Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When you register as new user Drupal accepts invalid email addresses like "tom@org". That should be improved.
Article about Email validation:
http://www.linuxjournal.com/article/9585
Furthermore, an email field in Drupal core would be nice.
(I know that there is a module called "Email Field" (but its email-field-validation lacks of a better validation, too.)
Comments
Comment #1
bleen CreditAttribution: bleen commentedisn't foo@localhost a valid email address ... granted its a fringe case, but valid none-the-less
Comment #2
bleen CreditAttribution: bleen commented...in fact according to the list on page 2 of the link you supplied (http://www.linuxjournal.com/article/9585?page=0,1) foo@localhost is valid
Comment #3
Nikdilis CreditAttribution: Nikdilis commentedLocalhost is an exception for a site that is not productive and thus shoud be handled separate .... in any other case the validation is wrong.
Comment #4
Nikdilis CreditAttribution: Nikdilis commentedTo 6.: "A domain consists of labels separated by dot separators (RFC1035 2.3.1)."
=> not given in Localhost => foo@localhost is not a valid email address.
Comment #5
bleen CreditAttribution: bleen commentedNumber 6 does not say "A domain consists of at least 2 labels separated by dot separators" ... in which case you would be right. I wont re-close this issue for a little while to give some others more of a chance to speak up, but I believe that foo@localhost is perfectly legitimate and therefore so is this validation.
Comment #6
Bence CreditAttribution: Bence commentedfoo@localhost is invalid on a live site. This is a great article on email validation: http://www.regular-expressions.info/email.html
You cannot validate 100% of the possible email addresses, only about 99% of them, the article says.
Comment #7
mfer CreditAttribution: mfer commentedThe question is what do you validate to. In our case we validate to the RFC 2822 (the spec for email addresses). What we actually do is use PHP's internal email validation. See http://api.drupal.org/api/drupal/includes--common.inc/function/valid_ema.... valid_email_address() is simply a wrapper around php internals.
If you are looking for an fake email address to use during development try example.com. That won't route anywhere and passes validation. localhost is not an internet routable address and therefore invalid.
Comment #8
mfer CreditAttribution: mfer commentedComment #9
Nikdilis CreditAttribution: Nikdilis commented@mfer: thanks for the explanation.
However, users expect a CMS to validate emails in a proper way (at least in 99%) and email validation is really a BASIC function.
As a user I'm not interested in the technical reasons of why Drupal is currently not able to do that.
Try other sites if they accept emails like "tom@blabla". In most cases they won't.
Try google for example: https://www.google.com/accounts/ServiceLoginAuth
After entering "tom@blabla" as email address you get the following error-message:
"Invalid Email Address" - "•You're entering '@gmail' or '@yahoo' instead of '@gmail.com' or '@yahoo.com'"
That proves that google checks if the email address contains a dot followed by characters. Seems like they don't care much of RFC2822, if mfer was right.
I'm actually shocked that Drupal offers such a bad email validation when it's pretty easy to improve it. And personally I don't give much on RFC2822 if it allows obviously invalid email addresses.
I reopen this issue as I want to get to know other opinions. An improved email validation should definitely be a feature request for Drupal 8.
Comment #10
Nikdilis CreditAttribution: Nikdilis commentedComment #11
bleen CreditAttribution: bleen commented...it would be very simple to create a module called "better email validation"
just a thought...
Comment #12
Nikdilis CreditAttribution: Nikdilis commented@bleen18
Maybe it would be very simple (for all users) to create modules for every weakness and new function in drupal themselves. So we don't have to further develop Drupal anymore. Cool ;-)
Please think as a user and not as a developer.
Comment #13
Bence CreditAttribution: Bence commentedSame here, I don't care about the RFC, an email validation is required which is practical. Why not use this regex? http://www.regular-expressions.info/email.html
The author says that is the best email validation regex. It works 99% of the time in the REAL world, not in theory.
Comment #14
droplet CreditAttribution: droplet commentedany possible way to alter/override common.inc function ?
Comment #15
Paul Natsuo Kishimoto CreditAttribution: Paul Natsuo Kishimoto commentedAs I see it:
Note that it would not be correct to automatically disqualify any e-mail address without a dot in the domain. Consider a closed company intranet with two servers, one called "drupalserver" and the other "emailserver". The user would navigate to "http://drupalserver" using their browser, and register an account as "me@emailserver". This is entirely valid usage and must be supported.
So, I believe what Nikdilis actually wants is a check in valid_email_address() that the domain part of the address resolves correctly. In most situations "blabla" etc. will not resolve.
I don't know if this is a bug or a D8 feature request; someone else can decide.
Comment #16
Nikdilis CreditAttribution: Nikdilis commented#15:
- I don't say that localhost or intranets should not be supported, but a check in valid_email_address() that the domain part of the address resolves correctly would be nice, yes!
I make it a feature request for version 8.
Comment #17
at0g CreditAttribution: at0g commentedI think both angles of this discussion are valid.
It would be nice if the email validation could be configurable.
For example, by default email validation would use the 99% case (domain requires at least 2 parts, separated by a period), but there could be a configuration option to use a strict RFC validator, which would allow localhost etc.
Comment #18
bleen CreditAttribution: bleen commentedre #12: I was not suggesting that everyone creates a "better email validation" module; I was suggesting that perhaps you would want to scratch your own itch here and create one and then contribute it back to the community so that no one ever needs to write that validation again. I was thinking exactly like a user.
Comment #19
cilefen CreditAttribution: cilefen commentedvalid_email_address() has been deprecated and replaced with egulias/email-validator. Please re-test.
Comment #20
AswathyAjish CreditAttribution: AswathyAjish commentedEmail validation will be completed only after checking the domain part is seperated by a dot.
Comment #21
renukakulkarni CreditAttribution: renukakulkarni commentedA check in valid_email_address() that the domain part of the address resolves correctly should be there in the email address validation.
Comment #22
cilefen CreditAttribution: cilefen commentedWhat you are asking for goes a bit farther than the others. You want an active network-based check? What if DNS is not responding at that moment, but the address is valid?
Please consider comment #19. Any feature requests like #21 must be opened in the email-validator project.
Know that you can implement your own form validation to do this.
Comment #23
cilefen CreditAttribution: cilefen commentedComment #25
sarikak CreditAttribution: sarikak commentedHi,
Is there any solution for validating email address.Can we handle it in custom validation?
I have posted a query regarding the same on the following link.
https://www.drupal.org/node/2819387
Any suggustions will be helpful.
Thanks.
Comment #26
andypostLocal domains should be supported
Comment #35
liquidcms CreditAttribution: liquidcms commentedDoesn't RFC2822 say this is valid
"My Name <me@example.com>"
? And Drupal suggests and works with this as the site email address and core ->mail() function works with this format. Shouldn't these be included in some (maybe its not this) method to check if valid.And then also include functions to break into just the mail portion for functions like user_load_by_mail()?
Comment #37
quietone CreditAttribution: quietone as a volunteer commentedvalid_email_address was deprecated in Drupal 8.3.x #2343043: valid_email_address() should use egulias/EmailValidator and become deprecated and replaced with egulias/EmailValidator. And there is an another issue discussing this problem for Drupal 9, #2492667: egulias/EmailValidator allows addresses without TLDs. Therefore, I think this can be moved to Drupal 7 leaving the other in Drupal 9.
Comment #38
poker10 CreditAttribution: poker10 at ActivIT s.r.o. commentedAdding related issue for D7. If this will be committed, then everyone can modify the validation as wanted without hacking the core.
Comment #39
poker10 CreditAttribution: poker10 at ActivIT s.r.o. commented#2966195: valid_email_address() should be easily overridable is committed, therefore closing this as Won't fix. Sites which require this are now able to do custom changes to the
valid_email_address()
validation via the new hook. It is unlikely that we would do changes to the behavior of thevalid_email_address()
itself in this D7 phase, as it is widely used function and such changes would affect majority of sites.