I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.

  • dan@upvote.au
    link
    fedilink
    English
    arrow-up
    28
    ·
    edit-2
    11 months ago

    You can use symbols like [ ] . { } ~ = | $ in the local-part (bit before the @) of email addresses. They’re all perfectly valid but a lot of email validators reject them. You can even use spaces as long as it’s using quotation marks, like

    "hello world"@example.com
    

    A lot of validators try to do too much. Just strip spaces from the start and end, look for an @ and a ., and send an email to it to validate it. You don’t really care if the email address looks valid; you just care whether it can actually receive email, so that’s what you should be testing for.

    • itsralC@lemm.ee
      link
      fedilink
      English
      arrow-up
      17
      ·
      11 months ago

      Not even a dot: TLDs are valid email domains. joe@google is a correct address.

      • RubberElectrons@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        11 months ago

        Mmm… That doesn’t seem right, it’s usually gotta be fully expanded to at least a particular A record/MX.

        How would you tie the tld itself to an MX?

        • TwitchingCheese@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          ·
          11 months ago

          TLD is just another DNS layer, try an SOA or NS lookup for “com.” those are obviously hosted somewhere. Hell the “.” at the end is even another layer with the root nameservers. You’d probably trip up a bunch of systems that filter on common convention rather than the actual RFC, but you could do it.

          • RubberElectrons@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            How the hell were the original rfc designers so creative as to result in such a flexible system?? It’s gets crazier the more you look at it.

            • PoolloverNathan@programming.dev
              link
              fedilink
              English
              arrow-up
              5
              ·
              11 months ago

              It makes the system as a whole simpler. Your computer only needs to remember one root DNS server (although most computers allow setting 4 for redundancy) as opposed to one DNS server for each TLD, and it also makes adding TLDs easier.

      • PoolloverNathan@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        A lot of providers support plus‑aliasing, although it‌’‌s usually in a company‌’‌s best interest to block plus‑aliases.

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          + symbols aren’t always used for aliasing though, and companies that strip them out can break the email address. There’s no guarantee that dan+foo@example.com is the same person as dan@example.com.

          I have a catchall domain and used to use email addresses like shopping+amazon@example.com with a Sieve rule to filter it into a “shopping” folder, but these days I just do amazon@example.com without the category or filtering.

    • tomi000@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      3
      ·
      11 months ago

      Yea but most of the time its more important to block code injection than to have the last promille of valid mail adresses be accepted.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        4
        ·
        11 months ago

        You’re not going to get code injection via an email address field. Just make sure you’re using prepared statements (if you’re using a SQL database) and that you properly escape the email if you output it to a HTML page.