Return-Path: X-Original-To: apmail-commons-issues-archive@minotaur.apache.org Delivered-To: apmail-commons-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A9D4218EF8 for ; Wed, 30 Sep 2015 06:52:10 +0000 (UTC) Received: (qmail 97514 invoked by uid 500); 30 Sep 2015 06:52:04 -0000 Delivered-To: apmail-commons-issues-archive@commons.apache.org Received: (qmail 97429 invoked by uid 500); 30 Sep 2015 06:52:04 -0000 Mailing-List: contact issues-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: issues@commons.apache.org Delivered-To: mailing list issues@commons.apache.org Received: (qmail 97418 invoked by uid 99); 30 Sep 2015 06:52:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Sep 2015 06:52:04 +0000 Date: Wed, 30 Sep 2015 06:52:04 +0000 (UTC) From: "Bernd Eckenfels (JIRA)" To: issues@commons.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (VALIDATOR-376) EmailValidator says addresses such as x.y@gmail are valid although most mail apps will fail to send it MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/VALIDATOR-376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14936447#comment-14936447 ] Bernd Eckenfels commented on VALIDATOR-376: ------------------------------------------- Ralph, in Validator itself I see 3 possibilities: A) revert VALIDATOR-273 or make it configurable if you want to accept dotless hosts. There are some valid but most wont encounter them in the wild B) have a list of well known dotless hosts (see RFC above), the list needs to be maintained but missing entries are even less likely than A) to be encountered C) have a list of all well known TLDs and verify email address against it. That list is more dynamic than B and not all TLDs are also dotless hosts, but its an additional check also usefull for the non-dotless case D) accept that a purely syntax based check will not recognize all invalid addresses, a user entering x@gmail or x@aaaaaaaaaxxxx.com both could fool any more sophisticated whitelists. In your software looking up the address in DNS is a first step (and rejecting any unknown name or name which responds with 127.x.x.x). (Sending challenge mails is the second) Maybe implement b+c+d where b ships a default list and b+c allow a setter to load/refresh the lists. Applications can then chose to reload them or simply ship a resource. > EmailValidator says addresses such as x.y@gmail are valid although most mail apps will fail to send it > ------------------------------------------------------------------------------------------------------ > > Key: VALIDATOR-376 > URL: https://issues.apache.org/jira/browse/VALIDATOR-376 > Project: Commons Validator > Issue Type: Bug > Components: Routines > Affects Versions: 1.4.1 Release > Reporter: Ralph Goers > > The VALIDATOR-273 patch causes EmailValidator to allow addresses such as x.y@gmail. Unfortunately, this is causing us problems as none of the email apps we have tried will actually allow that email address to be sent. Although the RFCs may state it is valid, in practice it apparently isn't. Some sort of option is needed to allow providing just the domain to fail. As a consequence we have had to revert to a prior release of commons-validator. -- This message was sent by Atlassian JIRA (v6.3.4#6332)