I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.

  • @danAEnglish
    287 months ago

    You can use symbols like [ ] . { } ~ = | $ in the local-part (bit before the @) of email addresses. They’re all perfectly valid but a lot of email validators reject them. You can even use spaces as long as it’s using quotation marks, like

    "hello world"@example.com

    A lot of validators try to do too much. Just strip spaces from the start and end, look for an @ and a ., and send an email to it to validate it. You don’t really care if the email address looks valid; you just care whether it can actually receive email, so that’s what you should be testing for.

    • @itsralC@lemm.eeEnglish
      187 months ago

      Not even a dot: TLDs are valid email domains. joe@google is a correct address.

      • @RubberElectrons@lemmy.world
        English
        07 months ago

        Mmm… That doesn’t seem right, it’s usually gotta be fully expanded to at least a particular A record/MX.

        How would you tie the tld itself to an MX?

        • @TwitchingCheese@lemmy.worldEnglish
          157 months ago

          TLD is just another DNS layer, try an SOA or NS lookup for “com.” those are obviously hosted somewhere. Hell the “.” at the end is even another layer with the root nameservers. You’d probably trip up a bunch of systems that filter on common convention rather than the actual RFC, but you could do it.

          • @RubberElectrons@lemmy.world
            English
            27 months ago

            How the hell were the original rfc designers so creative as to result in such a flexible system?? It’s gets crazier the more you look at it.

            • @PoolloverNathan@programming.devEnglish
              57 months ago

              It makes the system as a whole simpler. Your computer only needs to remember one root DNS server (although most computers allow setting 4 for redundancy) as opposed to one DNS server for each TLD, and it also makes adding TLDs easier.

      • @PoolloverNathan@programming.devEnglish
        17 months ago

        A lot of providers support plus‑aliasing, although it‌’‌s usually in a company‌’‌s best interest to block plus‑aliases.

        • @danAEnglish
          47 months ago

          + symbols aren’t always used for aliasing though, and companies that strip them out can break the email address. There’s no guarantee that dan+foo@example.com is the same person as dan@example.com.

          I have a catchall domain and used to use email addresses like shopping+amazon@example.com with a Sieve rule to filter it into a “shopping” folder, but these days I just do amazon@example.com without the category or filtering.

    • @tomi000@lemmy.worldEnglish
      17 months ago

      Yea but most of the time its more important to block code injection than to have the last promille of valid mail adresses be accepted.

      • @danAEnglish
        57 months ago

        You’re not going to get code injection via an email address field. Just make sure you’re using prepared statements (if you’re using a SQL database) and that you properly escape the email if you output it to a HTML page.