#31960 closed Uncategorized (wontfix)
Document that Django email validator does not enforce valid emails
| Reported by: | James Pic | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 3.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Currently, Django makes it seem that using an EmailField / EmailValidator will protect projects from getting invalid emails in their database.
But in reality, users must not count on Django for that:
This makes the following documentation statement inaccurate:
"EmailField: A CharField that checks that the value is a valid email address using EmailValidator."
Source : https://docs.djangoproject.com/en/3.1/ref/models/fields/#emailfield
It would be only fair to users to document that the EmailValidator will let invalid emails through, which will be the cause of SMTPError, and that people who don't want invalid emails in their EmailField must override and fix Django's default behaviour.
As to why EmailValidator would reject emails starting with a dot like ".foo@…" but not emails starting with a hyphen "-foo@…": this will remain a mystery.
Change History (5)
comment:1 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:4 by , 4 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Actually I think there is nothing we can do really, even SMTP VRFY is not going to be reliable because some providers block it "to foil spammers": https://docs.python.org/3/library/smtplib.html#smtplib.SMTP.verify