«

so ben...

if you were creating a web app with an email form... rather than try to
check if the email is valid... you'd create something to allow anyone to
potentially spam the hell out of a system...

my two cents worth... try to verify/validate that the email is valid, and
possibly belongs to the user...

peace...



-----Original Message-----
From: python-list-bounces+bedouglas=
[mailtoython-list-bounces+bedouglas=]On Behalf
Of Ben Finney
Sent: Thursday, September 21, 2006 6:07 PM
To: python-
Subject: Don't use regular expressions to "validate" email addresses
(was: Ineed some help with a regexp please)


"John Machin" <> writes:

> A little more is unfortunately not enough. The best advice you got was
> to use an existing e-mail address validator. The definition of a valid
> e-mail address is complicated. You may care to check out "Mastering
> Regular Expressions" by Jeffery Friedl. In the first edition, at least
> (I haven't looked at the 2nd), he works through assembling a 4700+ byte
> regex for validating e-mail addresses. Yes, that's 4KB. It's the best
> advertisement for *not* using regexes for a task like that that I've
> ever seen.

The best advice I've seen when people ask "How do I validate whether
an email address is valid?" was "Try sending mail to it".

It's both Pythonic, and truly the best way. If you actually want to
confirm, don't try to validate it statically; *use* the email address,
and check the result. Send an email to that address, and don't use it
any further unless you get a reply saying "yes, this is the right
address to use" from the recipient.

The sending system's mail transport agent, not regular expressions,
determines which part is the domain to send the mail to.

The domain name system, not regular expressions, determines what
domains are valid, and what host should receive mail for that domain.

Most especially, the receiving mail system, not regular expressions,
determines what local-parts are valid.

--
\ "I believe in making the world safe for our children, but not |
`\ our children's children, because I don't think children should |
_o__) be having sex." -- Jack Handey |
Ben Finney

--
http://mail.python.org/mailman/listinfo/python-list

bruce wrote:
> so ben...
>
> if you were creating a web app with an email form... rather than try to
> check if the email is valid...

Ever bothered to read the relevant rfc ?

> you'd create something to allow anyone to
> potentially spam the hell out of a system...

I'm sorry, but I fail to see how validating (or not) an email address
could prevent using a webmail form for spamming. Care to elaborate ?

> my two cents worth... try to verify/validate that the email is valid,

If it doesn't have an @ somewhere in it, it's not a valid mail address.
Else, it may or not be a valid email address - and then the only
reliable way to know is to send a mail to that address.

> and
> possibly belongs to the user...

How do you intend to check this ?

--
bruno desthuilliers
python -c "print '@'.join(['.'.join([w[::-1] for w in p.split('.')]) for
p in ''.split('@')])"

Bruno Desthuilliers wrote:

>> if you were creating a web app with an email form... rather than try to
>> check if the email is valid...
>
> Ever bothered to read the relevant rfc ?

or the perl faq:

http://faq.perl.org/perlfaq9.html#How_do_I_check_a_val

</F>

>> you'd create something to allow anyone to
>> potentially spam the hell out of a system...
>
> I'm sorry, but I fail to see how validating (or not) an email address
> could prevent using a webmail form for spamming. Care to elaborate ?

The best way would be to implement some limiting features. Try two times
from the same IP address in less than 10 minutes and you are banned for the
day. Or some such.


--
damjan

In article <4513d40c$0$75029$>,
Damjan <> wrote:
>>> you'd create something to allow anyone to
>>> potentially spam the hell out of a system...
>>
>> I'm sorry, but I fail to see how validating (or not) an email address
>> could prevent using a webmail form for spamming. Care to elaborate ?
>
>The best way would be to implement some limiting features. Try two times
>from the same IP address in less than 10 minutes and you are banned for the
>day. Or some such.
.
.
.
I'm having a lot of trouble imagining the problem this
fixes. I certainly deal with plenty of spam that would
continue to flow even were this proposal to be implemented.