Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^4: Practical e-mail address validation (flexes)

by tye (Cardinal)
on Sep 13, 2008 at 18:20 UTC ( #711152=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Practical e-mail address validation (flex)
in thread Practical e-mail address validation

You appear to mean "directly before the @". Thanks for the clarification. Email::Valid::Loose further clarifies:

Email::Valid::Loose is a subclass of Email::Valid, which allows . (dot) before @ (at-mark). It is invalid in RFC822, but is commonly used in some of mobile phone addresses in Japan (like docomo.ne.jp or jp-t.ne.jp).

So the items identified so far:

  • Allow /\.\@/
  • Disallow /\@.*%/ (actually more, since you answered my question in the negative in a private /msg and promised more details later)
  • Disallow CFWS w/in the address
  • Require /\@.*\./
  • Require /\.[a-zA-Z]{2,}$/
  • Require RFC1035-compliant domain (except empty ones)
  • Extend RFC1035 to allow domain labels that start with a digit
  • Disallow quoting (usually of $local_part)
  • Disallow escaping (usually of $local_part)
  • Disallow /\+.*\@/
  • Disallow "group"s (/$display_name:$mailbox_list;/)
  • Disallow "name-addr" (/$display_name?$angle_addr/)
  • Disallow "obs*" (obs-angle-addr, obs-mbox-list, obs-addr-list, obs-local-part, obs-domain)

- tye        


Comment on Re^4: Practical e-mail address validation (flexes)
Select or Download Code
Re^5: Practical e-mail address validation (flexes)
by Limbic~Region (Chancellor) on Sep 13, 2008 at 20:36 UTC
    tye,
    They (email addresses with periods immediately preceding the @) were also very common by Microsoft Exchange back when I was working at the DoJ. I am not sure if M$ has become more compliant. I am going to be updating this node with a variety of other ways at attempting to exploit open relays and I will /msg you when complete.

    Update: Rather than enumerate them myself, go to http://www.abuse.net/relay.html and test an MTA you believe to be secure. It shows you all the email addresses it uses to test with (from and to). I also realized I had the relay syntax wrong. It is foo%bar.com@example.com. I have updated the prior node.

    Update: I haven't provided a complete list of "rules" that I think such a theoretical module should include but having "John Smith"@example.com is another one that should be flexible. If I come up with more I will add them here but it has been a long time since I thought about such things. Oh, and I used to have to worry about non-SMTP addresses too like CC:Mail and GroupWise (fortunately not UUCP).

    Cheers - L~R

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://711152]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (4)
As of 2014-08-01 03:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (256 votes), past polls