Interesting article. However, what do you actually propose that a valid email address is:
An emailadress that works? Then this check is great.
Detecting it's not a bot? I don't really see this working. Especially not on long term.
Detecting it's not fraud/scam? Does not work. Scammers can steal credentials of their victims or what happens more often, just let the victims confirm their email.
If it's just about checking if a user did not mistyped his of her email. You're best off using a well tested browser implementation or just keeping the input loosely validated. The last thing you want is loosing conversion by someone that can not enter a valid email. At the end, it's the users responsibility to enter their correct emailadress.
If you really want to be sure and do not want to depend on a browser implementation or a strict validation process. You could even ask their email twice. Then the chance that the user mistyped will be very, very low.
what do you actually propose that a valid email address is
To me, valid means it's an email address in control of a human who entered it in earnest. You could layer on bot defense (via recaptcha, etc) either on the email form itself or on the confirmation page linked to in the email. But in my opinion, that's a separate concern.
You're best off using a well tested browser implementation or just keeping the input loosely validated.
I'm all for using <input type=email> and letting browsers do their thing. But that's more for UX than it is for me as the site owner.
Been using UNIX since the late 80s; Linux since the mid-90s; virtualization since the early 2000s and spent the past few years working in the cloud space.
Location
Alexandria, VA, USA
Education
B.S. Psychology from Pennsylvania State University
If you really want to be sure and do not want to depend on a browser implementation or a strict validation process. You could even ask their email twice. Then the chance that the user mistyped will be very, very low.
Though, if you do that, you probably want to disable the ability to paste from cut-buffer into the form. Otherwise, most people will just copy-paystah and you can end up with the wrong string twice.
Remember: there's people out there constantly trying to build a better idiot.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Interesting article. However, what do you actually propose that a valid email address is:
If it's just about checking if a user did not mistyped his of her email. You're best off using a well tested browser implementation or just keeping the input loosely validated. The last thing you want is loosing conversion by someone that can not enter a valid email. At the end, it's the users responsibility to enter their correct emailadress.
If you really want to be sure and do not want to depend on a browser implementation or a strict validation process. You could even ask their email twice. Then the chance that the user mistyped will be very, very low.
Would a regex catch either of the last two cases?
No, pretty impossible using regex. There are tools like Siftscience though.
To me, valid means it's an email address in control of a human who entered it in earnest. You could layer on bot defense (via recaptcha, etc) either on the email form itself or on the confirmation page linked to in the email. But in my opinion, that's a separate concern.
I'm all for using
<input type=email>
and letting browsers do their thing. But that's more for UX than it is for me as the site owner.Though, if you do that, you probably want to disable the ability to paste from cut-buffer into the form. Otherwise, most people will just copy-paystah and you can end up with the wrong string twice.
Remember: there's people out there constantly trying to build a better idiot.