I scored 16/21 on https://e-mail.wtf/ and all I got was this lousy text to share on social media.
This was fun!
Edit: people, upvote the OP, not me
13/21 here. Mostly got hung up on several “this was valid in earlier RFC, and later removed” kind of situations. There are several where I picked the correct answer, but where I know many websites that won’t accept it as valid, and that’s not even the more esoteric ones.
Yeah I feel like the correct answer for anything obsoleted by a more recent RFC should be “Invalid”.
But they will work, and according to the spec, you have to build your system so that it can handle those cases. Obsolete doesn’t mean incorrect or invalid, just a “you shouldn’t do this any more”.
Obsolete Syntax
Earlier versions of this standard allowed for different (usually more liberal) syntax than is allowed in this version. Also, there have been syntactic elements used in messages on the Internet whose interpretation have never been documented. Though some of these syntactic forms MUST NOT be generated according to the grammar in section 3, they MUST be accepted and parsed by a conformant receiver.Some of those “obsolete” things are outright blocked for specific reasons. For example, routing addresses through multiple servers. It was abused by spammers, so it’s almost always denied these days.
Looks like this:
<@foo.example.com@bar.example.com:123@example.com>Well shit, yeah, that “MUST be accepted and parsed” is pretty explicit. That sucks. What is even the point of revising standards? How the fuck do we ever get rid of some of these bad ideas?
Complaints about the quiz? Send them to 💩@💩
I got 14/21
Me too and it said that is the amount you’d get if you just picked “valid” for every response. Lmao
Samsies
Yay! Same. But only because I’ve already heard of some email craziness before.
yay 16/21 club
Don’t tell me what to do!
Question 5 is incorrect,
name@exampleis a fully valid email address, even after RFC 2822The spec of RFC 2822 defines an address (3.4.1) as:
local-part "@" domaindomainis defined (3.4.1) as:domain = dot-atom / domain-literal / obs-domaindot-atomis defined (3.2.4) as:dot-atom = [CFWS] dot-atom-text [CFWS] dot-atom-text = 1*atext *("." 1*atext)1meaning at least 1 alphanumeric character, followed by*("." 1*atext)meaning at least 0"." 1*atext
If tomorrow, google decided to use its
googletop-level domain as an email domain, it would be perfectly valid, as could any other company owning top-level domainsGoogle even owns a
gmailTLD so I wouldn’t even be surprised if they decided to use itI didn’t understand this one. How do you have a no dot domain? Like you need to distinguish from example.com or example.wtf
Edit: do you mean if you own
.googleyou can have youremail@googleaddress?Yes, the top-level domain is still just a domain. I’m not aware of any public Internet services which are reachable from a TLD directly, and it’s strongly discouraged by ICANN, but there isn’t any technical limitation preventing e.g. someone at Verisign from setting up
example@com.In response to your edit.
Yes, or countries could use their cctld, e.g. email@us or noreply@uk.
Or any tld owner could do the same with theirs, of course.
Pretty cool
you could also send mails within your local network, the hostname just has to resolve and have a mail service running
I don’t know if they changes the answer to the question, but it now says
name@exampleis valid.It does say it’s valid, but also that it’s obsolete, and while the RFC does define valid but obsolete specs, there is nothing defining domains without a dot as obsolete, and it is in fact defined in the regular spec, not the obsolete section
I see what you mean, I’m with you now.
It says valid but obsolete, which sounds like a contradiction to me.
This is technically valid but considered obsolete. RFC 822 allowed domains without dots, but RFC 2822 made this obsolete.
Do email suffix not indicate a different domain like .org and .com for websites?
My top five from this (all valid):
- ":()␣:;:"@example.com # fork bomb
- 👉@👈 and poop@[💩]
- “@”@[@]
- c̷̨̈́i̵̮̅l̶̠̐͊͝ȁ̷̠̗̆̍̍n̷͖̘̯̍̈͒̅t̶͍͂͋ř̵̞͈̓ȯ̷̯̠-̸͚̖̟͋s̴͉̦̭̔̆̃͒û̵̥̪͆̒̕c̸̨̨̧̺̎k̵̼͗̀s̸̖̜͍̲̈́͋̂͠@example.com
- fed-up-yet@␣example.com␣ # ␣ = whitespace
TIL that emoji transcend spoilers.
Spoilers!
deleted by creator
I
rage quitgave up at 12.A fork bomb is apparently a valid email address.
I quit, this is stupid.
15
Going to have to try some of those… Can you actually register emojis as a domain, or is that just the email validation that allows them?
Edit: most TLDs don’t. Smaller ones do sometimes.
Emoji domains can be registered using punycode, and you’re right that it’s up to the TLD whether they’re allowed or not.
For example: http://📙.la/🐶
📙.la is encoded using punycode to http://📙.la/
🐶 is URL-encoded to %F0%9F%90%B6
Giving the ‘true’ URL http://📙.la/🐶 which then redirects to https://emojipedia.org/dog-face
Emails should generally use
@xn--yt8h.lainstead offor maximum compatibility. I’m not sure if the email spec allows punycode.
THIS THING IS STUPID!!!
Or it’s just me that is the fool. Thanks for sharing. I just learned about 9 new things.
All of the modern internet is built on the decaying carcasses of temporary solutions and things that seemed like a good idea at the moment but are now too widely used to change.
I don’t think it really matters what the standard is, because you’ll be completely limited by some 25 year old bit of Regex from Stack Overflow that every web developer ever has implemented into their form sanity checks.
The main one that gets passed around will match the weirdness fine. In fact, it probably matches things you don’t want, anyway.
A signin/registration form really only needs to do sanity checks to get rid of obviously bad addresses. You’ll have to send a round-trip email confirmation message to make sure the email is real, anyway, so why bother going into great detail? Just check that there’s an ‘@’ symbol and a dot in the domain. Most of the rest is wanking off.
A domaine without tld (me@home) is a valide address. I saw an email server being used as a mqtt-like server this way (it is very old and predate those software).
An address without a domain is irrelevant for a signin/registration form. Which is like 90% of the code being written in the wild to validate addresses.
If you’re writing an email server, then you need to care about all these details. Most of us never will.
Hey! IPv6 is valid in the inter-network context and needs no dots!
You gonna fill an IPv6 address for your email server into the DoorDash signin page?
Don’t be ridiculous, I’m going to use an open source password manager to fill an IPv6 address for my email server into the DoorDash signin page.
I know you’re being facetious, but I’m thinking through the implications of someone actually doing this. ISPs aren’t always handing out static IPv6 prefixes for some damn reason, so you can’t count on that address staying the same when self-hosting. Even if you can, you don’t know what will happen when you change ISPs.
So yeah, really bad idea regardless.
I don’t care who the IRS sends, I am not validating emails with spaces on them.
You shouldn’t be validating emails yourself anyway. Use a library or check for only the
and then send an email confirmation.Use a library
Please, no. If someone wrote email address “validation” complex enough to warrant a library, then their code is almost certainly wrong.
or check for only the @ and then send an email confirmation.
Yes. Do that.
If your boss demands a more detailed check at input time, then make it display warnings, not errors, and continue to the confirmation sending step if the user chooses to ignore the warning.
Even if it’s a completely valid address and the domain exists, they still might’ve fat fingered the username part. Going to extreme lengths to validate email addresses is pointless, you still have to send an email to it anyway.
I seem to have annoyed an admin of an instance enough for them to subscribe my signup email to hundreds of dating profiles (presumably using a service that offers to harass someone for you)
Many of them aren’t good at validating email
One in ten has one email arrive, asking me to click a link to confirm
9 in ten have 5 emails before I notice them:
- Please click a link to confirm
- You received a wink
- You received a wink
- You received 3 chat requests
- You received a link
So it’s important to not send emails beyond the validate one to unvalidated addresses, to perfect your service annoying or harassing this parties
Also, use a disposable address for signing up to Lemmy
This is the way.
👉@👈
Bottom-ass email address.
No ring for that.
What if we 👉@👈 …? 🤭
Now i just need a registrar that allows emoji…
Any should. Any unicode is converted to alphabetical anyways, through “xn–” + a punycode conversion. Which is actually fairly important for places that don’t use the Latin alphabet.
See http://xn-bdk.gay/, which is the same as http://ツ.gay/
(Someone set this up on 196 a while ago, they said they were using Namecheap)
oh jesus, rabbit hole accepted, thanks!
Self-host it.
People may find that weird, however.
Two of my “favorite” features it didn’t even touch on. You can have nested comments:
foo(one(two(three(four(five(six(seven)))))))@example.comThis will actually fail on that big email regex that gets copied around (originally from Mastering Regular Expressions in 1997), because it can only handle comment nesting to a depth of six. It is actually possible to do indefinite nesting now with recursive regex, but it was developed before that feature existed.
RFC822 also allows routing addresses through multiple servers:
<@foo.example.com@bar.example.com:123@example.com>But this is almost always denied on modern email servers because it was abused by spammers.
The routing feature is so cursed XD
I don’t validate emails, I test them.
That’s your email? OK, what did we send it? if we couldn’t send to it or the user can’t read it there’s no reason to accept it.
OK, maybe I do some light validation first, but I don’t trust the email address just because it’s email-address-shaped.
I don’t validate emails, I test them.
Hooray! You get a gold star.
OK, maybe I do some light validation first,
I hope your “validation” does nothing more than show a warning that the user is allowed to ignore.
I have seen too many systems built by people who think they know what’s valid or not before and after the
sign*, and they are almost always dead wrong. In the worst cases, such systems accept an unusual-looking address and claim to send the expected verification message, but never actually send it. Of course, these systems won’t work for some people, and since none of their online docs or support staff know why, those people will be locked out of using the system and funneled into bottomless pit of misery if they try. Please don’t build broken garbage like this.*Fun fact: Not so terribly long ago, even the
sign didn’t have to be present. Some email addresses were bang paths. I’m not sure if any of these are still in use, but it wouldn’t shock me to learn that they are.What kind of “light validation”? I’m guessing a
.*@.*regex match.Almost correct. ^.+@.+$
Too hard to validate properly to be worth it. Even if it is technically valid that’s insufficient. It must also work, and the easiest way to test that is to use it and verify that the user got what we sent.
I see you accept lemmy handles.
if i can email them and the user gets it - fine by me
Would pass first validation, but fail when we try to send an email.
Successfully failed.
matches
Hooray, you have better security than Apple, who won’t let me use my own email because some idiot in Australia used it first.
Let us recite the email validator’s oath:
If it has something before the
, something between theand the., and something after the., it’s valid enough.The ultimate validation is to see if it gets sent.
Fails for when there is no TLD. Just send an email and validate a response eg from a link.
No. The number of users who have a real email with no TLD is far less than the number of users who will accidentally type an email with no TLD if you don’t validate on the front end.
I’m here to help 99.9% of users sign up correctly, not to be completely spec-compliant for the 0.1% who think they’re special.
Guess my mail@IPv6 won’t be accepted because I was too poor to pay for a domain name after having paid for a static IPv6.
I gave up when I got like 5 wrong. I’ve ran mail servers for decades, most of the invalid “valids” would get rejected by any mailservers I’ve administered.
And for a good reason.
Just because it’s not something you’d use anymore doesn’t mean it isn’t valid.
WEP is still a valid form of wireless encryption, but no one would use it anymore (and so would be obsolete). It’s still a part of the 802.11 standard.
I scored 13/21 on https://e-mail.wtf/ and all I got was this lousy text to share on social media.
5/21 for me LoL 😂
