E-mail Validation
Posted: Tue Jul 29, 2008 9:59 pm
My question's at the bottom. But you need the preceding parts to understand why I'd ask such a question:
Woof! I've just come from a fairly thorough reading of many articles concerning e-mail validations and which ones work and which ones don't and why. It all started because an address of first.last//something@domain.tld failed my format validity test. Then I thought filter_validate_email might be the thing to use, but alas my ISP is one rev too old (5.2.2) so all I get is fatal errors as detailed all over the web I found to my disgust. Then to add insult to injury it turns out even that isn't really able to recognize all formats of the e-mail addresses. Add to the the upcoming new TLDs and it starts to get to be a real mess. I guess if my ISP were to go to 5.2.6 life would be easier, but ... .
Shortening the story, I eventually came across Simon Slick's site (simonslick.com) and there was at least a LOT Of good info and what appeared to be workable, inclusive scripts for email validation, complete with apparently all the relevant RFCs that were applicable.
After getting my head around that, I've finally come to the conclusion of "Big Deal; what's the point?" Basically, when making up a phoney address, as long as you don't have too many "@"s in it, its' no problem at all to create a phony address; so, why go through all those ereg et al gyrations to prove, what, that it doesn't start with a dot and a couple other minor things? That's no security; that's programming for the sake of programming, IMO, absolutely NO OFFENSE INTENDED to anyone involved in such complex assemblies; it's just my thought for the moment.
So what it boils down to for me is, screw the overall format validation. I'm just going to check for 1 @ and at least one dot, and then go right to an MX check. If the address at least has an @ and a dot, in the right order, and the MX exists, that feels just as secure as the hundreds of regular expression characters and so forth. And it's a lot less work and a lot less trouble-shooting if something goes wrong or maintenance is needed.
If you're only familair with name@domain.tld as an e-mail format, you're probably best advised to not bother with a response and instead consider this a learning experience. I assure you there are many, many other formats available that are completely functional. I had one recently come from iraq with a really strange address format. FWIW, I'm also a newbie and a lot of today's research was a total surprise to me!
So, here's my question:
Do the more experienced users here agree with me, or do you think I'm missing something important in deciding to only check for an @, then a dot, in the right order, and then going right to the mx check? Do I really need to do anything else?
Thanks for reading; I know it's a bit long winded.
Thanks for your consideration,
Twayne
Woof! I've just come from a fairly thorough reading of many articles concerning e-mail validations and which ones work and which ones don't and why. It all started because an address of first.last//something@domain.tld failed my format validity test. Then I thought filter_validate_email might be the thing to use, but alas my ISP is one rev too old (5.2.2) so all I get is fatal errors as detailed all over the web I found to my disgust. Then to add insult to injury it turns out even that isn't really able to recognize all formats of the e-mail addresses. Add to the the upcoming new TLDs and it starts to get to be a real mess. I guess if my ISP were to go to 5.2.6 life would be easier, but ... .
Shortening the story, I eventually came across Simon Slick's site (simonslick.com) and there was at least a LOT Of good info and what appeared to be workable, inclusive scripts for email validation, complete with apparently all the relevant RFCs that were applicable.
After getting my head around that, I've finally come to the conclusion of "Big Deal; what's the point?" Basically, when making up a phoney address, as long as you don't have too many "@"s in it, its' no problem at all to create a phony address; so, why go through all those ereg et al gyrations to prove, what, that it doesn't start with a dot and a couple other minor things? That's no security; that's programming for the sake of programming, IMO, absolutely NO OFFENSE INTENDED to anyone involved in such complex assemblies; it's just my thought for the moment.
So what it boils down to for me is, screw the overall format validation. I'm just going to check for 1 @ and at least one dot, and then go right to an MX check. If the address at least has an @ and a dot, in the right order, and the MX exists, that feels just as secure as the hundreds of regular expression characters and so forth. And it's a lot less work and a lot less trouble-shooting if something goes wrong or maintenance is needed.
If you're only familair with name@domain.tld as an e-mail format, you're probably best advised to not bother with a response and instead consider this a learning experience. I assure you there are many, many other formats available that are completely functional. I had one recently come from iraq with a really strange address format. FWIW, I'm also a newbie and a lot of today's research was a total surprise to me!
So, here's my question:
Do the more experienced users here agree with me, or do you think I'm missing something important in deciding to only check for an @, then a dot, in the right order, and then going right to the mx check? Do I really need to do anything else?
Thanks for reading; I know it's a bit long winded.
Thanks for your consideration,
Twayne