commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernd Eckenfels (JIRA)" <>
Subject [jira] [Commented] (VALIDATOR-376) EmailValidator says addresses such as x.y@gmail are valid although most mail apps will fail to send it
Date Wed, 30 Sep 2015 06:52:04 GMT


Bernd Eckenfels commented on VALIDATOR-376:

Ralph, in Validator itself I see 3 possibilities:

A) revert VALIDATOR-273 or make it configurable if you want to accept dotless hosts. There
are some valid but most wont encounter them in the wild
B) have a list of well known dotless hosts (see RFC above), the list needs to be maintained
but missing entries are even less likely than A) to be encountered
C) have a list of all well known TLDs and verify email address against it. That list is more
dynamic than B and not all TLDs are also dotless hosts, but its an additional check also usefull
for the non-dotless case
D) accept that a purely syntax based check will not recognize all invalid addresses, a user
entering x@gmail or both could fool any more sophisticated whitelists.
In your software looking up the address in DNS is a first step (and rejecting any unknown
name or name which responds with 127.x.x.x). (Sending challenge mails is the second)

Maybe implement b+c+d where b ships a default list and b+c allow a setter to load/refresh
the lists. Applications can then chose to reload them or simply ship a resource.

> EmailValidator says addresses such as x.y@gmail are valid although most mail apps will
fail to send it
> ------------------------------------------------------------------------------------------------------
>                 Key: VALIDATOR-376
>                 URL:
>             Project: Commons Validator
>          Issue Type: Bug
>          Components: Routines
>    Affects Versions: 1.4.1 Release
>            Reporter: Ralph Goers
> The VALIDATOR-273 patch causes EmailValidator to allow addresses such as x.y@gmail. Unfortunately,
this is causing us problems as none of the email apps we have tried will actually allow that
email address to be sent. Although the RFCs may state it is valid, in practice it apparently
isn't. Some sort of option is needed to allow providing just the domain to fail. As a consequence
we have had to revert to a prior release of commons-validator.

This message was sent by Atlassian JIRA

View raw message