Not to beat this off-topic horse too much, but your example actually
proves my point :)
The address "jsmith+foo@gmail.com" is not "perhaps" valid, it _is_
valid. That's the reason why Gmail will deliver it. The address "jsmith©foo@gmail.com
" is _not_ valid. Even if Gmail will deliver it (which I doubt), and
if your own outmail server will transport it (which I doubt as well -
unless your use some obscure proprietary software), you should by all
means prevent any such message to _ever_ leave your system.
This is more important than most people think: Because any mail server
that will transport a mesage with an invaalid address is leaving the
clearly defined realm of internet standards, and is starting to
"interpret" the rules on its own. One server might decide that
"©" (copyright sign) is equal to a capital letter C; the other might
decide to "fix" this address by replacing it with the word
"copyright"; and before you know it, your message appears in the inbox
of some unsuspecting indivdual who named his Gmail account
"jsmithcopyrightfoo".
I disagree with your statement that "email address validation isn't a
simple thing". It's not that complicated and can be done by roughly a
dozen lines of RB code. It might not be easily (or at all) possible to
solve this by pure RegEx, but that's another story.
Anybody who creates an app that deals with internet email should be
familiar with RFC5322 and follow it to the point.
Cheers,
Frank+++
Am 26.02.2009 um 16:17 schrieb Adam Shirey:
On Thu, Feb 26, 2009 at 8:57 AM, Frank Bitterlich
<bitterlich2@gsco.de> wrote:
Validation might even be necessary to prevent other kinds of
tomfoolery like
spoofing a sender name; it would be wise to strip any comments, for
example,
because if a user enters
"George Bush" <somedude@gmail.com>
into a field, the effects might no be desired :)
All good points you brought up, Frank.
With this last one in particular I should have been more clear. Often,
the nature of "validation" depends upon what you're doing with the
datum. "John Smith" <jsmith@example.com> isn't a 'valid' email
address, but it's generally considered good input to an email
application. Similarly, jsmith+foo@gmail.com may or may not be valid
according to the RFCs but also works.
Unfortunately, email address validation isn't a simple thing, and if
you try to stick exactly to the RFCs or to some very complex and
impossible-to-read regex, it's quite possible that you're going to
miss email addresses that are perfectly usable if not 'valid'; ie,
perhaps jsmith+foo@gmail.com isn't 'valid' according to RFCs, but it
is 'valid' according to most people's understanding of email -- that
it will be delivered if the account exists. That gets away from
validation, however, and into verification, which is another topic
altogether.
--
Günter Schmidt GmbH
Frank Bitterlich eMail: bitterlich@gsco.de
Ben-Gurion-Ring 21 WWW: http://www.gsco.de/
D-60437 Frankfurt Tel.: 069 / 156809-29
GERMANY Fax: 069 / 156809-28
Geschäftsführer: Jürgen Hartwich
AG Frankfurt am Main, HRB 76504 - USt.-ID: DE235219624
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives:
<http://support.realsoftware.com/listarchives/lists.html>
|