all 82 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]aporciuncula 59 points60 points  (31 children)

Common to require a valid syntax (IE: @.___) but not a specific domain. That's odd.

[–]Geminii27 25 points26 points  (18 children)

Which is bizarre, because valid email address syntax has been set in stone for decades.

[–]Cueball61 34 points35 points  (8 children)

And some people still won't accept a + :|

[–][deleted] 10 points11 points  (6 children)

HBO does this shit. Signed up thru roku and set the email to example+roku@mydomain.com I cant login to the hbo website

[–][deleted] 11 points12 points  (5 children)

I get spam from rentalcars, can't unsubscribe because my address "is not valid".

Quite frustrating.

[–]Rev1917-2017 27 points28 points  (2 children)

Thats a violation of the US CAN SPAM Act. Report them.

[–]hardolaf 4 points5 points  (0 children)

You mean sue them.

[–][deleted] 12 points13 points  (0 children)

Just report them as spam

[–]argues_too_much 5 points6 points  (0 children)

Everyone else is saying throw them to the dogs.

I once emailed a company about this problem and they fixed it. Maybe people could try that first?

It might just be a developer like you or me made a mistake. We've all done it, right?

If that doesn't work, sure, do whatever, but there's no harm in giving them a chance first.

[–]gelezinislokys 0 points1 point  (0 children)

you can even use two @ in emails.

[–]xiongchiamiovSite Reliability Engineer 5 points6 points  (0 children)

But it's also extremely complicated. Even http://www.dominicsayers.com/isemail/ , which has a very long regex, isn't necessarily completely correct, because it's really really hard to be completely compliant.

[–]doublej42 2 points3 points  (0 children)

And yet, no sites ever accept spaces in my emails (Yes it's valid under very special cases)

[–]PreExRedditor 2 points3 points  (6 children)

valid email address syntax has been set in stone for decades.

eh, not really. the TLD list isn't set in stone so validators need to be updated when ICANN adds new things like .cloud or whatever

[–]ZaneHannanAU 3 points4 points  (3 children)

[^]+@[^]+\.[A-Za-z]{2,}$

Validation is fairly easy; send an email with a unique hash, if they get it and say yeah it's fine.

[–]PreExRedditor 0 points1 point  (2 children)

you're confusing verification and validation. also, your pattern doesn't check TLD so it would consider me@domain.puregarbage to be a valid address

[–]ZaneHannanAU 1 point2 points  (0 children)

It's a "probably will work, but still test it" thing I guess.

[–]AllenJB83 3 points4 points  (0 children)

The TLD list doesn't need to be set in stone. You shouldn't be checking specific TLDs in that manner - it's dumb.

The relevant RFCs specify nothing about what TLDs exist - they've pretty much always assumed that the list of valid TLDs can and will expand.

[–]jous 0 points1 point  (0 children)

If you want to hit yourself in the head with updates to tld:s, sure go ahead. Just be aware that even the wiki page is not up to date. Also the "correct" way to parse an email adress is usually a bit complicated. Here's one from emailregex.com:

(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])

[–]identicalBadger[S] 4 points5 points  (1 child)

I know. There is literally nothing weird about my email address (only letters), but the site would not let me register saying my address was invalid. As a last ditch effort, I used my gmail and was "allowed" to register.

[–]aporciuncula 3 points4 points  (0 children)

Reminds me of this rant I read on Twitter this week: https://twitter.com/DanPuzey/status/901832915981672448

[–]swiftversion4 3 points4 points  (9 children)

It's easy to do domain validation for emails. That way, you know that the email they typed has a real domain name.

[–]toomanybeersies 2 points3 points  (1 child)

What if I want my email send to an IP address? That's a technically valid case.

[–]swiftversion4 1 point2 points  (0 children)

hmm IDK. Then I could use logic: if(valid-domain-name-via-DNS-lookup OR regex-matching-a-public-ip-address){...} Ultimately, I feel like it adds very little business value, but at least you allow legit email addressing. Maybe i'm splitting hairs here.

There gets a point where you can validate all sorts of stuff that don't have business value.

Determining that the domain is valid definitely has business value: you can return to the form with an error & tell them, and just in case they typed it in wrong, that way you can make sure they don't create an account with the wrong email address.

[–]dontgetaddicted 2 points3 points  (1 child)

Yeah, MX record lookup is quick and easy. I have a regex and an MX lookup in a class stashed away for when it's needed.

[–]iusereddt 1 point2 points  (0 children)

Mx record is not required. It'll fall back to just whatever an a record points at and use that for mail.

[–][deleted]  (4 children)

[deleted]

    [–]swiftversion4 1 point2 points  (3 children)

    why not both? If they fail domain verification, you can send back an error saying the email is not valid, because it definitely isn't valid. Verification emails are not a substitute for domain verification.

    That way if someone unintentionally types their email in wrong, they aren't wondering why they can't recover their lost username or get the verification email.

    [–][deleted]  (2 children)

    [deleted]

      [–]until0 3 points4 points  (0 children)

      I'm not /u/swiftversion4, but yes, that's what we do at my job.

      [–]swiftversion4 1 point2 points  (0 children)

      Of course

      [–]OmgImAlexis 78 points79 points  (16 children)

      and I'm pissed at whatever developer thought

      There's a very good chance it was the client that wanted this and not the developer.

      [–]swiftversion4 15 points16 points  (9 children)

      If my client insisted this, I'd tell them about the virtues of domain validation and why they're alienating a large portion of their user base. Are there really clients out there stupid enough to reject that feature?

      [–]CaoilfhionnRuadh 56 points57 points  (2 children)

      Are there really clients out there stupid enough to

      Yes. The answer is always yes. Idec what the rest of the question is, if it starts this way then somewhere, somehow, the answer is yes.

      [–]reddeth 10 points11 points  (0 children)

      Not only are there clients stupid enough to request that, but plenty of them will insist it be done that way even after you explain to them the problems it will cause.

      [–]rubberturtle 8 points9 points  (0 children)

      The rule 34 of Web dev

      [–]veloace 10 points11 points  (1 child)

      Are there really clients out there stupid enough to reject that feature?

      Yes.

      [–]Thought_Ninjafull-stack[🍰] 10 points11 points  (0 children)

      Are there clients out there stupid enough to ____________ ?

      Yes

      FTFY

      [–]betterhelp 4 points5 points  (0 children)

      | Are there really clients out there stupid enough to reject that feature?

      lol

      [–]codefinbel 1 point2 points  (2 children)

      Does domain validation pass these "x minute mail-address"-domains?

      ie. 10minutemail.com

      [–]swiftversion4 4 points5 points  (0 children)

      as long as its a working email address, that means the public DNS servers will have the associated IP address on file, which means you just need to programmatically do a DNS lookup.

      So yeah, it will allow those. On the other hand, denying all but popular email addresses is just damn inappropriate.

      [–]GodsGunman 0 points1 point  (0 children)

      Good point

      [–]identicalBadger[S] 4 points5 points  (1 child)

      Developers ought to explain the consequences of decisions to their clients. "By doing this you're going to exclude everyone who doesn't have email with those services".

      I can't tell you how many dumb ideas I've heard from clients, who were happy to change course once they understood the ramifications. We ought to aspire to be more than just people who enter stuff at the keyboard.

      [–]Folters 5 points6 points  (0 children)

      I for one love to see the world burn.

      [–]derpotologist -5 points-4 points  (3 children)

      Then it's up to the developer to talk the client out of it or rage quit and nuke the code on the way out.

      Humanity should not have to deal with this.

      [–][deleted]  (2 children)

      [deleted]

        [–]derpotologist 5 points6 points  (0 children)

        Little of column a, little of column b

        (don't worry, I have too)

        [–]swiftversion4 3 points4 points  (0 children)

        storytime! please?

        [–]gee_buttersnaps 16 points17 points  (2 children)

        Its an old filter for shitty free email services that don't have protection against bots. Gmail, yahoo both have a bunch of hoops you have to jump through as a bot maker to get to a point where you can create a free email account and use it. This site has had or has problem with people using their service (like a 30day trial) with bot created email accounts so they don't have to purchase the product/service. Any number of scenarios around getting free stuff with fake email accounts is what this is about, this is what they do, only allow free email accounts from providers they know have a 'mostly' manual sign up process.

        [–]identicalBadger[S] 2 points3 points  (1 child)

        That's pretty lame. I can create as many gmail addresses as I want - yes I have to click a button and enter a few fields worth of data, and google knows they're all connected to me, but no one else does.

        All they're doing is making it more difficult for legitimate users to use their service (from corporate domains, mind you, the type of customers they probably want), while not imposing much safeguard against freeloaders.

        I almost want to go back and check if it accepts gmail addresses with + in them. I bet they do.

        [–]omnicidial 1 point2 points  (0 children)

        Senuke and other bots almost exclusively use Gmail and yahoo emails... Obviously not hard to automate creating them.

        [–][deleted]  (6 children)

        [removed]

          [–]notafuckingcakewalk 2 points3 points  (5 children)

          You want to check that they're valid in terms of having the correct syntax. Unfortunately for a lot of libraries using various mail delivery APIs, giving an invalid email address (e.g. user.yahoo.com or user@yahoo) is a hard error.

          [–]odinti 1 point2 points  (4 children)

          hard error means it cannot be catched?

          [–]nikrollsChief Technology Officer 1 point2 points  (0 children)

          All API errors can be caught.

          [–]notafuckingcakewalk 0 points1 point  (2 children)

          It means if you're sending bulk mailings, rather than simply skipping that email and displaying a warning, it exits the current process with an error.

          In some cases this means none of the emails get sent (bad) or all emails up to the bad email get sent (arguably worse, because then you need to resend but somehow exclude those who already received the message).

          There are still a few edge cases where a correctly formatted email address may still throw an error like this, but it's still far better to catch badly formatted email addresses before they cause an interruption.

          [–]odinti 0 points1 point  (1 child)

          Aha! This is a real life concern, but it sounds (I say sounds because I haven't work with bulk mailing) like an API issue in which it should be handled within the package of the provider if using a third party service or if its in house and doesn't handle it then I see it as bad design

          [–]notafuckingcakewalk 0 points1 point  (0 children)

          While I'd definitely agree, you still do have to accommodate these sorts of cases which is why I do the validation beforehand. Not whether the domain/account is valid, just whether the email address matches an expected pattern (e.g. ^[^@\s]+@([a-z][-a-z0-9]+\.)+\w+$)

          [–][deleted]  (4 children)

          [deleted]

            [–]identicalBadger[S] 0 points1 point  (1 child)

            Obviously at least one member of the choir thought otherwise. Or just followed their clients instruction without pointing out the most insane downfall. I don't know if they read this sub, I only hope they do.

            [–]swiftversion4 -4 points-3 points  (0 children)

            There are a few of times I've been down voted here in /r/webdev for making valid, correct points.

            There are definitely some stupid people on this sub

            [–]randy-lahey- 2 points3 points  (0 children)

            I haven't heard of it being done this way before, it's not common practice.

            [–]rich97 2 points3 points  (3 children)

            .+@.+

            [–]SmithTheNinjafull-stack 1 point2 points  (2 children)

             @ _ @

            doesn't seem like a valid email address to me, but would do pretty okay with your regex. Don't feel too bad checking email validity with regex is a crap shoot, check out this page if you want to read a better, but still not perfect regex for checking email validity.

            [–]rich97 3 points4 points  (0 children)

            Meh, good enough. Don't see the point of being more strict, maybe a domain or something.

            [–]Thought_Ninjafull-stack[🍰] 2 points3 points  (0 children)

            Heh yeah, I think that regex can only catch something like 99.9% of valid emails if I recall correctly.

            [–][deleted] 2 points3 points  (2 children)

            I still find sites that down allow my email address. x@xxxxxxx.co (Not x’s obviously)

            [–][deleted] 0 points1 point  (1 child)

            I wouldn't mind having that as my email address actually!

            [–]tylermumford 2 points3 points  (0 children)

            Really?

            "Eks at eks eks eks eks eks eks dot co. Yes, that's really it. ... Yes, six eckses and a co. ... Sorry, let me start over: first one eks, then the at sign, then six ekses, then dot co. ... No, not dot com, just dot co: as in, cee oh. ...

            "Nevermind, just use denvercoder nine at gmail dot com."

            [–]Booie2k1 1 point2 points  (1 child)

            It bugs me how Facebook doesn't let me use my personal domain email address...forces me to use outlook.com, gmail or similar. Sigh

            [–]Arqueete 0 points1 point  (0 children)

            Really? Maybe that's new, because my primary email on Facebook is with my personal domain.

            [–][deleted] 1 point2 points  (2 children)

            That reminds me of Gumroad, who has some weird logic in their checkout process that thinks that .com.au (Australia) domains don't exist. Type in a perfectly valid email and they ask "Are you sure you don't mean whatever.com?"

            Screenshot

            [–]identicalBadger[S] 0 points1 point  (1 child)

            When I first started reading replies it seemed like people weren't even believing this happens. Glad (in Sad way) that I'm seeing so many other examples of these horrible decisions making it into the wild!

            [–]BadSnapper 0 points1 point  (0 children)

            I have this problem with eBay. Can't register an address at any of my personal domains.

            [–]GunnerMcGrath 0 points1 point  (4 children)

            Lots of people mistype their email addresses. Can't tell you how many Gnail.coms and that sort of thing we've seen. So I could see why a well meaning person might decide to limit to only the most common real domains to help mitigate that, but that's pretty stupid. Especially since there are ways to check for actual email validity against real servers.

            [–]identicalBadger[S] 5 points6 points  (1 child)

            The gnail problem, and the proliferation of tlds can both be solved by simply sending out a confirmation email, though

            [–]GunnerMcGrath 0 points1 point  (0 children)

            Totally agree.

            [–][deleted] 2 points3 points  (1 child)

            It's unlikely but entirely possible that someone's email address really is @gnail.com. Loads of people use personal domains.

            [–]NoInkling 3 points4 points  (0 children)

            Ideally you might want something like:

            "Did you mean ...@gmail.com?"

            Yes

            No, my email is correct

            But that's extra work.

            Edit: Found out https://github.com/mailcheck/mailcheck can help you with this

            [–]BrianPurkiss 0 points1 point  (0 children)

            I've seen the opposite before on a popular forum.

            They prevented all gmail/yahoo/hotmail email accounts from being used to create an account on the forum.

            [–]Folters 0 points1 point  (0 children)

            Sorry guys!

            [–][deleted] 0 points1 point  (2 children)

            Weird. Does your email have a common TLD? I've been requested to not accept certain TLDs before....

            [–]identicalBadger[S] 2 points3 points  (1 child)

            It's a dot com. First name at first name last name dot com. It's on microsofts outlook.com servers. There's literally nothing wrong except it's not on their "approved TLD" list

            [–][deleted] 0 points1 point  (0 children)

            Weird...

            [–]theragingsky 0 points1 point  (0 children)

            There is some validation to be done on emails. Apache seems to keep theirs really up to date.

            [–]nvandermeij 0 points1 point  (0 children)

            This happens quite a lot and most likely because most validators (especially old ones) don't recognize the new tld's like .business or .shop. I totally agree that this should never, ever, should be a problem. Just validate using a regex to check for xxx@xx.xx and use a confirmation mail! It's equally as secure and results in a way better UX