13/21, seems like I am not significantly different from random guessing
Got the same, I can’t believe how many weird comments and extra random things can get added into an email address.
I got 11.
The spaces and quotes caught me.
I scored 16/21 on https://e-mail.wtf/ and all I got was this lousy text to share on social media.
I feel pretty good about that
So much better than I thought it would be! Thank you for making the world a better & more informed place
I
rage quitgave up at 12.A fork bomb is apparently a valid email address.
I quit, this is stupid.
nice. though valid but obsolete is not a thing… if it’s obsolete it’s invalid.
Agreed! (because then I would get 3 more points on the test)
I don’t think it really matters what the standard is, because you’ll be completely limited by some 25 year old bit of Regex from Stack Overflow that every web developer ever has implemented into their form sanity checks.
The main one that gets passed around will match the weirdness fine. In fact, it probably matches things you don’t want, anyway.
A signin/registration form really only needs to do sanity checks to get rid of obviously bad addresses. You’ll have to send a round-trip email confirmation message to make sure the email is real, anyway, so why bother going into great detail? Just check that there’s an ‘@’ symbol and a dot in the domain. Most of the rest is wanking off.
A domaine without tld (me@home) is a valide address. I saw an email server being used as a mqtt-like server this way (it is very old and predate those software).
An address without a domain is irrelevant for a signin/registration form. Which is like 90% of the code being written in the wild to validate addresses.
If you’re writing an email server, then you need to care about all these details. Most of us never will.
Hey! IPv6 is valid in the inter-network context and needs no dots!
You gonna fill an IPv6 address for your email server into the DoorDash signin page?
Don’t be ridiculous, I’m going to use an open source password manager to fill an IPv6 address for my email server into the DoorDash signin page.
I know you’re being facetious, but I’m thinking through the implications of someone actually doing this. ISPs aren’t always handing out static IPv6 prefixes for some damn reason, so you can’t count on that address staying the same when self-hosting. Even if you can, you don’t know what will happen when you change ISPs.
So yeah, really bad idea regardless.
Also as the registrant of one of those new fancy TLDs, much like the owner of this website (email.wtf), their own email addresses will fail those stupid email validation checks that only believe in example@example.[com|net|org]
Shitty websites will fail “[email protected]”, guaranteed - despite it being 100% valid AND potentially live.
Source - I have a “.family” domain for my email server. Totally functional, but some shitty websites refuse to believe it.
Yeah I have a .engineering for my biz. I also registered mycompanyengineering.com to get through places that won’t take the new TLDs.
Usually banks.
Seems like a weird choice as the primary TLD.
I’d switch it just to reduce the annoying typing hassle and to avoid misspelling.It’s already unusual if I say “My email is [email protected]”
And that trips so many persons.
First: I have my own domain
Second: It’s not gmail, apple or a local provider
Third: The TLD isnt.deor.combut.eu
I have plenty of website reject even my fairly vanilla [email]+XYZ@ address add–ons
I’m not sure I blame the sites. The spec is so complex that it’s not even possible to know which regex to use
The spec is so complex that it’s not even possible to know which regex to use
Yes. Almost like a regex is not the correct tool to use, and instead they should use a well-tested library function to validate email addresses.
Exactly! But its not obvios. So most of those shitty websites don’t even know they have a problem.
Then there are also people ignoring it on purpose. I once read a reddit comment saying 'well of your address looks like “John wick 🐶❤️”@2001:0db8:85a3:0000:0000:8a2e:0370:7334 I don’t event want your email in my DB because oit will break something
I have a feeling, the ones codapine is stating, didn’t even care to half-read the spec and just went with what they knew from experience.
Maybe they didn’t even know there was a spec.
Maybe they asked ChatGPT for the regex.const emailRegExp = /^[\w.!#$%&'*+/=?^`{|}~-]+@[a-z\d-]+(?:\.[a-z\d-]+)*$/i;per the HTML specification. From https://developer.mozilla.org/en-US/docs/Learn_web_development/Extensions/Forms/Form_validation#validating_forms_without_a_built-in_api
That’s one very random place to find that. There are a lot of different one and there is no way we all just agree to use that one.
Look art his site that shows a more complete and (in theory) official website. While also explaining that there is no regex that is perfect
(Compete regex for the lazy)
(?:\[a-z0-9!#$%&'\*+/=?^\_\`{|}\~-]+(?:\\.\[a-z0-9!#$%&'\*+/=?^\_\`{|}\~-]+)\*|"(?:\[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\\\\[\x01-\x09\x0b\x0c\x0e-\x7f])\*")@(?:(?:\[a-z0-9]\(?:\[a-z0-9-]\*\[a-z0-9])?\\.)+\[a-z0-9]\(?:\[a-z0-9-]\*\[a-z0-9])?|\\\[(?:(?:25\[0-5]|2\[0-4]\[0-9]|\[01]?\[0-9]\[0-9]?)\\.){3}(?:25\[0-5]|2\[0-4]\[0-9]|\[01]?\[0-9]\[0-9]?|\[a-z0-9-]\*\[a-z0-9]:(?:\[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\\\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\\])MDN isn’t a very random place?
No. But it’s on the form validation topic.
I have a spam collecting address @freemail.hu , the domain is live and working since 96, sometimes it’s not accepted, because it’s not Gmail I guess
Same as I have a .party domain. So I made a place holder (looking at you progressive) email [email protected]
I don’t care who the IRS sends, I am not validating emails with spaces on them.
You shouldn’t be validating emails yourself anyway. Use a library or check for only the
and then send an email confirmation.Even if it’s a completely valid address and the domain exists, they still might’ve fat fingered the username part. Going to extreme lengths to validate email addresses is pointless, you still have to send an email to it anyway.
I seem to have annoyed an admin of an instance enough for them to subscribe my signup email to hundreds of dating profiles (presumably using a service that offers to harass someone for you)
Many of them aren’t good at validating email
One in ten has one email arrive, asking me to click a link to confirm
9 in ten have 5 emails before I notice them:
- Please click a link to confirm
- You received a wink
- You received a wink
- You received 3 chat requests
- You received a link
So it’s important to not send emails beyond the validate one to unvalidated addresses, to perfect your service annoying or harassing this parties
Also, use a disposable address for signing up to Lemmy
Use a library
Please, no. If someone wrote email address “validation” complex enough to warrant a library, then their code is almost certainly wrong.
or check for only the @ and then send an email confirmation.
Yes. Do that.
If your boss demands a more detailed check at input time, then make it display warnings, not errors, and continue to the confirmation sending step if the user chooses to ignore the warning.
This is the way.
Let us recite the email validator’s oath:
If it has something before the
, something between theand the., and something after the., it’s valid enough.The ultimate validation is to see if it gets sent.
Fails for when there is no TLD. Just send an email and validate a response eg from a link.
No. The number of users who have a real email with no TLD is far less than the number of users who will accidentally type an email with no TLD if you don’t validate on the front end.
I’m here to help 99.9% of users sign up correctly, not to be completely spec-compliant for the 0.1% who think they’re special.
Guess my mail@IPv6 won’t be accepted because I was too poor to pay for a domain name after having paid for a static IPv6.
What if we 👉@👈 …? 🤭
Now i just need a registrar that allows emoji…
Any should. Any unicode is converted to alphabetical anyways, through “xn–” + a punycode conversion. Which is actually fairly important for places that don’t use the Latin alphabet.
See http://xn-bdk.gay/, which is the same as http://ツ.gay/
(Someone set this up on 196 a while ago, they said they were using Namecheap)
oh jesus, rabbit hole accepted, thanks!
Self-host it.
People may find that weird, however.
I vaguely remember a panel where a guy went through various cases like these.
One of the things that stood out is that not every email provides implements the same specs, so one provider might allow you to set up a “valid” email address that might not be able to communicate with other providers as they consider it “invalid”.
I scored 16/21 on https://e-mail.wtf/ and all I got was this lousy text to share on social media.
This was fun!
Edit: people, upvote the OP, not me
13/21 here. Mostly got hung up on several “this was valid in earlier RFC, and later removed” kind of situations. There are several where I picked the correct answer, but where I know many websites that won’t accept it as valid, and that’s not even the more esoteric ones.
Yeah I feel like the correct answer for anything obsoleted by a more recent RFC should be “Invalid”.
Complaints about the quiz? Send them to 💩@💩
But they will work, and according to the spec, you have to build your system so that it can handle those cases. Obsolete doesn’t mean incorrect or invalid, just a “you shouldn’t do this any more”.
Obsolete Syntax
Earlier versions of this standard allowed for different (usually more liberal) syntax than is allowed in this version. Also, there have been syntactic elements used in messages on the Internet whose interpretation have never been documented. Though some of these syntactic forms MUST NOT be generated according to the grammar in section 3, they MUST be accepted and parsed by a conformant receiver.Well shit, yeah, that “MUST be accepted and parsed” is pretty explicit. That sucks. What is even the point of revising standards? How the fuck do we ever get rid of some of these bad ideas?
Some of those “obsolete” things are outright blocked for specific reasons. For example, routing addresses through multiple servers. It was abused by spammers, so it’s almost always denied these days.
Looks like this:
<@foo.example.com@bar.example.com:123@example.com>
I got 14/21
Me too and it said that is the amount you’d get if you just picked “valid” for every response. Lmao
Samsies
Yay! Same. But only because I’ve already heard of some email craziness before.
Don’t tell me what to do!
yay 16/21 club
Question 5 is incorrect,
name@exampleis a fully valid email address, even after RFC 2822The spec of RFC 2822 defines an address (3.4.1) as:
local-part "@" domaindomainis defined (3.4.1) as:domain = dot-atom / domain-literal / obs-domaindot-atomis defined (3.2.4) as:dot-atom = [CFWS] dot-atom-text [CFWS] dot-atom-text = 1*atext *("." 1*atext)1meaning at least 1 alphanumeric character, followed by*("." 1*atext)meaning at least 0"." 1*atext
If tomorrow, google decided to use its
googletop-level domain as an email domain, it would be perfectly valid, as could any other company owning top-level domainsGoogle even owns a
gmailTLD so I wouldn’t even be surprised if they decided to use itI don’t know if they changes the answer to the question, but it now says
name@exampleis valid.It does say it’s valid, but also that it’s obsolete, and while the RFC does define valid but obsolete specs, there is nothing defining domains without a dot as obsolete, and it is in fact defined in the regular spec, not the obsolete section
I see what you mean, I’m with you now.
It says valid but obsolete, which sounds like a contradiction to me.
This is technically valid but considered obsolete. RFC 822 allowed domains without dots, but RFC 2822 made this obsolete.
Do email suffix not indicate a different domain like .org and .com for websites?
I didn’t understand this one. How do you have a no dot domain? Like you need to distinguish from example.com or example.wtf
Edit: do you mean if you own
.googleyou can have youremail@googleaddress?In response to your edit.
Yes, or countries could use their cctld, e.g. email@us or noreply@uk.
Or any tld owner could do the same with theirs, of course.
Pretty cool
Yes, the top-level domain is still just a domain. I’m not aware of any public Internet services which are reachable from a TLD directly, and it’s strongly discouraged by ICANN, but there isn’t any technical limitation preventing e.g. someone at Verisign from setting up
example@com.you could also send mails within your local network, the hostname just has to resolve and have a mail service running
I gave up when I got like 5 wrong. I’ve ran mail servers for decades, most of the invalid “valids” would get rejected by any mailservers I’ve administered.
Just because it’s not something you’d use anymore doesn’t mean it isn’t valid.
WEP is still a valid form of wireless encryption, but no one would use it anymore (and so would be obsolete). It’s still a part of the 802.11 standard.
And for a good reason.
I don’t validate emails, I test them.
That’s your email? OK, what did we send it? if we couldn’t send to it or the user can’t read it there’s no reason to accept it.
OK, maybe I do some light validation first, but I don’t trust the email address just because it’s email-address-shaped.
Hooray, you have better security than Apple, who won’t let me use my own email because some idiot in Australia used it first.
What kind of “light validation”? I’m guessing a
.*@.*regex match.Almost correct. ^.+@.+$
Too hard to validate properly to be worth it. Even if it is technically valid that’s insufficient. It must also work, and the easiest way to test that is to use it and verify that the user got what we sent.
I see you accept lemmy handles.
if i can email them and the user gets it - fine by me
Would pass first validation, but fail when we try to send an email.
Successfully failed.
matches
I don’t validate emails, I test them.
Hooray! You get a gold star.
OK, maybe I do some light validation first,
I hope your “validation” does nothing more than show a warning that the user is allowed to ignore.
I have seen too many systems built by people who think they know what’s valid or not before and after the
sign*, and they are almost always dead wrong. In the worst cases, such systems accept an unusual-looking address and claim to send the expected verification message, but never actually send it. Of course, these systems won’t work for some people, and since none of their online docs or support staff know why, those people will be locked out of using the system and funneled into bottomless pit of misery if they try. Please don’t build broken garbage like this.*Fun fact: Not so terribly long ago, even the
sign didn’t have to be present. Some email addresses were bang paths. I’m not sure if any of these are still in use, but it wouldn’t shock me to learn that they are.
