[jira] [Commented] (VALIDATOR-376) EmailValidator says addresses such as x.y@gmail are valid although most mail apps will fail to send it

Tue, 29 Sep 2015 23:52:45 -0700 

    [ 
https://issues.apache.org/jira/browse/VALIDATOR-376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14936447#comment-14936447
 ] 

Bernd Eckenfels commented on VALIDATOR-376:
-------------------------------------------

Ralph, in Validator itself I see 3 possibilities:

A) revert VALIDATOR-273 or make it configurable if you want to accept dotless 
hosts. There are some valid but most wont encounter them in the wild
B) have a list of well known dotless hosts (see RFC above), the list needs to 
be maintained but missing entries are even less likely than A) to be encountered
C) have a list of all well known TLDs and verify email address against it. That 
list is more dynamic than B and not all TLDs are also dotless hosts, but its an 
additional check also usefull for the non-dotless case
D) accept that a purely syntax based check will not recognize all invalid 
addresses, a user entering x@gmail or x...@aaaaaaaaaxxxx.com both could fool 
any more sophisticated whitelists. In your software looking up the address in 
DNS is a first step (and rejecting any unknown name or name which responds with 
127.x.x.x). (Sending challenge mails is the second)

Maybe implement b+c+d where b ships a default list and b+c allow a setter to 
load/refresh the lists. Applications can then chose to reload them or simply 
ship a resource.

> EmailValidator says addresses such as x.y@gmail are valid although most mail 
> apps will fail to send it
> ------------------------------------------------------------------------------------------------------
>
>                 Key: VALIDATOR-376
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-376
>             Project: Commons Validator
>          Issue Type: Bug
>          Components: Routines
>    Affects Versions: 1.4.1 Release
>            Reporter: Ralph Goers
>
> The VALIDATOR-273 patch causes EmailValidator to allow addresses such as 
> x.y@gmail. Unfortunately, this is causing us problems as none of the email 
> apps we have tried will actually allow that email address to be sent. 
> Although the RFCs may state it is valid, in practice it apparently isn't. 
> Some sort of option is needed to allow providing just the domain to fail. As 
> a consequence we have had to revert to a prior release of commons-validator.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to