> In practice such email addresses are not possible in many server configurations, and it usually makes sense to reject such email addresses.
I would put more weight on closing the loop than filtering on the front end. I'd wager that the vast majority of sites that gather an email address do not send a verification email that bars further progress on their site. It's especially critical if it becomes the underlying trust mechanism for your site.
IMO you should only work on filtering fancy quotes out if you've already got a loop-closing verification email path. And yes, I recognize that it's really nice to catch these errors earlier. But the failure mode where people enter someone else's valid email address rather than their own is more common than you might assume.
I would put more weight on closing the loop than filtering on the front end. I'd wager that the vast majority of sites that gather an email address do not send a verification email that bars further progress on their site. It's especially critical if it becomes the underlying trust mechanism for your site.
IMO you should only work on filtering fancy quotes out if you've already got a loop-closing verification email path. And yes, I recognize that it's really nice to catch these errors earlier. But the failure mode where people enter someone else's valid email address rather than their own is more common than you might assume.