www.rfc-editor.org/errata_search.php?rfc=3696 “I believe erratum ID 1003 is slightly wrong. RFC 2821 places a 256 character limit on the forward-path. But a path is defined as

Path = “”

So the forward-path will contain at least a pair of angle brackets in addition to the Mailbox. This limits the Mailbox (i.e. the email address) to 254 characters.”
http://www.rfc-editor.org/errata_search.php?rfc=3696

]]> By: Michael http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-196432 Michael Thu, 04 Feb 2010 20:08:19 +0000 http://www.hm2k.com/?p=205#comment-196432 You say the regex according to RFC 2822 was over 20,000 characters long? It hasn't been optimized very well, then. I've written a regular expression which checks the syntax according to RFC 5322; the one which obsoletes RFC 2822. It allows dot-atom, quoted-string, and obsolete local-parts, domain literals (IPv4, IPv6, and IPv4-mapped IPv6), and (internationalized) domain names. It only lacks comments and folding white spaces; the latter of which I plan to include tomorrow. Plus, it takes into account the length of each part (and the entire address), even recognizing quoted pairs as one character and the quoted string double quotes as semantically invisible. It's 1,056 characters long. Which is quite a lot, but nothing compared to the 20,000 of which you spoke. But to make it easier, I've made a class to allow the user to manipulate the regex at will; allowing him or her to turn off some parts (quoted string, or domain literal, for example). That way, it is useful both for those who want just a simple validator AND for those who want to allow every valid email address (except those containing comments, for the moment). It's found at http://squiloople.com/2009/12/20/email-address-validation/ -- I hope it's helpful. - Michael You say the regex according to RFC 2822 was over 20,000 characters long? It hasn’t been optimized very well, then. I’ve written a regular expression which checks the syntax according to RFC 5322; the one which obsoletes RFC 2822. It allows dot-atom, quoted-string, and obsolete local-parts, domain literals (IPv4, IPv6, and IPv4-mapped IPv6), and (internationalized) domain names. It only lacks comments and folding white spaces; the latter of which I plan to include tomorrow. Plus, it takes into account the length of each part (and the entire address), even recognizing quoted pairs as one character and the quoted string double quotes as semantically invisible.

It’s 1,056 characters long. Which is quite a lot, but nothing compared to the 20,000 of which you spoke. But to make it easier, I’ve made a class to allow the user to manipulate the regex at will; allowing him or her to turn off some parts (quoted string, or domain literal, for example). That way, it is useful both for those who want just a simple validator AND for those who want to allow every valid email address (except those containing comments, for the moment).

It’s found at http://squiloople.com/2009/12/20/email-address-validation/ — I hope it’s helpful.

- Michael

]]> By: hm2k http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-191272 hm2k Wed, 16 Dec 2009 13:12:00 +0000 http://www.hm2k.com/?p=205#comment-191272 I created this website to demonstrate the difficulty of email address validation: http://validemail.org/ I created this website to demonstrate the difficulty of email address validation: http://validemail.org/

]]> By: hm2k http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-191126 hm2k Tue, 15 Dec 2009 10:26:15 +0000 http://www.hm2k.com/?p=205#comment-191126 I have since learned that the HTML_QuickForm has package has been superseded, but is still maintained for bugs and security fixes and it's recommended to use HTML_QuickForm2 instead. However HTML_QuickForm2 does not validate email addresses. I have since learned that the HTML_QuickForm has package has been superseded, but is still maintained for bugs and security fixes and it’s recommended to use HTML_QuickForm2 instead.

However HTML_QuickForm2 does not validate email addresses.

]]> By: hm2k http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-190752 hm2k Fri, 11 Dec 2009 16:23:39 +0000 http://www.hm2k.com/?p=205#comment-190752 According to sources PHP's filter_var() and FILTER_VALIDATE_EMAIL appears to use regex from the HTML_QuickForm PEAR package: http://svn.php.net/viewvc/php/php-src/trunk/ext/filter/logical_filters.c?view=co&content-type=text%2Fplain http://cvs.php.net/viewvc.cgi/pear/HTML_QuickForm/QuickForm/Rule/Email.php?view=co&content-type=text%2Fplain I still think mine provides more accurate validation for REAL email addresses. Function provided here: http://hm2k.googlecode.com/svn/trunk/code/php/functions/validate_email.php According to sources PHP’s filter_var() and FILTER_VALIDATE_EMAIL appears to use regex from the HTML_QuickForm PEAR package:

http://svn.php.net/viewvc/php/php-src/trunk/ext/filter/logical_filters.c?view=co&content-type=text%2Fplain
http://cvs.php.net/viewvc.cgi/pear/HTML_QuickForm/QuickForm/Rule/Email.php?view=co&content-type=text%2Fplain

I still think mine provides more accurate validation for REAL email addresses.

Function provided here: http://hm2k.googlecode.com/svn/trunk/code/php/functions/validate_email.php

]]> By: Kawika http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-187386 Kawika Tue, 17 Nov 2009 16:50:26 +0000 http://www.hm2k.com/?p=205#comment-187386 I like your real-world approach to email address validation. I have never seen an email address with quotes or backslashes in it in the real world, and since most of the email providers I know wouldn't accept those addresses anyway, I think coding for them even if the RFCs technically allow them is unnecessary. They are edge cases that will come up so rarely as to be negligible. Definitely not worth trying to burden your server with a gigantic regexp. Kudos to you for sticking to your guns, and to what is practical! I like your real-world approach to email address validation. I have never seen an email address with quotes or backslashes in it in the real world, and since most of the email providers I know wouldn’t accept those addresses anyway, I think coding for them even if the RFCs technically allow them is unnecessary. They are edge cases that will come up so rarely as to be negligible. Definitely not worth trying to burden your server with a gigantic regexp. Kudos to you for sticking to your guns, and to what is practical!

]]> By: hm2k http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-163359 hm2k Mon, 25 May 2009 16:57:00 +0000 http://www.hm2k.com/?p=205#comment-163359 I'm of the opinion that less conditions == less strict. My point was that things like white space and comments don't need to be handled, not that they are disallowed. A lack of handling means less conditions and thus less strict. Whereas disallowing them would imply conditions, restrictions, thus being strict. I think you misinterpreted the point I was making. I’m of the opinion that less conditions == less strict.

My point was that things like white space and comments don’t need to be handled, not that they are disallowed.

A lack of handling means less conditions and thus less strict.

Whereas disallowing them would imply conditions, restrictions, thus being strict.

I think you misinterpreted the point I was making.

]]> By: flostre http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-163338 flostre Mon, 25 May 2009 15:14:10 +0000 http://www.hm2k.com/?p=205#comment-163338 > Look around, email addresses in the real world aren’t so strict and are far more loosely defined. > * No folding white space (FWS) - I’ve never seen a multi-line email address field for a single address. > * No comments (CFWS) - Comments simply do not belong in an email address, they can go else where. > * No quotes - When was the last time you saw quoted text in an email address? > * No IP addresses, domains only - They are only used in temporary circumstances, not live. > * No new lines - they could result in “email header injection”. > * Reasonable lengths - both parts, and the whole thing needs to be kept to a reasonable maximum length. If you disallow things that are allowed in the RFC that makes your definition more strict, not less. (stricter=fewer things allowed) > Look around, email addresses in the real world aren’t so strict and are far more loosely defined.

> * No folding white space (FWS) – I’ve never seen a multi-line email address field for a single address.
> * No comments (CFWS) – Comments simply do not belong in an email address, they can go else where.
> * No quotes – When was the last time you saw quoted text in an email address?
> * No IP addresses, domains only – They are only used in temporary circumstances, not live.
> * No new lines – they could result in “email header injection”.
> * Reasonable lengths – both parts, and the whole thing needs to be kept to a reasonable maximum length.

If you disallow things that are allowed in the RFC that makes your definition more strict, not less. (stricter=fewer things allowed)

]]> By: PHP Email Validator | Isusx's Programming Corner http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-126653 PHP Email Validator | Isusx's Programming Corner Wed, 10 Dec 2008 17:00:03 +0000 http://www.hm2k.com/?p=205#comment-126653 [...] Links About Email Address PHP What is a Valid Email Address? PHP:Checkdnsrr function manual Share and [...] [...] Links About Email Address PHP What is a Valid Email Address? PHP:Checkdnsrr function manual Share and [...]

]]> By: hm2k http://www.hm2k.com/posts/what-is-a-valid-email-address/comment-page-1#comment-105976 hm2k Thu, 02 Oct 2008 12:06:50 +0000 http://www.hm2k.com/?p=205#comment-105976 Yes, there's testing a regex, then there's testing it against real life. The reality is that ’.’ IS allowed just before '@'; You will find that using quotes in an email address will simply be rejected by the mail server; As for the double dot in the domain, that's a separate issue that shouldn't really be handled by this regex. I use mailinator.com and my own setup to do test cases. This tells me if the email address is valid or not as the RFC specification is not reliable enough. Domain names can be checked using validation, you only need a basic check. Look at the length of the regex i've provided, and the regex provided by regular-expressions.info, the length is ridiculous for such a simple task. Remember, regex along CANNOT define a valid email address, there is no "ultimate" regex, you need to use other systems for validation. Hope this helps. Yes, there’s testing a regex, then there’s testing it against real life.

The reality is that ’.’ IS allowed just before ‘@’;
You will find that using quotes in an email address will simply be rejected by the mail server;
As for the double dot in the domain, that’s a separate issue that shouldn’t really be handled by this regex.

I use mailinator.com and my own setup to do test cases. This tells me if the email address is valid or not as the RFC specification is not reliable enough.

Domain names can be checked using validation, you only need a basic check.

Look at the length of the regex i’ve provided, and the regex provided by regular-expressions.info, the length is ridiculous for such a simple task.

Remember, regex along CANNOT define a valid email address, there is no “ultimate” regex, you need to use other systems for validation.

Hope this helps.

]]>