I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.

  • @dan@upvote.auEnglish
    277 months ago

    You can use symbols like [ ] . { } ~ = | $ in the local-part (bit before the @) of email addresses. They’re all perfectly valid but a lot of email validators reject them. You can even use spaces as long as it’s using quotation marks, like

    "hello world"@example.com

    A lot of validators try to do too much. Just strip spaces from the start and end, look for an @ and a ., and send an email to it to validate it. You don’t really care if the email address looks valid; you just care whether it can actually receive email, so that’s what you should be testing for.

    • @itsralC@lemm.eeEnglish
      177 months ago

      Not even a dot: TLDs are valid email domains. joe@google is a correct address.

      • @RubberElectrons@lemmy.worldEnglish
        37 months ago

        Mmm… That doesn’t seem right, it’s usually gotta be fully expanded to at least a particular A record/MX.

        How would you tie the tld itself to an MX?

    • @tomi000@lemmy.worldEnglish
      47 months ago

      Yea but most of the time its more important to block code injection than to have the last promille of valid mail adresses be accepted.

      • @dan@upvote.auEnglish
        57 months ago

        You’re not going to get code injection via an email address field. Just make sure you’re using prepared statements (if you’re using a SQL database) and that you properly escape the email if you output it to a HTML page.

      • @PoolloverNathan@programming.devEnglish
        07 months ago

        A lot of providers support plus‑aliasing, although it‌’‌s usually in a company‌’‌s best interest to block plus‑aliases.

        • @dan@upvote.auEnglish
          47 months ago

          + symbols aren’t always used for aliasing though, and companies that strip them out can break the email address. There’s no guarantee that dan+foo@example.com is the same person as dan@example.com.

          I have a catchall domain and used to use email addresses like shopping+amazon@example.com with a Sieve rule to filter it into a “shopping” folder, but these days I just do amazon@example.com without the category or filtering.