Hacker News new | past | comments | ask | show | jobs | submit login

It is a legal email address per RFC 5321.

In practice such email addresses are not possible in many server configurations, and it usually makes sense to reject such email addresses.




> In practice such email addresses are not possible in many server configurations, and it usually makes sense to reject such email addresses.

I would put more weight on closing the loop than filtering on the front end. I'd wager that the vast majority of sites that gather an email address do not send a verification email that bars further progress on their site. It's especially critical if it becomes the underlying trust mechanism for your site.

IMO you should only work on filtering fancy quotes out if you've already got a loop-closing verification email path. And yes, I recognize that it's really nice to catch these errors earlier. But the failure mode where people enter someone else's valid email address rather than their own is more common than you might assume.


How is it legal per RFC 5321? The quotation marks are notionally valid, yes, but as posted it had the ASCII double-quote (legal) converted to stylized left and right quotes (non-ASCII, illegal).


I assumed that the question being asked was is the style with ASCII quotes legal.

If the question involves the use of the non-ASCII quoting style, the answer is more muddled. RFC 6531 generally repeats the RFC 5321 mantra of "don't interpret the local-part", prohibiting only ASCII C0 control codes explicitly [1]. RFC 6530 suggests that C1 control codes should also be prohibited, and suggests that non-NFC is highly likely to cause problems. It further suggests that NFKC-normalized and excluding punctuation and whitespace is risky.

In general, a lot of email address handling advice requires ignoring what the dictums of the RFCs state. You should treat email addresses as case-preserving (i.e., compare ignoring case but don't change the case), and it's inadvisable to have a case-sensitive email server. Similarly, quoted local parts and domain literals should be rejected by almost all software that's not in the guts of the email system. Extending similar rules to EAI is difficult because it's unclear how the system will work in practice, but my libraries start by force-converting the localpart to NFC.

[1] The actual text is "ASCII graphics or control characters." This could be interpreted to mean "(ASCII graphics) or (control characters)" or "ASCII (graphics or control characters)." Given the text of RFC 6530, assuming that C1 is forbidden should generally be a safe assumption.


> I assumed that the question being asked was is the style with ASCII quotes legal.

My question was actually about the fancy quotes; I found it amusing that they got fanci-fied by the blog software.


Thanks, this is a good in-depth summary of some stuff I didn't know.


...assuming that you are being asked to create it. If you want to deliver to another server, keep the left-hand-side exactly the way it is.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: