What can we assume is an invalid email address?

Question

I am attempting to validate email addresses, however I want the most lenient validation possible as I intend to back this up by sending the user a validation email (I am aware this gets asked a lot but the other questions are focused on being as strict as possible whereas I am attempting to identify the most lenient checks possible).

I still think it's important to have some level of validation to remove things that couldn't possibly be an email address... I don't want "this is not @n email. fool" sitting smugly in my database pretending to be an email. Although I am quite happy to have "this.is.not.an.email@fool.com".

Here is my function so far:

function validate(email) {
  var atIndex = email.lastIndexOf('@');
  // Make sure email contains an '@' character and that it is neither the first or last character
  if (atIndex > 0 && atIndex < email.length -1) {
    // Everything before the last '@' character
    var local = email.substring(0, atIndex);
    // Everything after the last '@' character
    var domain = email.substring(atIndex + 1, email.length);
    var dotIndex = domain.lastIndexOf('.');

    // Make sure domain contains a '.' character and that it is neither the first or last character
    if (dotIndex > 0 && dotIndex < domain.length - 1) {
      // Array of strings that aren't allowed to appear in a domain
      var domainRestrictions = [
        "..",
        " "
      ];
      var i = domainRestrictions.length;
      while (i-- > -1) {
        if (domain.indexOf(domainRestrictions[i]) > -1) {
          return false;
        }
      }
      // Array of strings that the local portion can neither start or end with
      var localRestrictions = [
        ".",
        " "
      ];
      i = localRestrictions.length;
      while (i-- > -1) {
        var string = localRestrictions[i];
        if (local.indexOf(string) == 0 || local.lastIndexOf(string) == local.length - 1) {
          return false;
        }
      }

      return true;
    }

  }
  return false;
}

Currently I disallow the following:

• Anything without an '@' symbol.
• Any domain not containing a '.' or that contains it as the first or last character.
• Any domain containing whitespace or '..' Any local section starting or ending with '.' or whitespace

Everything else is considered valid and passed on.

My question is, are there any valid email addresses this will choke on? Are there any more safe assumptions I can make that an email address can't contain?

Answer 1

If you are absolutely intent on having a 100% valid email address, for starters I would recommend reading RFC 2822, which can be found at https://www.rfc-editor.org/rfc/rfc2822#section-3.4.1. A full implementation of this specification will ensure that all email addresses entered are in a completely valid format. This goes far beyond what all but the most complex regular expressions can achieve - for example, you may find that you need to cope with Cyrillic, Greek or Unicode character sets.

However ...

Implementation of this spec would take a significant amount of time, compared with the amount of time you would save. Even if an email address was still in a valid format there are still gotchas including:

• The domain may not be registered;
• There may be no MX record for the domain;
• There may be no A record for the domain, as a fall-back; or,
• The user may not actually exist.

Quite frankly, rather than spending time ensuring email addresses adhere strictly to the correct format, your time may be better spent ensuring that it is "good enough" and concentrating on other aspects of your verification process.

Answer 2

Please check an exhaustive set of rules at -

http://rumkin.com/software/email/rules.php

Answer 3

If you use Regular Expression you'll have a lot less trouble. There are email validation patterns which validate your email address.

Pattern pattern = Pattern.compile("([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4})?");
Matcher matcher = pattern.matcher(yourEmailAddress);
if(matcher.matches()){
  //do something
}else {
  //tell the user it didn't match
}