DEV Community

loading...

Discussion on: There's only one way to validate an email address

Collapse
timkor profile image
Timkor • Edited

Interesting article. However, what do you actually propose that a valid email address is:

  • An emailadress that works? Then this check is great.
  • Detecting it's not a bot? I don't really see this working. Especially not on long term.
  • Detecting it's not fraud/scam? Does not work. Scammers can steal credentials of their victims or what happens more often, just let the victims confirm their email.

If it's just about checking if a user did not mistyped his of her email. You're best off using a well tested browser implementation or just keeping the input loosely validated. The last thing you want is loosing conversion by someone that can not enter a valid email. At the end, it's the users responsibility to enter their correct emailadress.

If you really want to be sure and do not want to depend on a browser implementation or a strict validation process. You could even ask their email twice. Then the chance that the user mistyped will be very, very low.

Collapse
itr13 profile image
Mikael Klages • Edited

Would a regex catch either of the last two cases?

Collapse
timkor profile image
Timkor

No, pretty impossible using regex. There are tools like Siftscience though.

Collapse
jerodsanto profile image
Jerod Santo Author

what do you actually propose that a valid email address is

To me, valid means it's an email address in control of a human who entered it in earnest. You could layer on bot defense (via recaptcha, etc) either on the email form itself or on the confirmation page linked to in the email. But in my opinion, that's a separate concern.

You're best off using a well tested browser implementation or just keeping the input loosely validated.

I'm all for using <input type=email> and letting browsers do their thing. But that's more for UX than it is for me as the site owner.

Collapse
ferricoxide profile image
Thomas H Jones II

If you really want to be sure and do not want to depend on a browser implementation or a strict validation process. You could even ask their email twice. Then the chance that the user mistyped will be very, very low.

Though, if you do that, you probably want to disable the ability to paste from cut-buffer into the form. Otherwise, most people will just copy-paystah and you can end up with the wrong string twice.

Remember: there's people out there constantly trying to build a better idiot.

Forem Open with the Forem app