Got more questions? Find advice on: ASP | SQL | XML | Windows
in Search
Welcome to RegexAdvice Sign in | Join | Help
HomeBlogsForumsPhotosDownloads

Regex According to Jeff

The right tool for the right job

Email Validation

Email validation seems to be one of the most popular uses for regex.  I imagine a large part of that, at least in the ASP.NET community, is due to Validation Controls.  Sure, you want to validate user input.  Hell, you probably even want to do it client side to save your server a little extra load, save the client some time in a post back, and make yourself feel good by watching the little, red, * pop up next to the email field.

I've got to ask you, why are you going to bother validating the format of an email address if you're never going to use it?  Sure, this.is.not.an.account@myserver.com is a valid email address, but what good is it, if it doesn't exist?

Oh, you want to use the email address.  Well, by the simple logic above, format validation is not sufficient.  If you're collecting email to use (and why else would you collect the information, just to waste space on your precious server?) then you need the email address authenticated--every time it changes--and you need to cull through your mail server logs looking for bounced emails.  [Parsing through logs, now that is a great use for regex, more on that later]

Email authentication?  Sure, you send off an email to the address the user provided with a URL like (http://mysite.com/email/87asdfjasd0fas7df-0235235asdf and if the hash matches what you expect--stored in the database--you flip the switch on the bit column or put a date in the “emailAuthenticated” column and you're golden).  URL Email Authentication would be a very good use for an http module, you expect no input from the user, minimal output from the server (Thanks, you're authenticated), so why bother with the overhead of a webform?  So that's an ASP.NET solution, but it's just as easy to deal with $PATH_INFO in PHP or the Query String in any web language for that matter.

It's all about the job.  If you want an email to use, you better make sure you can use it.  Validation just lets you know it's in the right format, Authentication lets you know it's a real email address and hopefully the guy on the other end was expecting it, or doesn't mind it getting sent to him.  If you're not going to use the email, why waste the space and collect it, and above all why waste the time to validate it?  (Remember the women at your feet?)

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Sponsor
Published Tuesday, November 11, 2003 7:59 AM by jeffrey
Filed under:

Comments

 

jeffrey said:

seems like the wrong use of the word "authentication".

I think "email verification" works better since authentication normally deals with determining a user's identity.

However, I agree _some_ systems need to verify that the email addresses is an actual email address and not just characters of a typical email grammar. But, for most apps, I think it's valid to just add a second textbox to verify that the email address is correct the same and a valid syntax of an email address. The user is aware that if they don't put in the correct email address then they can't use the system.

November 11, 2003 4:41 PM
 

jeffrey said:

I still like "email authentication". Not only would I like to determine that the email exists (veification), but that it truly is the email of the user that submitted it (authentication).

It was only a small bit, but "...and hopefully the guy on the other end was expecting it,..."
November 12, 2003 8:00 AM
 

jeffrey said:

Did you know there are ways to verify an email address before actually sending an verification email?

You can use NSLOOKUP to check is the entered domain exists and do a check on the SMTP server from that domain to really see if there's a user asociated with the address entered. This technique can be fully automated while the user is on the website, though it requires some extra resource use.

The technique I personally use is first checking the format of the email address, next do that nslookup-validation and last (but not least) sending an verification email.

This way you can prevent sending messages and having to parse an logfile to see if it's bounced.

Regards,


Jeroen.
November 14, 2003 10:33 AM
 

jeffrey said:

Yes, I did know of the method you speak. I do however think in the grand scheme of things it's easier to just send an email and wait for verification.

I do, however, still think it's a good idea to periodically check mail logs for bounced mail, especially if emails are important to you in a business sense.
November 14, 2003 11:19 AM
 

jeffrey said:

-opopopol
March 27, 2004 10:35 PM
 

jeffrey said:

You can use Jeroen's method to validate an email, but thanks to spammers, it's not as useful as it once was. Many mail admins have turned those features off because spammers hit them trying every tom@, dick@, and jane@ email address to harvest valid accounts. On such systems, if you don't follow through with an actual email but just try to query with a VRFY, they respond 'no user'.

One thing I HATE is those sites with two boxes asking for a retyping of an email address. It's a waste of time; if someone is so careless as to avoid checking what they type, they're sure to find some other way to bungle up their experience...
April 1, 2004 11:23 PM
 

TrackBack said:

January 7, 2005 9:15 AM
 

TrackBack said:

January 10, 2005 8:47 AM
 

TrackBack said:

March 31, 2005 8:35 AM
 

shemale hung guy 02 said:

*** hung guy 02

April 5, 2007 7:32 AM
Anonymous comments are disabled

This Blog

Syndication

Recent Posts

Tags

No tags have been created or used yet.

News

Archives
Got more questions? Find advice on: ASP | SQL | XML | Windows | About regexadvice.com | Privacy Policy | ASP.NET Tutorials | Advertise
Copyright ©2005 DevAdvice.com