I don’t think it really matters what the standard is, because you’ll be completely limited by some 25 year old bit of Regex from Stack Overflow that every web developer ever has implemented into their form sanity checks.
I scored 16/21 on https://e-mail.wtf/ and all I got was this lousy text to share on social media.
This was fun!
Edit: people, upvote the OP, not me
My top five from this (all valid):
- ":()␣:;:"@example.com # fork bomb
- 👉@👈 and poop@[💩]
- “@”@[@]
- c̷̨̈́i̵̮̅l̶̠̐͊͝ȁ̷̠̗̆̍̍n̷͖̘̯̍̈͒̅t̶͍͂͋ř̵̞͈̓ȯ̷̯̠-̸͚̖̟͋s̴͉̦̭̔̆̃͒û̵̥̪͆̒̕c̸̨̨̧̺̎k̵̼͗̀s̸̖̜͍̲̈́͋̂͠@example.com
- fed-up-yet@␣example.com␣ # ␣ = whitespace
Two of my “favorite” features it didn’t even touch on. You can have nested comments:
foo(one(two(three(four(five(six(seven)))))))@example.comThis will actually fail on that big email regex that gets copied around (originally from Mastering Regular Expressions in 1997), because it can only handle comment nesting to a depth of six. It is actually possible to do indefinite nesting now with recursive regex, but it was developed before that feature existed.
RFC822 also allows routing addresses through multiple servers:
<@foo.example.com@bar.example.com:123@example.com>But this is almost always denied on modern email servers because it was abused by spammers.
Let us recite the email validator’s oath:
If it has something before the
, something between theand the., and something after the., it’s valid enough.The ultimate validation is to see if it gets sent.
Fails for when there is no TLD. Just send an email and validate a response eg from a link.
No. The number of users who have a real email with no TLD is far less than the number of users who will accidentally type an email with no TLD if you don’t validate on the front end.
I’m here to help 99.9% of users sign up correctly, not to be completely spec-compliant for the 0.1% who think they’re special.
I had to make an email address just for paypal because those idiots don’t accept subdomains in email addresses.
Pizza Hut doesn’t allow dashes in the domain. This prevents me from ordering Pizza Hut with the email under my personal domain. This can be considered a feature.
