

Email Validation Rules - nvr219
http://rumkin.com/software/email/rules.php

======
bkanber
I feel like people really overthink email validation. I just look for an "@"
and a ".". If you really need proof that an email address is valid, send an
activation email. Otherwise, who cares if a few emails in your database are
invalid?

Additionally, lots of 3rd party mail systems have some mechanism to notify you
of bounced emails, so you'll figure out which are invalid at your first
attempt anyway.

~~~
Sephr
Requiring a dot breaks your form for people using bare TLD email or people
using an IPv6 address instead of a domain.

~~~
cytzol
There's a sufficient mass of people with dots in their e-mail addresses that
it's worth checking for an at and a dot, even if you don't _require_ it - just
to check that they haven't typed a comma or something instead.

------
ruricolist
The HTML5 standard prescribes a regex for implementers to validate email
addresses on the client side:

    
    
      /^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/
    

So if you're going to use <input type=email>, you might as well use the same
check on the server side.

------
k33l0r
I found this talk by Ricardo Signes on email parsing to be an excellent primer
into why email addresses (and emails in general) are terrible to parse:
[http://youtu.be/JENdgiAPD6c](http://youtu.be/JENdgiAPD6c)

~~~
old-gregg
Yep. I'd like to add that some ESPs have their own additional restrictions on
mailbox names, plus it's usually helpful to verify the existence of the domain
part (DNS) because people make mistakes all the time.

We (Mailgun) have a free service which does all of these things:
[http://blog.mailgun.com/post/free-email-validation-api-
for-w...](http://blog.mailgun.com/post/free-email-validation-api-for-web-
forms/)

~~~
Sami_Lehtinen
It's also trival to contact recipient STMP server and check if it accepts rcpt
to.

------
thrownaway2424
The practical way to validate an email address is:

1: Does the domain part have either an MX or A record? 2: Does the address in
that record accept mail? 3: Does the server that accepts mail at that address
respond favorably to the local part as a RCPT TO argument?

If yes, it's a valid email address.

In particular this article is wrong that emails are always 7-bit. With
SMTPUTF8 you can put whatever you want in there.

~~~
jwmerrill
Would you mind expanding on how to implement these steps, or do you know a
good reference?

~~~
jwmerrill
Here's a gist showing the basic steps, using the unix utilities host and
netcat:
[https://gist.github.com/jwmerrill/6502014](https://gist.github.com/jwmerrill/6502014)

------
huhtenberg
That was "Email validation for pedants".

Practically speaking, the following regex -

    
    
      /^[_\.0-9a-z-\+#]+@([0-9a-z][0-9a-z-]*\.)+[a-z]{2,6}$/i
    

coupled with a DNS check for domain name is yet to generate a single false
negative in years that we've been using it across multiple projects.

(edit) Do read through the thread below before getting all downvote happy.

~~~
nwh
Sorry, just broke your regex.

    
    
        hello@visit.melbourne.
    

Yes, that's a valid TLD now.

~~~
huhtenberg
No, it's not - [http://en.wikipedia.org/wiki/List_of_Internet_top-
level_doma...](http://en.wikipedia.org/wiki/List_of_Internet_top-
level_domains)

If you are referring to {2,6}, then it's easy to adjust once longer domains
are put to actual use. If you are referring to the trailing dot, then that's
exactly what I was saying - _practically_ , email formats that are used by
real people is a much simpler subset of what's permitted by the spec.

~~~
temac
Why do you want so much to limit to 6, especially since you also do a DNS
validation?

You should better lean on the permissive side; that would be one less thing to
think about.

That kind of "validation" does not check for existing email addresses anyway,
so there is not much value in trying to be strict in this area.

~~~
huhtenberg
Yeah, I agree in principle, but it's at 6 simply because it works fine as is.
Given new developments it might make sense to bump it up and/or add support
for punycode, and we'll do it once it's actually needed.

~~~
kijeda
What is the threshold where supporting a domain becomes important? It seems
awfully arbitrary to say it "works fine as is" when it is disenfranchising
millions of registered domains as it stands.

------
cbsmith
It's funny that that is the easiest thing the author can do to summarize the
rules.

I'd think a grammar
([http://www.ietf.org/rfc/rfc2822.txt](http://www.ietf.org/rfc/rfc2822.txt))
would work just great.

------
Sami_Lehtinen
There's no mention of minumum email length length, but I have noticed that
some services do not accept email addresses like m(@)dy.fi or m(@)x.com etc.
They claim that address is too short. Strip parenthesis from addresses.

~~~
elchief
Minimum should be 6: a@x.ca

Max is 254: [http://stackoverflow.com/questions/386294/what-is-the-
maximu...](http://stackoverflow.com/questions/386294/what-is-the-maximum-
length-of-a-valid-email-address)

~~~
mfwoods
Strictly speaking, the minimum should be 4, because TLDs could accept email
too (resulting in a@ca).

~~~
elchief
Fair enough. Does this exist in the wild though? Thx

------
lucidrains
does it really matter? there are sites that store your password in plain text
and they manage to become big hits. there are sites that completely ignore
current css design rules, and they do fine as well. why are you arguing over a
problem that is basically 99% solved?

