Dominic Sayers website - Latest Comments in Dominic Sayers - RFC-compliant email address validator

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Thu, 24 Feb 2011 13:48:30 -0000

I didn't think the older version allowed IPv6 addresses. Must be mistaken.

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Thu, 24 Feb 2011 04:08:59 -0000

My hosting provider, JustHost, claims to be running PHP 5.2.16

What makes you think it's the 5.3.3+ filter_var()?

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Thu, 24 Feb 2011 02:01:47 -0000

Hi Dominic, just thought I'd mention that PHP's native filter_var() function from 5.2.0 - 5.3.2 is different the the function from 5.3.3 onwards. I believe you're using the 5.3.3+ version (not 5.2.0 as labelled above)?

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Tue, 22 Feb 2011 13:56:57 -0000

You must have been using the simple expression I offered at the end of the article for those who just want to allow standard dot-atom@domain-name addresses.

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Tue, 22 Feb 2011 13:21:58 -0000

Hi Michael,

I grabbed some code off squiloople.com today. I'll have a closer look at what I'm using as soon as I can. I'm just doing an RFC 5321 validation here.

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Tue, 22 Feb 2011 13:19:03 -0000

Or, sorry, if you're not allowing obsolete local-parts, isValid5321:

function isValid5321($emailAddress)
{
return preg_match('/^(?>([!#-\'*+\/-9=?^-~-]+)(?>\.(?1))*|"(?>[ !#-\[\]-~]|\\\[ -~])*")@(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>\.(?2)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?3)){7}|(?!(?:.*[a-f0-9][:\]]){8,})((?3)(?>:(?3)){0,6})?::(?4)?))|(?>(?>IPv6:(?>(?3)(?>:(?3)){5}:|(?!(?:.*[a-f0-9]:){6,})(?5)?::(?>((?3)(?>:(?3)){0,4}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?6)){3}))\])$/iD', $emailAddress);
}

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Tue, 22 Feb 2011 13:11:44 -0000

Hi Dominic. Just wondering why my function is returning false in your tests. I've done my own and it passes them (except the "address too long" failures which I expect). Are you using isValid5322?

function isValid5322($emailAddress)
{
return preg_match('/^((?>(?>(?>((?>[ ]+(?>\x0D\x0A[ ]+)*)?)($(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)$))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){8,})((?6)(?>:(?6)){0,6})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){6,})(?8)?::(?>((?6)(?>:(?6)){0,4}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD', $emailAddress);
}

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Tue, 22 Feb 2011 08:19:29 -0000

Version 3.0 released today, 22nd February 2011. All feedback gratefully received.

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Tue, 22 Feb 2011 08:18:57 -0000

I've released version 3.0, which deals with this correctly: http://www.dominicsayers.co...

Re: Dominic Sayers - RFC-compliant email address validator

Greg — Tue, 15 Feb 2011 00:52:32 -0000

The validator catches utf-8 characters ( "русский"@example.com ), but says stuff like the following as valid (with a quoted-string warning):

"abçd èfg"@example.com

"█"@example.com

Are you sure extended ASCII characters are valid inside quoted strings?

see: http://msdn.microsoft.com/e...

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Tue, 14 Sep 2010 03:48:23 -0000

Yes, that's a bit hard to reconcile with the EBNF that says the local part can end in CFWS and the domain can begin with CFWS.

I think we have to go with the EBNF since the meaning of the text is unclear. One of my design goals is to avoid false positives (i.e. rejecting addresses that are in fact valid).

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Fri, 10 Sep 2010 18:48:55 -0000

I'm a little confused over this passage in RFC 5322:

'Comments and folding white space SHOULD NOT be used around the "@" in the addr-spec.'

Presumably this disallows pete(his account)@silly.test(his host), and yet this is given in the RFC as a valid address (and the form allowed by your validator). Are you able to clarify?

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Fri, 10 Sep 2010 07:53:07 -0000

Revision 2.2 uploaded with revised tests (much work contributed by Daniel Marschall)

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Sat, 14 Aug 2010 05:50:01 -0000

filter_var() uses my regex to validate emails? I didn't know. I'm surprised (and proud).

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Fri, 13 Aug 2010 09:16:22 -0000

Turns out filter_var() uses a regex. It doesn't understand comments and FWS. Here's the notes from the PHP source code:

* The regex below is based on a regex by Michael Rushton.
503 * However, it is not identical. I changed it to only consider routeable
504 * addresses as valid. Michael's regex considers a@b a valid address
505 * which conflicts with section 2.3.5 of RFC 5321 which states that:
506 *
507 * Only resolvable, fully-qualified domain names (FQDNs) are permitted
508 * when domain names are used in SMTP. In other words, names that can
509 * be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
510 * in Section 5) are permitted, as are CNAME RRs whose targets can be
511 * resolved, in turn, to MX or address RRs. Local nicknames or
512 * unqualified names MUST NOT be used.
513 *
514 * This regex does not handle comments and folding whitespace. While
515 * this is technically valid in an email address, these parts aren't
516 * actually part of the address itself.
517 *
518 * Michael's regex carries this copyright:
519 *
520 * Copyright © Michael Rushton 2009-10
521 * http://squiloople.com/

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Fri, 13 Aug 2010 09:12:46 -0000

This is new from PHP 5.2 isn't it?

I'll add it to my tests when I get chance. Thanks for pointing it out.

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Fri, 13 Aug 2010 09:08:50 -0000

Hi Daniel,

Are you sure you're including the NUL (char(0)) character in what you're testing? It's hard to include this in the XML document. The point of the test is to ensure that a NUL character invalidates the address even if it is escaped.

Re: Dominic Sayers - RFC-compliant email address validator

Mike — Mon, 02 Aug 2010 21:21:19 -0000

I would be interested to know how the built-in filter_var() function does.

Re: Dominic Sayers - RFC-compliant email address validator

Trevor — Sun, 18 Jul 2010 16:52:27 -0000

NOYB,

While attempting to verify claims of 100% correctness in any pursuit is to be commended, your repeated combative posts here in contrast with Dominic's politeness in response not only makes you look like a jerk, but given the sterile technical nature of the topic it also calls into question your acumen. How you present information affects how it is received, and I'm sure I'm not the only reader suspicious of the value and intention of your contributions here. You might consider adopting a more respectful tone in kind with Dominic, and thanking him for his patience with your attitude. That said, continue to criticize his work, as your technical objections have helped Dominic, in his notable patience, to improve it notwithstanding your rudeness.

Re: Dominic Sayers - RFC-compliant email address validator

Ard+dominicsayers — Wed, 23 Jun 2010 12:20:49 -0000

Heh
I used to have a lot of <myname>+sitename@mydomain.com addresses. And they used to work. It makes it easy to filter out and process mail faster.
So now I have a bunch of accounts with a + in my e-mail address, and they won't allow me to log in anymore because they decided that it's an invalid e-mail address...
Really... I whish more people just use your script and stop trying to re-invent a BROKEN wheel.
Of course, after this validation, validity of the e-mail domain (check domain and such) is also important.

Re: Dominic Sayers - RFC-compliant email address validator

Daniel Marschall — Sun, 13 Jun 2010 20:36:11 -0000

Mh, I assume that these results are not dynamically generated... On my test with the newest version, your solution failed at test #227 and Henderson's solution failed at tests #21, #164 and #227. Both #227 test are not red in this table, so I think these tests are older. Since your page is PHP-generated, wouldn't it be great if you are performing these tests on-demand?

Maybe it would be also useful if you put the testcase-number in front of the mailaddress, so the users do not need to search them with the mouse-hover-hint.

Regards
Daniel Marschall

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Fri, 04 Jun 2010 11:15:45 -0000

I'm still pondering this one. If you & Cal are right (and you may well be) I'll try to find time to make the change.

Feel free to have a go yourself...

Re: Dominic Sayers - RFC-compliant email address validator

Michael — Fri, 04 Jun 2010 07:03:10 -0000

That's good to hear.

And on another note, I wonder if you'd had a chance to consider case #164. This is from RFC 5322:

domain-literal = [CFWS] "[" *([FWS] dtext) [FWS] "]" [CFWS]

Comments are allowed?

Re: Dominic Sayers - RFC-compliant email address validator

Dominic Sayers — Wed, 02 Jun 2010 08:12:39 -0000

I've updated is_email() and the tests to reflect the fact that the IETF have now verified my erratum to RFC 3696.

This means that the maximum length of an email address is now *officially* 254 characters :-)

Re: Dominic Sayers - RFC-compliant email address validator

Oleg Oshmyan — Fri, 05 Feb 2010 16:04:44 -0000

Exactly. I noticed this a couple of days ago but verified only today and was going to complain right now. The comment on the test case says that RFC 5321 forbids comments in address literals, but as far as I understand ABNF rules in RFC 5321 assume comments and white space have already been folded, since comment tokens are not mentioned anywhere in the email address specification in section 4.1.2. On the other hand, RFC 5322 does define where comments are allowed and indeed allows a CFWS token before the address/domain literal, as well as after the quotation mark in the quoted-string token, thus making the email address "foo"(yay)@(hoopla)[1.2.3.4] of test case #164 valid.