logo
Published on aidanf.net (http://www.aidanf.net)

Validating email addresses

By aidan
Created 2008-02-05 09:06

There’s a thread [1] on programming reddit reminding developers that + is a valid character in an email address. So you should make sure that your validations allow for this.

The regular expression that I’ve been using to validate emails is

/^([^@\s]+)@((?:[-a-z0-9]+.)+[a-z]{2,})$/i

This RE will validate most email addresses correctly. Fully validating an email address is quite complex [2] (it’s not even fully clear which characters are allowed [3]) and for the purposes of input validation this is good enough. 

?> email = /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
?> email =~ '@fred.com' => nil
>> email =~ 'fred.com' => nil
>> email =~ '@fred.com' => nil
>> email =~ 'f@fred.com' => 0
>> email =~ 'fred@fred.com' => 0
>> email =~ 'fred+test@fred.com' => 0
>> email =~ 'fred.jones+test@fred.com' => 0
>> email =~ 'y@x.org' => 0
>> email =~ 'bob@.........com' => nil
>> email =~ 'bob@-.com' => 0

If you spot any more cases where this RE fails please post them in the comments. It allows ‘bob@-.com’. It fails if there are spaces in the email which are apparently allowed in the RFC.

Edit: Reading through the comments on the reddit thread makes me wonder if there is any point to email validation. Some client-side validation may be useful to warn the user if they enter an obvious non-email address. If you send a confirmation email then that’s your validation. If you don’t then it’s easy for someone to make up an email with a valid structure. So is email validation worth the risk of having someone not be able to sign up for your site because they have some unusual characters in their email address?

Source URL:
http://www.aidanf.net/blog/2008/02/05/validating-email-addresses

Links:
[1] http://reddit.com/r/programming/info/67m6s/comments/
[2] http://tfletcher.com/lib/rfc822.rb
[3] http://www.remote.org/jochen/mail/info/chars.html