Hacker News new | past | comments | ask | show | jobs | submit login

Not sure why this is getting downvoted. It's a valid point. There is a gap between "technically valid email addresses" and "email addresses that reasonable people use".



Not that I downvoted, but the attitude annoys me. As a developer you have two options:

1) Do nothing and support all valid addresses (that your mail system can handle)

2) Spend development time to make your system not support all valid addresses.

Why do you spend development effort to make your software worse?


3) Realize that undervalidation of input can create opportunities to introduce backdoors into your system.

4) Realize that the added benefit of supporting weird formats are not worth the time to verify that it actually works.

As someone who works on an email client, I can absolutely tell you that using IP address literals and quoted localparts are more trouble than its worth. Chances are, the libraries you use can't handle them anyways. And if you don't try to support quoted localparts, than normalization is a lot easier. (Although I was once locked out of a system because I signed up with an email address that used capitals and the login form changed to lowercase it without changing the database storage, which meant no form I could spell it would cause it to match).


OK, try to get my email system to accept yourname@3com.com

Hint: I believe domain names cannot begin with digits.


The original DNS specification said that could not be done, but it is legal as of RFC 1123.


Why is this downvoted? Because it violates Postel's law, one of the cornerstones of the technology running the internet:

"Be conservative in what you do, be liberal in what you accept from others"


> be liberal in what you accept from others

This is a recipe for disaster and code bloat. I met in the past a vulnerability that some irc clients had due to that principle.


It depends. There are plenty of harmless examples like removing leading/trailing whitespace when entering a name. Ignoring whitespace, dashes etc. when entering a code, etc.

A bit of extra effort by the developers saves a lot of people a lot of time.


The extreme cases are very rare, but even resonable addresses are rejected regularly.

I have had various email addresses of me rejected because

- of an unusual tld (whatever@somewhere.tech)

- it was an email of a subdomain (whatever@some.where.com)

- it had a two letter username (me@somewhere.com)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: