Too hard to validate properly to be worth it. Even if it is technically valid that’s insufficient. It must also work, and the easiest way to test that is to use it and verify that the user got what we sent.
I hope your “validation” does nothing more than show a warning that the user is allowed to ignore.
I have seen too many systems built by people who think they know what’s valid or not before and after the @ sign*, and they are almost always dead wrong. In the worst cases, such systems accept an unusual-looking address and claim to send the expected verification message, but never actually send it. Of course, these systems won’t work for some people, and since none of their online docs or support staff know why, those people will be locked out of using the system and funneled into bottomless pit of misery if they try. Please don’t build broken garbage like this.
*Fun fact: Not so terribly long ago, even the @ sign didn’t have to be present. Some email addresses were bang paths. I’m not sure if any of these are still in use, but it wouldn’t shock me to learn that they are.
I don’t validate emails, I test them.
That’s your email? OK, what did we send it? if we couldn’t send to it or the user can’t read it there’s no reason to accept it.
OK, maybe I do some light validation first, but I don’t trust the email address just because it’s email-address-shaped.
What kind of “light validation”? I’m guessing a
.*@.*regex match.Almost correct. ^.+@.+$
Too hard to validate properly to be worth it. Even if it is technically valid that’s insufficient. It must also work, and the easiest way to test that is to use it and verify that the user got what we sent.
I see you accept lemmy handles.
if i can email them and the user gets it - fine by me
@@@Would pass first validation, but fail when we try to send an email.
Successfully failed.
@matchesHooray, you have better security than Apple, who won’t let me use my own email because some idiot in Australia used it first.
Hooray! You get a gold star.
I hope your “validation” does nothing more than show a warning that the user is allowed to ignore.
I have seen too many systems built by people who think they know what’s valid or not before and after the
@sign*, and they are almost always dead wrong. In the worst cases, such systems accept an unusual-looking address and claim to send the expected verification message, but never actually send it. Of course, these systems won’t work for some people, and since none of their online docs or support staff know why, those people will be locked out of using the system and funneled into bottomless pit of misery if they try. Please don’t build broken garbage like this.*Fun fact: Not so terribly long ago, even the
@sign didn’t have to be present. Some email addresses were bang paths. I’m not sure if any of these are still in use, but it wouldn’t shock me to learn that they are.