I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
When you insist on implementing your own email address validation…
I have my own domain that uses a specific 2-letter ccTLD - it’s a short domain variation of my surname (think “goo.gl” for Google). I’ve been using it for years, for my email.
Over those years, I have discovered an astonishing number of fuckheaded organisations whose systems insist I should have an email address with a “traditional” TLD at the end.
My first email address was @k.ro (a free email provider many many years ago) and many websites thought a valid second-level domain name cannot be just one letter
A few years back I bought a .family domain for my wife and I to have emails at ourlastname.family That lasted a week because almost every online service wouldn’t accept it. Now we have a .org
Doesn’t surprise me one bit. I’ve noticed that a lot of websites will only accept
.comand a few will only accept email addresses from popular providers (Gmail, Hotmail, outlook, etc.)My guess is that it’s trying to reduce spam and fake account generation.
My guess is that it’s trying to reduce spam and fake account generation.
Thus preventing the growth of any small providers and further entrenching Microsoft, Google, Apple, and a handful of others as the only “viable” options.
Yeah, that’s it pretty much.Like 99% of your legitimate users are going to be standard gmail/yahoo/hotmail/etc. You see a user from ten minute mail, it’s probably some shady shit.
Not necessarily shady.
I use 10 minute email if a merchant requires me enter an email account before seeing the total price on an item (including shipping). That’s the most common pattern I’ve seen. My guess is that they want to ping you to complete the purchase.
Or a website might require free registration in order to view the content.
One place I use 10-minute email is actually Spotify. I didn’t want to give them my Gmail address since your name is exposed to the world via their sharing API.
Don’t get me wrong, there are a lot of bad uses for it as well. But privacy minded people use it too.
Feels very relevant to the fediverse, with how people tend to compare it to email.
Same. There are a lot of sites that just outright refuse to accept my email address that I’ve had for years, because it’s not a .com TLD.
CVS and E*Trade both refused to accept my fairly standard user@mydomain.info address during initial registration, but had no issue changing to that address once the account was created. It would be nice if their internal teams communicated a bit better.
I’ve encountered this because my domain has a hyphen in it. Very irritating.
I’m not aware of any correct email validations. I’m still looking for something accepting a space in the localpart.
Also a surprising number of sites mess with the casing of the localpart. Don’t do that - many mailservers do accept arbitrary case, but not all. MyName@example.com and myname@example.com are two different mail addresses, which may point to the same mailbox if you are lucky.
The only correct regex for email is:
.+@.+So long as the address has a local part, the at sign, and a hostname, it’s a valid email address.
Whether it goes somewhere is the tricky part.
Sorry, this is not a correct regex for an email address.
Sending using
mailon a local unix system? You only need the local part.STOP VALIDATING NAMES AND EMAIL ADDRESSES. Send a verification email. Full stop. Don’t do anything else. You really want to do this anyway, because it’s a defense against bots.
The only useful email validation is “can I get an MX from that” and “does it understand what I’m saying in that SMTP”. Anything else is someone that have too much free time.
It’s easier to Google “email regex [language]” and copy the first result from stack overflow.
I know (hope) you’re being facetious, because the objectively best way to do email validation is to send a fuckin email to the provided address.
Definitely a timesaver. Much faster to get incorrect email validation that way then to try building it yourself.
Skip the building step and go straight to pulling your hair out over why it’s not working! Efficiency!
That probably lead to this exchange.
Stack Overflow is useful, but…it needs more than a little parsing for useful answers.
but they are now ignoring me.
Hmm. Did you try giving them your email address?
Somebody made a shitty regex.
Probably, from what I can see the address in question isn’t really that exotic. but an email regex that validates 100% correctly is near impossible. And then you still don’t know if the email address actually exists.
I’d just take the user at their word and send an email with an activation link to the address that was supplied. If the address is invalid, the mail won’t get delivered. No harm done.
.+@.+\..+TLDs could theoretically have MX records too! Email addresses as specified also support IPv6 addresses! The regex would need to be
.+@.+and at this point it’s probably easier to just send an email.I’m with you, and I agree that is technically correct, but I believe the sheer number of people who might accidentally write “gmail” instead of “gmail.com” compared to people using an IPv6 address (seems like a spam bot) or using a TLD like “admin@com” make requiring the dot worthwhile.
That’s why I have an “allow anyway” button for addresses that look misspelled but are still technically valid.
Edit: believe it or not, that was a typo.
The best of validation is just to confirm that the email contains a
and a.and if it does send it an email with a confirmation link.TLDs are valid in emails, as are IP V6 addresses, so checking for a
.is technically not correct. For examplea@banda@[IPv6:2001:db8::1]are both valid email addresses.I feel like using
a@[IPv6:2001:db8::1]is asking for trouble everywhere online.But its tempting to try out, not many people would expect this.
try user@123.45.67.89.in-addr.arpa or user@d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa just for the giggles. Mix it with BANG-Adressing:
123.45.67.89.in-addr.arpa!d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa!user
That’s what it looks like to me too
I could probably write a RegEx for email format validation that’s accurate, but why would I when there are ones already written and readily available that covers all possible legit variations on the standard? I never understood why people insist on writing their own (crap) RegEx for something with as many possible variations they can miss like email…
And that one isn’t even a weird edge case! It’s a domain with a sub domain, if they can’t even cover that case then it’s an extra shitty RegEx
You’re talking to a bot that has a crappy parser and doesn’t understand what a subdomain is.
This is why you never attempt to validate an email address beyond requiring an @ followed by a period, and send a verification email
Technically you don’t need a period for a valid address. “a@a” is a valid email address.
Smells like bad regex
That regex makes me nauseous
Exactly. After the @ they should just confirm there’s at least one period. The rest is pretty much up in the air.
The easiest and most correct check: any character, then @, then any other character.
Even that would be technically incorrect. I believe you could put an A record on a TLD if you wanted. In theory, my email could be
me@example.Another hole to poke in the single dot regex: I could put in
fake@com.with a dot trailing after the TLD, which would satisfy “dot after @” but is not an address to my knowledge.
Six year old… Chipotle account? 🤣
Incompetent verification is definitely a problem, like they applied the most simplistic concept of ‘what’s a valid email address’. I had a problem like this with a website that needed an address, trying to sign up for a phone at my new house. My address went like ‘123123 State Road 533’ The name of the road was State Road 533, that is, as in Highway 533. However, the address interpreter read it as a road called State Rd and ignored the 533, and told me the address wasn’t found.
That is 100% a bot, and whoever made the bot just stuck in a custom regex to match “user@sld.tld” instead of using a standardized domain validation lib that actually handles cases like yours correctly.
Edit: the bots are redirecting you to bots are redirecting you to bots. This is not a bug. This is by design.
No, dots are NOT necessary. Actually you do not even need to supply a domain or a top level domain because mails then default to the default system which is usually localhost.
But even for routed mail there doesn’t need to be a dot.
There is still valid Bang-Adressing for UUCP routed emails:
!bigsite!foovax!barbox!me
This is a valid email which basically means “send my email to bigsite, from there to foovax, then to barbox, to the user me.”
And if you are in a playful mood - mix FQDN and BANG addressing…
A couple of years ago I made Hotmail crash by sending a mail to googlemail.de!hotmail.com!googlemail.com!hotmail.de!googlemail.ca!hotmail.ca!googlemail.fr!hotmail.fr!.. [repeated it for 32kByte] …!myuseraccount - their server literally crashed completely all over the world for like 15 minutes. I am so proud of myself but then it was their fault for not complying to RfC822.
I’m assuming by “dot” you meant @
I’m assuming by “dot” you meant @
In fact both are optional. With FQDN-Adressing a user without domain defaults to localhost, with Bang-Adressing there is no @ because the last system is left for interpretation of the last receiver and if he consideres it a user, so be it.
The best way to validate an email address is to sent it an email validation link.
Anything outside of that is a waste of effort.
That is 100% a chatbot using a regex email validator someone wrote as a meme that the chipotle dev copied from stack overflow without context.
As the owner of a .info domain, I know this pain all too well.
One of the reasons I’ve always avoided .info, nobody seems to believe it’s a real domain
You should put up an informational website to let people know, at https://info.info/
Chipotle needs to watch this video:
I tried to start that video, but I got “Failed with error code 1003, see logs for more info”. (I don’t think I have have access to any logs, so I guess that part isn’t for me.) Maybe Chipotle wasn’t able to watch it either, and so that’s why their system is broken.
I used to have an email address “myfirstname@i.am”. I thought it was really cool… until I kept having issues logging into sites that didn’t understand how email worked. I now use “companyimgivingmyemailto@myname.com”, and I just confuse humans who think I work at their company, and that I don’t understand how email works…
If that’s their standard, you can probably just edit the html to make the login button active and then sign-in.
I work for Chipotle Corporate. Please send me your email address. I’ll make sure it gets fixed.
Nice try I’ve heard that before
There should be an ‘@,’ followed by a domain (name@email.com).
What is your email address?
