
Ask HN: What is the norm for email validation? - taylorcooney
For email validation, what is the norm for mobile apps? Are people making a service call to third-party like Mailgun, or checking on the client side?<p>I&#x27;m trying to come up with the options on the service side and client side, and what options exist in the Rails environment already. I feel like our CTO is more inclined to go with what other tech companies are using on the mobile apps.
======
bskizzle
You can, and should, knock out the really obvious stuff with regex validation
but you're smart to be concerned about one thing that most people miss in this
conversation.

 __ _A confirmation email doesn 't solve the problem if the user mistyped the
address to begin with._ __You 're right, they wait for a confirmation email
that never comes.

Using a third party service like BriteVerify's rest api is the only way to get
an actual verification that the inbox exists.

------
aonoma
Related (was on Hacker News)

"On the Futility of Email Regex Validation"

[https://jackfoxy.github.io/FsRegEx/emailregex.html](https://jackfoxy.github.io/FsRegEx/emailregex.html)

~~~
taylorcooney
Thanks for the read, @aonoma....something good for my commute home.

------
assafmo
Send the user a verification mail.

~~~
taylorcooney
We do that, but I don't want our server sending a verification email to
"taylor@gmail.con", it should fix that on the input field.

~~~
gt565k
.con might be a valid TLD though, there's so many TLDs now.

Just send a verification email...

~~~
taylorcooney
We do...but then people wait for a verification email that will never arrive
(.con vs .com). Ideally, we want to fix this before they register their
account. Looking for server-side (rails), service calls and client-side
options.

~~~
gt565k
I know Mandrill has webhooks that can notify you of events such as bounced
emails.

[https://mandrill.zendesk.com/hc/en-
us/articles/205583217-Int...](https://mandrill.zendesk.com/hc/en-
us/articles/205583217-Introduction-to-Webhooks)

Wouldn't integrating this help solve the issue, as you can possibly check if
you received a bounce for that email shortly after the user attempts to
register, and then notify them on the screen?

------
Bashmaistora
I use JS validation library + Mailcheck.js on the front end. The regex checks
for format and mailcheck validates second and top level domains. Coupled with
a verification mail this is good enough for me.

------
smt88
What about passwordless, email-based login? It's easier than username/password
login, it verifies the email address, and it provides the same level of
security (assuming password can be reset via emailed link).

~~~
taylorcooney
Cool concept, but would require a complete revamp of our sessions
infrastructure....I am looking to slap something on to our codebase to check
email formatting after the '@' symbol.

~~~
19eightyfour
The Firefox browser source code has a list of current TLDs, IIRC. There's over
a thousand. You could use that to at least verify the TLD part.

The following may not work for your use case and I'm no expert in the area,
but it could be possible to write a simple shell script to dig the mx records,
and fail out if there's no such, and if you wanted to go a step further, you
could open SMTP, and fail out if you can't, and if you wanted to go a step
further you could even on the mx maybe even do a direct ping or some other
lookup of the address part in that session, so long as the server is not a
catchall. I feel the total bandwidth outlay would be no more then a small http
roundtrip. Tho you might get a bit of hit on the connection time, or retries,
as my feeling is not all SMTP hosts are speedy. Thanks

------
stephenr
If you're only worried about the domain aspect, and want a super simple
approach just check if you can resolve the hostname.

~~~
taylorcooney
I want to be checking for errors after the '@' symbol, such as @gmial.com or
@gmail.con

~~~
stephenr
Right so as I said, do a hostname lookup: if you get a result (ie not
nxdomain) then it's ok, if not, it isn't registered, is a non existent tld, or
has no records, all of which mean mail will fail.

