

How faulty checking for valid email addresses can hurt you - hynek
http://blog.ox.cx/2009/05/13/how-faulty-checking-for-valid-email-addresses-can-hurt-you/

======
jnorthrop
I gave up validating an email address a long time ago. Now all I will do is
sanitize it to be safe from malicious attempts. The tipping point for me was
trying to decipher an unreasonably long regular expression written months
prior to find out why someone's funky address (like the author's) was failing
-- wasted time.

You can try, but you can't prevent people from doing dumb things, and in the
attempt you end up potentially making mistakes like in the case of the
article. Users will always do something unanticipated. With that in mind I
only validate the things that really matter (e.g. credit card numbers, social
security numbers, etc.). If someone wants to enter "jane at aol" as their
address, I have to think, "is this going to a problem for my company?" If not,
don't bother to try to fix it.

------
qeorge
We check for an MX record associated with the domain, and leave it at that.
I'd rather deal with spam than lose a customer.

~~~
there
a domain without MX records is valid. if a domain/host doesn't have an MX
record, MTAs are supposed to try delivering to the domain/host itself.

~~~
qeorge
Thanks for the tip, I didn't know that. We should change to checking for valid
DNS entries then.

------
bdfh42
My current policy on validating email addresses is to issue a warning if a
given email address fails a check against a standard that covers the vast
majority of addresses in use. Validating against the whole range of possible
address content is near pointless. The warning simply asks the user to check
their email in case of errors but allows a page submission following the
display of that warning.

~~~
cperciva
_My current policy on validating email addresses is to issue a warning if a
given email address fails a check against a standard that covers the vast
majority of addresses in use._

My policy on validating email addresses is "if I send you an email and it
arrives, your email address is valid".

Why do you need to "validate" an email address? Knowing that an address is
syntactically valid doesn't do anything to confirm that it will reach the
intended target.

~~~
bdfh42
You are correct - but - at your initial point of contact you have (perhaps) a
single opportunity to make contact with your prospective customer. You should
do all you can (without boring or annoying your prospect) to capture enough
accurate information to ensure that the next step succeeds.

I agree - long term relationships are built on (in the context of this
conversation) an exchange of emails but why blow it at the first hurdle?

------
mtpark
There's no way to get around invalid email addresses. Anybody can put in
something like asdhsouhdosd@ahsoufhsdof.com and it would pass most regex
checks. I think the best solution is to just check for an "@" sign and a "."
after it.

~~~
eli
Yup, I deal with a lot of email data at work and this is pretty much what I
do. People try to get way too clever with their validation (I pity anyone
stuck with an email at a .museum TLD), and the spambots will just put real-
looking fake ones anyway.

------
timcederman
The plus address issue is very very frustrating. The worst is when you try to
unsubscribe from somewhere, and they don't URL-encode your email address in
the unsubscribe URL. If you don't know the change the "+" to a "%2B", you're
stuck.

------
JimmyL
While I'm not as unlucky as a .museum user, I use a .me address as my main
public contact address, and you'd be surprised at the number of well-designed
sites that don't think it's a valid email.

