Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why is [email protected] valid? #337

Open
KirbyDE opened this issue Dec 2, 2022 · 5 comments
Open

Why is [email protected] valid? #337

KirbyDE opened this issue Dec 2, 2022 · 5 comments

Comments

@KirbyDE
Copy link

KirbyDE commented Dec 2, 2022

The address [email protected] is reported as valid, but doesn't seem to be accepted by SMTP servers.

Is this a bug?

@egulias
Copy link
Owner

egulias commented Dec 11, 2022

Hi Kirby.
The RFC's that specify email sintax are not necesarily implemented in full by all versions of all STMP servers.
If you are using v2, the domain validation was very loose in that it followed email's RFC rather than domain RFC 1035.
v3 is closer to RFC 1035 so it might come out as invalid, for instance.
But, even if by "formal" definition a domain or an email address is valid, is does not mean it will be accepted 100% of the times by all SMTP servers.

@Zenexer
Copy link

Zenexer commented Dec 13, 2022

RFC 1035 permits 1.1 as a valid name.

@KirbyDE
Copy link
Author

KirbyDE commented Dec 13, 2022

Thanks for the reply.

I've tested v3 and it seems like [email protected] is reported as valid.

Could this be changed?

As far as I understand RFC 3696 an email ending in an all numeric TLD can't be valid:

There is an additional rule that essentially requires that top-level domain names not be all-numeric

@Zenexer
Copy link

Zenexer commented Dec 13, 2022

That additional rule is enforced by ICANN and only applies to public zones that they administer. You can most certainly have a zone within your own DNS system that is all-numeric.

There's nothing stopping an organization's internal email infrastructure from using and accepting [email protected]; it just won't be usable on the public internet via traditional, ICANN-administered DNS.

@Zenexer
Copy link

Zenexer commented Dec 13, 2022

Note that if you want to forbid 1.1, you can probably use DNSCheckValidation instead of or in addition to RFCValidation--although if your DNS resolver is capable of resolving zones other than those administered by ICANN, there's still a possibility it will be considered valid and that email can be delivered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants