Problem/Motivation

In some rare cases users accidentally(?) enter a space immediately before the @ sign in email addresses. This is RFC-compliant, but deprecated and triggers a warning in Egulias\EmailValidator\Validation\RFCValidation->isValid.

So an email address like this would be valid, but most servers do not handle it, triggering an error error while sending the mail:

mmbk @example.org

Steps to reproduce

  1. Use any form that has an email field (for example the /admin/config/system/symfony-mailer-lite/test )
  2. Enter an address containing a space before the "at" sign, like mmbk @example.org
  3. The mail transfer will fail

test result (sorry for the german screenshot )

Proposed resolution

egulias/email-validator supports another validator NoRFCWarningsValidation that is doing the same validations and treats the warnings as errors, so a mail like this cannot be entered.

Remaining tasks

Basically the change is:

diff --git a/lib/Drupal/Component/Utility/EmailValidator.php b/lib/Drupal/Component/Utility/EmailValidator.php
index f1345d03b1..f86efa7411 100644
--- a/lib/Drupal/Component/Utility/EmailValidator.php
+++ b/lib/Drupal/Component/Utility/EmailValidator.php
@@ -4,7 +4,7 @@ namespace Drupal\Component\Utility;
 
 use Egulias\EmailValidator\EmailValidator as EmailValidatorUtility;
 use Egulias\EmailValidator\Validation\EmailValidation;
-use Egulias\EmailValidator\Validation\RFCValidation;
+use Egulias\EmailValidator\Validation\NoRFCWarningsValidation;
 
 /**
  * Validates email addresses.
@@ -27,7 +27,7 @@ class EmailValidator extends EmailValidatorUtility implements EmailValidatorInte
     if ($email_validation) {
       throw new \BadMethodCallException('Calling \Drupal\Component\Utility\EmailValidator::isValid() with the second argument is not supported. See https://www.drupal.org/node/2997196');
     }
-    return parent::isValid($email, (new RFCValidation()));
+    return parent::isValid($email, (new NoRFCWarningsValidation()));
   }
 
 }

User interface changes

NONE

Introduced terminology

NONE

API changes

NONE

Data model changes

NONE

CommentFileSizeAuthor
#19 3521184-nr-bot_qq4f_psy.txt934 bytesneeds-review-queue-bot
Bildschirmfoto vom 2025-04-25 13-51-42.png44.86 KBmmbk

Issue fork drupal-3521184

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

mmbk created an issue. See original summary.

mmbk’s picture

mmbk
Primary language German
Location Meißen
commented

Sitenotes:
- Actually I don't understand the reason why it's not allowed to pass other validators into the `isValid` method.
- Maybe it's a good idea to make the validator configurable in the mailer settings?

Differences between the validators found in my research:
RFCValidation:
Validates email addresses according to RFC 5322, including some edge cases and deprecated features, such as:
Quoted strings
Folding white space (FWS)
Comments
Space before the @ (technically valid per RFC but rarely supported)
This validator returns emails as valid even if they include unusual but technically RFC-compliant formats. It may emit warnings, which are important if you want to avoid deprecated or problematic formats.

NoRFCWarningsValidation:
This is a stricter validator. It still uses RFC rules, but any format that triggers an RFC warning—like a space before @—is considered invalid.

cilefen’s picture

cilefen commented
Version: 11.1.x-dev » 11.x-dev
Category: Task » Bug report
Related issues: +#3307810: Figure out how email contraint bound to egulias email validator, +#3061074: egulias/EmailValidator prior to 2.1.22 allows addresses with a space in the domain part

#3061074: egulias/EmailValidator prior to 2.1.22 allows addresses with a space in the domain part suggests this was previously fixed for some other case.

annmarysruthy’s picture

annmarysruthy commented
Assigned: Unassigned » annmarysruthy

annmarysruthy opened merge request !11962

annmarysruthy’s picture

annmarysruthy commented
Assigned: annmarysruthy » Unassigned
Status: Active » Needs review
smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work
Issue tags: +Needs tests

Can we get a test showing this problem

prabha1997’s picture

prabha1997 commented

I have added assertFalse() for the invalid email case (example@example) in the testIsValid() method to ensure that it correctly returns false when an invalid email is passed

prabha1997’s picture

prabha1997 commented
Status: Needs work » Needs review
prabha1997’s picture

prabha1997 commented

Thank you for your feedback.
I've now added the following assertion to cover the invalid email case with a space:
$this->assertFalse($validator->isValid('example @example.com'));
Please let me know if any further changes are needed.

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work
Issue tags: +Needs change record

Thnk a last step would be to get a CR written as this could be a behavior change for some

dcam made their first commit to this issue’s fork.

dcam’s picture

dcam commented
Status: Needs work » Needs review
Issue tags: -Needs tests, -Needs change record

I added a change record at https://www.drupal.org/node/3557004.

smustgrave’s picture

smustgrave commented
Issue tags: +Bug Smash Initiative, +Needs Review Queue Initiative

Sorry for the delay, can this get a rebase. Gitlab is not doing it so assume there is a small conflict or fuzziness.

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work
dcam’s picture

dcam commented
Status: Needs work » Needs review

Rebased

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community

LGTM

Version: 11.x-dev » main

Drupal core is now using the main branch as the primary development branch. New developments and disruptive changes should now be targeted to the main branch.

Read more in the announcement.

needs-review-queue-bot’s picture

needs-review-queue-bot commented
Status: Reviewed & tested by the community » Needs work
StatusFileSize
new 3521184-nr-bot_qq4f_psy.txt934 bytes

The Needs Review Queue Bot tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

dcam’s picture

dcam commented
Status: Needs work » Reviewed & tested by the community

Post-bot-rebellion rebase

longwave’s picture

longwave
he/him
Primary language English
Location UK
commented
Status: Reviewed & tested by the community » Needs work

Agree with the MR comment, let's swap to example.com instead of localhost.com.

dcam’s picture

dcam commented
Status: Needs work » Needs review

The addresses were changed to @example.com.

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community

Feedback appears to be addressed on this one

  • amateescu committed 86cf98b5 on 11.x 
    fix: #3521184 Email validation allows deprecated email addresses

By:...

  • amateescu committed 2d81003d on main 
    fix: #3521184 Email validation allows deprecated email addresses

By:...
amateescu’s picture

amateescu commented
Status: Reviewed & tested by the community » Fixed

Committed and pushed 2d81003d5dd to main and 86cf98b5791 to 11.x. Thanks!

Also closed #3307810: Figure out how email contraint bound to egulias email validator as a duplicate and transferred issue credit over here.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

amateescu closed merge request !11962

ressa’s picture

ressa
he/him
commented
Issue summary: View changes

Thanks for reporting and fixing this :) Just adding formatting for code and correcting some typos.