[Email-SIG] Email Address Validator
Matthew Dixon Cowles
matt at mondoinfo.com
Wed Oct 20 22:19:25 CEST 2004
Dear Stuart,
> I'm not sure I entirely agree. Whilst many odd strings of
> characters might be valid email addresses, I wouldn't want to let
> them get into my systems as if you see them in the real world they
> are certainly erroneous, malicious or test data. When I want an
> email address, I want something much more limited (foo at bar.com), in
> some cases allowing brackets to encode the name in there as well.
> Its like bang notation - plenty of systems will refuse to deal with
> it now because of its use in relaying spam, but it was still
> technically legal last time I looked.
It's perfectly reasonable for you to limit the email addresses that
you want your software to accept. But the original poster was posting
from an organization that's writing an email client and subsequent
discussion has been about something that might end up in Python's
standard library. In those cases, I suspect that it would be bad to
disallow any legal addresses.
> It would be possible to validate the domain using DNS, or at least
> confirm the TLD is valid, if the tool is for Internet addresses
> rather than something only meaningful to the local network
> (foo at mail.intranet, bar at localhost).
The problem with doing that is that DNS would have to be available
and functioning correctly before an address would be accepted. If my
laptop and I were in a coffee-shop or a conference room without
802.11x service, I'd be annoyed if I couldn't enter an email address
into my addressbook.
> Mmm... a few checks to catch typos or obviously illegal addresses
> (to catch people attempting to fit their postal address into an
> email address form field for example),
Something like that could well be useful, but I generally think that
messy heuristics (which I routinely write) more properly belong in
examples and user code than in the standard library.
> but I've never worried about proper domain validation and all the
> 'icky MX record checking that is involved (which seems rather
> pointless anyway since the address might suddenly become valid
> again in 5 minutes time when some router that was just rebooted
> comes back online).
I agree. I'm a sysadmin when I have another hat on and I know too
well that connectivity can fail at just the wrong moment.
Regards,
Matt
More information about the Email-SIG
mailing list