[ https://issues.apache.org/jira/browse/VALIDATOR-376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14936447#comment-14936447 ]
Bernd Eckenfels commented on VALIDATOR-376: ------------------------------------------- Ralph, in Validator itself I see 3 possibilities: A) revert VALIDATOR-273 or make it configurable if you want to accept dotless hosts. There are some valid but most wont encounter them in the wild B) have a list of well known dotless hosts (see RFC above), the list needs to be maintained but missing entries are even less likely than A) to be encountered C) have a list of all well known TLDs and verify email address against it. That list is more dynamic than B and not all TLDs are also dotless hosts, but its an additional check also usefull for the non-dotless case D) accept that a purely syntax based check will not recognize all invalid addresses, a user entering x@gmail or x...@aaaaaaaaaxxxx.com both could fool any more sophisticated whitelists. In your software looking up the address in DNS is a first step (and rejecting any unknown name or name which responds with 127.x.x.x). (Sending challenge mails is the second) Maybe implement b+c+d where b ships a default list and b+c allow a setter to load/refresh the lists. Applications can then chose to reload them or simply ship a resource. > EmailValidator says addresses such as x.y@gmail are valid although most mail > apps will fail to send it > ------------------------------------------------------------------------------------------------------ > > Key: VALIDATOR-376 > URL: https://issues.apache.org/jira/browse/VALIDATOR-376 > Project: Commons Validator > Issue Type: Bug > Components: Routines > Affects Versions: 1.4.1 Release > Reporter: Ralph Goers > > The VALIDATOR-273 patch causes EmailValidator to allow addresses such as > x.y@gmail. Unfortunately, this is causing us problems as none of the email > apps we have tried will actually allow that email address to be sent. > Although the RFCs may state it is valid, in practice it apparently isn't. > Some sort of option is needed to allow providing just the domain to fail. As > a consequence we have had to revert to a prior release of commons-validator. -- This message was sent by Atlassian JIRA (v6.3.4#6332)