So much better than I thought it would be! Thank you for making the world a better & more informed place
I
rage quitgave up at 12.A fork bomb is apparently a valid email address.
I quit, this is stupid.
13/21, seems like I am not significantly different from random guessing
Got the same, I can’t believe how many weird comments and extra random things can get added into an email address.
I kind of expected a lot of this; I remember the sendmail 4 book from back in the day when O’Reilly had that, DNS and BIND, and Perl as the entirety of its corpus.
I scored 16/21 on https://e-mail.wtf/ and all I got was this lousy text to share on social media.
I feel pretty good about that
I vaguely remember a panel where a guy went through various cases like these.
One of the things that stood out is that not every email provides implements the same specs, so one provider might allow you to set up a “valid” email address that might not be able to communicate with other providers as they consider it “invalid”.
nice. though valid but obsolete is not a thing… if it’s obsolete it’s invalid.
Agreed! (because then I would get 3 more points on the test)
Also as the registrant of one of those new fancy TLDs, much like the owner of this website (email.wtf), their own email addresses will fail those stupid email validation checks that only believe in example@example.[com|net|org]
Shitty websites will fail “example@email.wtf”, guaranteed - despite it being 100% valid AND potentially live.
Source - I have a “.family” domain for my email server. Totally functional, but some shitty websites refuse to believe it.
I’m not sure I blame the sites. The spec is so complex that it’s not even possible to know which regex to use
The spec is so complex that it’s not even possible to know which regex to use
Yes. Almost like a regex is not the correct tool to use, and instead they should use a well-tested library function to validate email addresses.
const emailRegExp = /^[\w.!#$%&'*+/=?^`{|}~-]+@[a-z\d-]+(?:\.[a-z\d-]+)*$/i;per the HTML specification. From https://developer.mozilla.org/en-US/docs/Learn_web_development/Extensions/Forms/Form_validation#validating_forms_without_a_built-in_api
That’s one very random place to find that. There are a lot of different one and there is no way we all just agree to use that one.
Look art his site that shows a more complete and (in theory) official website. While also explaining that there is no regex that is perfect
(Compete regex for the lazy)
(?:\[a-z0-9!#$%&'\*+/=?^\_\`{|}\~-]+(?:\\.\[a-z0-9!#$%&'\*+/=?^\_\`{|}\~-]+)\*|"(?:\[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\\\\[\x01-\x09\x0b\x0c\x0e-\x7f])\*")@(?:(?:\[a-z0-9]\(?:\[a-z0-9-]\*\[a-z0-9])?\\.)+\[a-z0-9]\(?:\[a-z0-9-]\*\[a-z0-9])?|\\\[(?:(?:25\[0-5]|2\[0-4]\[0-9]|\[01]?\[0-9]\[0-9]?)\\.){3}(?:25\[0-5]|2\[0-4]\[0-9]|\[01]?\[0-9]\[0-9]?|\[a-z0-9-]\*\[a-z0-9]:(?:\[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\\\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\\])MDN isn’t a very random place?
No. But it’s on the form validation topic.
I have plenty of website reject even my fairly vanilla [email]+XYZ@ address add–ons
Yeah I have a .engineering for my biz. I also registered mycompanyengineering.com to get through places that won’t take the new TLDs.
Usually banks.
Seems like a weird choice as the primary TLD.
I’d switch it just to reduce the annoying typing hassle and to avoid misspelling.It’s already unusual if I say “My email is givenName@LastName.eu”
And that trips so many persons.
First: I have my own domain
Second: It’s not gmail, apple or a local provider
Third: The TLD isnt.deor.combut.eu
I have a spam collecting address @freemail.hu , the domain is live and working since 96, sometimes it’s not accepted, because it’s not Gmail I guess
Same as I have a .party domain. So I made a place holder (looking at you progressive) email ___+haslazydevs@gmail.com
Let us recite the email validator’s oath:
If it has something before the
, something between theand the., and something after the., it’s valid enough.The ultimate validation is to see if it gets sent.
Fails for when there is no TLD. Just send an email and validate a response eg from a link.
No. The number of users who have a real email with no TLD is far less than the number of users who will accidentally type an email with no TLD if you don’t validate on the front end.
I’m here to help 99.9% of users sign up correctly, not to be completely spec-compliant for the 0.1% who think they’re special.
I scored 14/21 on https://e-mail.wtf/ and all I got was this lousy text to share on social media.
I actually died at the poop emoji one. Actually amazing awareness to test for that
I don’t think it really matters what the standard is, because you’ll be completely limited by some 25 year old bit of Regex from Stack Overflow that every web developer ever has implemented into their form sanity checks.
The main one that gets passed around will match the weirdness fine. In fact, it probably matches things you don’t want, anyway.
A signin/registration form really only needs to do sanity checks to get rid of obviously bad addresses. You’ll have to send a round-trip email confirmation message to make sure the email is real, anyway, so why bother going into great detail? Just check that there’s an ‘@’ symbol and a dot in the domain. Most of the rest is wanking off.
A domaine without tld (me@home) is a valide address. I saw an email server being used as a mqtt-like server this way (it is very old and predate those software).
An address without a domain is irrelevant for a signin/registration form. Which is like 90% of the code being written in the wild to validate addresses.
If you’re writing an email server, then you need to care about all these details. Most of us never will.
Hey! IPv6 is valid in the inter-network context and needs no dots!
You gonna fill an IPv6 address for your email server into the DoorDash signin page?
Don’t be ridiculous, I’m going to use an open source password manager to fill an IPv6 address for my email server into the DoorDash signin page.
I know you’re being facetious, but I’m thinking through the implications of someone actually doing this. ISPs aren’t always handing out static IPv6 prefixes for some damn reason, so you can’t count on that address staying the same when self-hosting. Even if you can, you don’t know what will happen when you change ISPs.
So yeah, really bad idea regardless.
I gave up when I got like 5 wrong. I’ve ran mail servers for decades, most of the invalid “valids” would get rejected by any mailservers I’ve administered.
Just because it’s not something you’d use anymore doesn’t mean it isn’t valid.
WEP is still a valid form of wireless encryption, but no one would use it anymore (and so would be obsolete). It’s still a part of the 802.11 standard.
And for a good reason.
I don’t care who the IRS sends, I am not validating emails with spaces on them.
You shouldn’t be validating emails yourself anyway. Use a library or check for only the
and then send an email confirmation.Use a library
Please, no. If someone wrote email address “validation” complex enough to warrant a library, then their code is almost certainly wrong.
or check for only the @ and then send an email confirmation.
Yes. Do that.
If your boss demands a more detailed check at input time, then make it display warnings, not errors, and continue to the confirmation sending step if the user chooses to ignore the warning.
Even if it’s a completely valid address and the domain exists, they still might’ve fat fingered the username part. Going to extreme lengths to validate email addresses is pointless, you still have to send an email to it anyway.
I seem to have annoyed an admin of an instance enough for them to subscribe my signup email to hundreds of dating profiles (presumably using a service that offers to harass someone for you)
Many of them aren’t good at validating email
One in ten has one email arrive, asking me to click a link to confirm
9 in ten have 5 emails before I notice them:
- Please click a link to confirm
- You received a wink
- You received a wink
- You received 3 chat requests
- You received a link
So it’s important to not send emails beyond the validate one to unvalidated addresses, to perfect your service annoying or harassing this parties
Also, use a disposable address for signing up to Lemmy
This is the way.
I lost it at the fork bomb. I mean I hit valid because there was no way it was on the and not valid, but there’s no way i’d have expected that. after that I just kept guessing the most stupid answer and did pretty well
What if we 👉@👈 …? 🤭
Now i just need a registrar that allows emoji…
Any should. Any unicode is converted to alphabetical anyways, through “xn–” + a punycode conversion. Which is actually fairly important for places that don’t use the Latin alphabet.
See http://xn-bdk.gay/, which is the same as http://ツ.gay/
(Someone set this up on 196 a while ago, they said they were using Namecheap)
oh jesus, rabbit hole accepted, thanks!
Self-host it.
People may find that weird, however.
