isValidEmail accepts non-wellformed e-mail address. SMTP 'VRFY' and MX/A DNS lookup provides better validation.
|Reported by:||Owned by:||Adrian Holovaty|
|Severity:||normal||Keywords:||email validator smtp vrfy|
|Cc:||mpjung@…, mir@…||Triage Stage:||Design decision needed|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Currently the E-Mail-Validator only checks for well formed e-mail addresses via a very simplified regular expression. This recently gave me troubles as an address with leading '-' was allowed. foo@… was validated correctly, but threw an error later when trying to send an e-mail using this address.
The Book “Mastering Regular Expressions” by Jeffrey E. F. Friedl comes with a very advanced regular expression (filling a complete A4 page if printed with a readable font) and quickly shows that the approach of a simple pattern match is not too great for validating e-mail addresses.
I have been looking at the SMTP RFC and found the command "vrfy" which allows the user to check if a specific e-mail address would be accepted as recipient. The python smtplib also supports this feature via the verify method so it would be quite easy to implement a validator that uses the default SMTP server to check for validness of entered e-mail addresses.
I would like to add a configuration variable called VALIDATE_EMAIL_ADDRESS_VIA_SMTP (better name?) which can be set to True if e-mail validation should be done via the configured SMTP host.
Change History (8)
comment:2 Changed 10 years ago by
|Summary:||isEmailValid accepts non-wellformed e-mail address. Remote validation via SMTP 'vrfy' could save a lot of trouble. → isValidEmail accepts non-wellformed e-mail address. SMTP 'VRFY' and MX/A DNS lookup provides better validation.|