This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------bb2463e6e1d95722de076e64cac3b6a1 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

Hi,

I'm building a simple project using smtplib and have a question. I've been doing unit testing but I'm not sure how to check if an email message is valid. Using regex sounds like a bad idea to me and the other options I found required paying for third
party services.

Could someone push me in the right direction please? I just want to find out if a string is a valid email address.

Thank you.

Simon.
-----------------------bb2463e6e1d95722de076e64cac3b6a1--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVCI7wJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAABOAAQDCaJsGpUrNxnGW/QgKc51750qfbEmRMkW6TsMGNXzx2gD/RyDZ Yu9aoaNKQuyH3YV79iQkRAaLYafTTaD82Yn0hgY=
=o+Op
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-01, Chris Angelico <rosuav@gmail.com> wrote:

On Thu, 2 Nov 2023 at 05:21, Simon Connah via Python-list
<python-list@python.org> wrote:

Could someone push me in the right direction please? I just want to
find out if a string is a valid email address.

There is only one way to know that a string is a valid email address,
and that's to send an email to it.

What is your goal though? For example, if you're trying to autolink
email addresses in text, you don't really care whether it's valid,
only that it looks like an address.

There's often value in even only partially-effective checks though.
With an email address you can easily check to see if it has an "@",
and if the stuff after the "@" is a syntactically valid domain name.
You can also go a bit further and check to see if the domain has an
MX record, and if it doesn't then it is extremely unlikely that the
address is valid.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Nov 2023 at 05:21, Simon Connah via Python-list <python-list@python.org> wrote:

Could someone push me in the right direction please? I just want to find out if a string is a valid email address.

There is only one way to know that a string is a valid email address,
and that's to send an email to it.

What is your goal though? For example, if you're trying to autolink
email addresses in text, you don't really care whether it's valid,
only that it looks like an address.

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------3c536f3c3043a57bd0cf1aeb5dcf92eb Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

OK. I've been doing some reading and that you should avoid regex to check email addresses. So what I was thinking was something like this:

if type(email_recipient) != email.message.Message:

I just don't know why that particular line isn't working.

Thank you!

------- Original Message -------
On Wednesday, 1 November 2023 at 10:09, Simon Connah <simon.n.connah@protonmail.com> wrote:

Hi,

I'm building a simple project using smtplib and have a question. I've been doing unit testing but I'm not sure how to check if an email message is valid. Using regex sounds like a bad idea to me and the other options I found required paying for third

party services.

Could someone push me in the right direction please? I just want to find out if a string is a valid email address.

Thank you.

Simon.

-----------------------3c536f3c3043a57bd0cf1aeb5dcf92eb--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVCN9IJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAIC0AQCM3YMO1dmEovSHYhmNrRjExurnahjOOwUeFJRyK3NarQEA9Fcl sUTTdWBnPbLGrb/roZE2f7s02SL0dD1vhfN7WwQ=
=Rbpr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Nov 2023 at 06:02, Jon Ribbens via Python-list <python-list@python.org> wrote:

On 2023-11-01, Chris Angelico <rosuav@gmail.com> wrote:

On Thu, 2 Nov 2023 at 05:21, Simon Connah via Python-list
<python-list@python.org> wrote:

Could someone push me in the right direction please? I just want to
find out if a string is a valid email address.

There is only one way to know that a string is a valid email address,
and that's to send an email to it.

What is your goal though? For example, if you're trying to autolink
email addresses in text, you don't really care whether it's valid,
only that it looks like an address.

There's often value in even only partially-effective checks though.
With an email address you can easily check to see if it has an "@",
and if the stuff after the "@" is a syntactically valid domain name.
You can also go a bit further and check to see if the domain has an
MX record, and if it doesn't then it is extremely unlikely that the
address is valid.

Yeah, which is why I asked about the goal. (You may also note that I
worded the prior statement very carefully: You cannot know that it IS
valid without sending email to it, but there can be ways to know that
it CANNOT BE valid.)

In the vast majority of contexts, local addresses can be ignored, so
an email address will have to include an at sign. I wouldn't bother
with a syntax check on the domain portion, though; just check for a
couple of possible formats (IP literal), and if it looks like a domain
name, do the MX lookup. That said, though, there are certain contexts
where you can be a LOT more restrictive, such as the autolinking
example I mentioned; it's fine to exclude some unusual email addresses
when all you're doing is offering a small convenience.

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/1/23 05:35, Simon Connah via Python-list wrote:

OK. I've been doing some reading and that you should avoid regex to check email addresses. So what I was thinking was something like this:

To be a little more specific, Avoid Rolling Your Own RegEx. It's very
tricky, and you will get it subtly wrong.

All depending, as others have said, on what level of "validation" you're
after.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-01, Mats Wichmann <mats@wichmann.us> wrote:

On 11/1/23 05:35, Simon Connah via Python-list wrote:

OK. I've been doing some reading and that you should avoid regex to check email addresses. So what I was thinking was something like this:

To be a little more specific, Avoid Rolling Your Own RegEx. It's very tricky, and you will get it subtly wrong.

Use e.g.: https://gitea.ksol.io/karolyi/py3-validate-email

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 02/11/2023 00.35, Simon Connah via Python-list wrote:

OK. I've been doing some reading and that you should avoid regex to check email addresses.

This operation used to be a BIG THING back in the days of 'everyone'
building PHP web-sites. When there were only a handful of TLDs
(top-level domain names, eg the country-codes* such as .nz and .uk plus
the generics such as .com and .net. Accordingly, one could hold the
entire list for convenience of checking. However when IANA (the outfit responsible for the Root Zone Database and especially ICANN realised
that there was money to be made, they allowed more and more TLDs.
Keeping-up became a rat-race!

Indeed, I've held another .info domain for twenty years, and used to
suffer for my 'bleeding edge' daring - quite recently someone (who
should remain name-less, and a few other less-es) sent me an email
telling me how to log-in, but their log-in process wouldn't accept the 'illegal' address. Ummmmmmmmm...

All together now: "a little bit of knowledge is a dangerous thing"!


So what I was thinking was something like this:

if type(email_recipient) != email.message.Message:

I just don't know why that particular line isn't working.

Will need more context. What is the objective? What is the source/pre-processing of these data-items. (etc)



* Left-out .au, (a less important geo-TLD) to wind-up @Chris...

--
Regards,
=dn

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-01, Simon Connah via Python-list <python-list@python.org> wrote:

I'm building a simple project using smtplib and have a
question. I've been doing unit testing but I'm not sure how to check
if an email message is valid.

Send an e-mail using it? If the right person gets the e-mail, then
it's valid?

Using regex sounds like a bad idea to me and the other options I
found required paying for third party services.

Could someone push me in the right direction please? I just want to
find out if a string is a valid email address.

You'll have to define "valid". Valid syntactically according to
<what>? Will be accepted by an SMTP server somewhere? Corresponds to
a real person?

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

Trying to do anything more than that is just wasting your time and
annoying the mule.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Nov 2023 at 08:09, Grant Edwards via Python-list <python-list@python.org> wrote:

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

No guarantee that there'll be a dot after the at. (Technically there's
no guarantee of an at sign either, but email addresses without at
signs are local-only, so in many contexts, you can assume there needs
to be an at.)

So the regex to match all valid email addresses that aren't local-only
is... drumroll please...

r"@"

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-01, Chris Angelico via Python-list <python-list@python.org> wrote:

On Thu, 2 Nov 2023 at 08:09, Grant Edwards via Python-list
<python-list@python.org> wrote:

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

No guarantee that there'll be a dot after the at.

Ah, I forgot about defaulting to a local domain if one is
omitted. Will MTAs do that these days?

(Technically there's no guarantee of an at sign either, but email
addresses without at signs are local-only, so in many contexts, you
can assume there needs to be an at.)

So the regex to match all valid email addresses that aren't
local-only is... drumroll please...

r"@"

Unless you want to support UUCP or X400 addresses...

:)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Nov 2023 at 08:52, Grant Edwards via Python-list <python-list@python.org> wrote:

On 2023-11-01, Chris Angelico via Python-list <python-list@python.org> wrote:

On Thu, 2 Nov 2023 at 08:09, Grant Edwards via Python-list
<python-list@python.org> wrote:

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

No guarantee that there'll be a dot after the at.

Ah, I forgot about defaulting to a local domain if one is
omitted. Will MTAs do that these days?

Yeah they will; but that'll depend on the exact server you send to,
whereas if you have a domain part, all you need is some server that
accepts mail for forwarding.

(Technically there's no guarantee of an at sign either, but email
addresses without at signs are local-only, so in many contexts, you
can assume there needs to be an at.)

So the regex to match all valid email addresses that aren't
local-only is... drumroll please...

r"@"

Unless you want to support UUCP or X400 addresses...

:)

Yyyyyyyyeah I think we can assume SMTP these days :)

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/1/23 04:09, Simon Connah via Python-list wrote:

Hi,

I'm building a simple project using smtplib and have a question. I've been doing unit testing but I'm not sure how to check if an email message is valid. Using regex sounds like a bad idea to me and the other options I found required paying for third

party services.

Could someone push me in the right direction please? I just want to find out if a string is a valid email address.

If I had a nickle for every time a web site claimed my email address
wasn't valid I'd be a rich person. Seems like most attempts at solving
this little problem fall short!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 01Nov2023 14:08, Grant Edwards <grant.b.edwards@gmail.com> wrote:

On 2023-11-01, Simon Connah via Python-list <python-list@python.org> wrote:

I'm building a simple project using smtplib and have a
question. I've been doing unit testing but I'm not sure how to check
if an email message is valid.

[...]

Could someone push me in the right direction please? I just want to
find out if a string is a valid email address.

I confess that I punt "syntactically valid" to email.utils.getaddresses: https://docs.python.org/3/library/email.utils.html#email.utils.getaddresses

"Deliverable"? I'm prepared to just send to it and hope not to get a
bounce; delivery of email is, after all, asynchronous. (Even if it were
going direct to the primary MX, I still hand it to the local mail system
to deal with.)

"A real person or entity"? A lot of systems do the round trip thing:
here's a special unique and opaue URL,please visit it to confirm receipt
of this email (implying email is 'real"). You see this a lot when
signing up for things. And for plenty of things I generate a random
throw away address at mailinator.com (looking at you, every "catch up"
free online TV streaming service who still wants me to log in).

Cheers,
Cameron Simpson <cs@cskk.id.au>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-01 17:17, Chris Angelico via Python-list wrote:

On Thu, 2 Nov 2023 at 08:09, Grant Edwards via Python-list <python-list@python.org> wrote:

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

No guarantee that there'll be a dot after the at. (Technically there's
no guarantee of an at sign either, but email addresses without at
signs are local-only, so in many contexts, you can assume there needs
to be an at.)

druid!darcy - doesn't work any more but not because it is syntactically incorrect.

Remember the good old days when we were able to test if an address
existed without sending? That was before the black hats discovered the Internet.

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

See https://www.linuxjournal.com/article/9585?page=0,0

On 01/11/2023 17:09, Simon Connah via Python-list wrote:

Hi,

I'm building a simple project using smtplib and have a question. I've been doing unit testing but I'm not sure how to check if an email message is valid. Using regex sounds like a bad idea to me and the other options I found required paying for third

party services.

Could someone push me in the right direction please? I just want to find out if a string is a valid email address.

Thank you.

Simon.

--
Ian Hobson
Tel (+66) 626 544 695

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Yes, it would be nice if there was a syntax for sending a test message sort
of like an ACK that is not delivered to the recipient but merely results in some status being sent back such as DELIVERABLE or NO SUCH USER or even
MAILBOX FULL.

An issue with the discussion that may be worth considering is that some
email addresses are not always valid or may not be valid yet but will be activated later. If I plan on opening a business unit which DNS will later support as specific.category.mycompany.com.au and we first want to write
some code and test it and roll everything out later, then a test for user@specific.category.mycompany.com.au could fail some tests now but may be fine later. Or what if I turn my machine off on weekends and when it boots,
it sets up to be able to receive mail. Is the address only sometimes valid?

We cannot be sure what rules may change and for all we know, they will
select other UNICODE symbols to replace @ for use by countries not having an
@ on keyboards in the local language or support some syntax like {AT} to be usable ...

I even wonder about a service along the lines of tinyurl where you register
a potentially long or complex or hard to type name and get a short readable
one instead that is just used to provide a re-direct or even changed periodically to dynamically point to where you want them now, such for the current day of the week. I can easily imagine them making a funny looking
email address such as user@TINYqwerty that may not pas your current test or
one that looks valid to you but maps into an invalid or even null address.

BTW, checking if an email is valid is much wider as a concept than whether
the email address looks like a possible address. A big check sometimes made
if if the headers in the message and various formatting issues look
reasonable or issues about attachments and even if it is passed by SPAM detectors. This discussion is just about if an email address LOOKS possibly valid or should not be accepted.

I note earlier iterations of email had addressed like mach1!mach2!mach3!ihnp4!mach5!mach6!user or even mach1!mach2!user@mach3 and
I remember tools that analyzed what other machines various machines claimed
to have a direct connection to and tried to figure out a connection from
your source to destination, perhaps a shorter one or maybe a less expensive one. Hence machines like ihnp4 and various universities that were densely connected to others got lots of traffic. In that scenario, validity had
another meaning.

-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com@python.org> On Behalf Of D'Arcy Cain via Python-list
Sent: Wednesday, November 1, 2023 9:57 PM
To: python-list@python.org
Subject: Re: Checking if email is valid

On 2023-11-01 17:17, Chris Angelico via Python-list wrote:

On Thu, 2 Nov 2023 at 08:09, Grant Edwards via Python-list <python-list@python.org> wrote:

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

No guarantee that there'll be a dot after the at. (Technically there's
no guarantee of an at sign either, but email addresses without at
signs are local-only, so in many contexts, you can assume there needs
to be an at.)

druid!darcy - doesn't work any more but not because it is syntactically incorrect.

Remember the good old days when we were able to test if an address
existed without sending? That was before the black hats discovered the Internet.

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net

--
https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Nov 2023 at 15:20, AVI GROSS via Python-list
<python-list@python.org> wrote:

Yes, it would be nice if there was a syntax for sending a test message sort of like an ACK that is not delivered to the recipient but merely results in some status being sent back such as DELIVERABLE or NO SUCH USER or even MAILBOX FULL.

Yes, it would! Spammers would be able to use this syntax to figure out
exactly which addresses actually have real people connected to it. It
would save them so much trouble! Brilliant idea.

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Chris Angelico <rosuav@gmail.com> writes:

On Thu, 2 Nov 2023 at 15:20, AVI GROSS via Python-list
<python-list@python.org> wrote:

> Yes, it would be nice if there was a syntax for sending a test
> message sort of like an ACK that is not delivered to the recipient
> but merely results in some status being sent back such as
> DELIVERABLE or NO SUCH USER or even MAILBOX FULL.

Yes, it would! Spammers would be able to use this syntax to figure out
exactly which addresses actually have real people connected to it. It
would save them so much trouble! Brilliant idea.

That sounds like the SMTP "VRFY" command. And spammers _did_ abuse it
in exactly this manner. And so pretty much every mail server in the
world disabled VRFY sometime in the 90s.

- Alan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 02Nov2023 17:04, Chris Angelico <rosuav@gmail.com> wrote:

On Thu, 2 Nov 2023 at 15:20, AVI GROSS via Python-list ><python-list@python.org> wrote:

Yes, it would be nice if there was a syntax for sending a test
message sort
of like an ACK that is not delivered to the recipient but merely results in >> some status being sent back such as DELIVERABLE or NO SUCH USER or even
MAILBOX FULL.

Yes, it would! Spammers would be able to use this syntax to figure out >exactly which addresses actually have real people connected to it. It
would save them so much trouble! Brilliant idea.

Hmm. IIRC...

https://datatracker.ietf.org/doc/html/rfc2821#section-4.1.1.6

I think a lot of mail receivers don't honour this one, for exactly the
reasons above.

Cheers,
Cameron Simpson <cs@cskk.id.au>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------24868ddfc487e7b54d1b3c8d98b55c87 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

On 2023-11-01, Simon Connah via Python-list python-list@python.org wrote:

I'm building a simple project using smtplib and have a
question. I've been doing unit testing but I'm not sure how to check
if an email message is valid.

Send an e-mail using it? If the right person gets the e-mail, then
it's valid?

Using regex sounds like a bad idea to me and the other options I
found required paying for third party services.

Could someone push me in the right direction please? I just want to
find out if a string is a valid email address.

OK. It is going to take me some time to get round to every reply here so please bear with me.

Basically I'm writing unit tests and one of them passess in a string with an invalid email address. I need to be able to check the string to see if it is a valid email so that the unit test passess.

You'll have to define "valid". Valid syntactically according to
<what>? Will be accepted by an SMTP server somewhere? Corresponds to

a real person?

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

Trying to do anything more than that is just wasting your time and
annoying the mule.

Valid as in conforms to the standard. Although having looked at the standard that might be more difficult than originally planned.

Simon.
-----------------------24868ddfc487e7b54d1b3c8d98b55c87--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVDROcJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAPdGAQCXae1ulUHuU97QQrnTYRyAZv9hqqu1KZ9YXTEzqiLnTgEAs0HM 63kCk47YuuzTn+vMex0IUszB1MJKb5JIklOFggM=
=crZE
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------00485e6ff330d5719f1b74e99005237a Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

On Thu, 2 Nov 2023 at 05:21, Simon Connah via Python-list python-list@python.org wrote:

Could someone push me in the right direction please? I just want to find out if a string is a valid email address.

There is only one way to know that a string is a valid email address,
and that's to send an email to it.

What is your goal though? For example, if you're trying to autolink
email addresses in text, you don't really care whether it's valid,
only that it looks like an address.

My goal is to make a simple mailing list platform. I guess I could just send email to an address and if it bounces then I can remove it from the database. Thing is I'm not sure how close to a real email address an email has to be in order to be bounced.
If it was completely wrong it might just swallowed up.

Simon.
-----------------------00485e6ff330d5719f1b74e99005237a--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVDRb8JkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAO52AQDaMq7sBBuRqfybfFlFG0kJFVvgcBaszBpROGGyOorI3AEAleeK Dj68kp/2LLTvr0XPtDQ2G9Dfv5y3ucxxoMxTLAQ=
=EHC0
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Nov 2023 at 17:47, Simon Connah <simon.n.connah@protonmail.com> wrote:

My goal is to make a simple mailing list platform. I guess I could just send email to an address and if it bounces then I can remove it from the database. Thing is I'm not sure how close to a real email address an email has to be in order to be bounced.

If it was completely wrong it might just swallowed up.


Every address is completely separate. There is no "closeness". Just
send email to an address.

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------4d88a1217941532e3f7cf5193ba8fbf5 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

On 2023-11-01, Chris Angelico rosuav@gmail.com wrote:

On Thu, 2 Nov 2023 at 05:21, Simon Connah via Python-list python-list@python.org wrote:

Could someone push me in the right direction please? I just want to
find out if a string is a valid email address.

There is only one way to know that a string is a valid email address,
and that's to send an email to it.

What is your goal though? For example, if you're trying to autolink
email addresses in text, you don't really care whether it's valid,
only that it looks like an address.

There's often value in even only partially-effective checks though.
With an email address you can easily check to see if it has an "@",
and if the stuff after the "@" is a syntactically valid domain name.
You can also go a bit further and check to see if the domain has an
MX record, and if it doesn't then it is extremely unlikely that the
address is valid.
--
https://mail.python.org/mailman/listinfo/python-list

Apparently UTF-8 characters are allowed in email addresses now. That is going to lead to a whole new level of pain for determining if an email address is correct.

Simon.
-----------------------4d88a1217941532e3f7cf5193ba8fbf5--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVDRsMJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAKsrAP4tbVj4uuGPk9/OIT1D89dvBkjzJt+nPA0fkwXOGTwXvgD+LR8y VqsU4xl/l5nEmhfUGlVvTvgqFPY4+KVvhcqVBws=
=xVui
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 2 Nov 2023 at 17:47, Cameron Simpson via Python-list <python-list@python.org> wrote:

On 02Nov2023 17:04, Chris Angelico <rosuav@gmail.com> wrote:

On Thu, 2 Nov 2023 at 15:20, AVI GROSS via Python-list ><python-list@python.org> wrote:

Yes, it would be nice if there was a syntax for sending a test
message sort
of like an ACK that is not delivered to the recipient but merely results in
some status being sent back such as DELIVERABLE or NO SUCH USER or even
MAILBOX FULL.

Yes, it would! Spammers would be able to use this syntax to figure out >exactly which addresses actually have real people connected to it. It
would save them so much trouble! Brilliant idea.

Hmm. IIRC...

https://datatracker.ietf.org/doc/html/rfc2821#section-4.1.1.6

I think a lot of mail receivers don't honour this one, for exactly the reasons above.

Yeah, and it also won't tell you if the mailbox is full, or
unattended, or if the email would be rejected or discarded for any
other reason. Which means it's not even all that useful if it IS
implemented.

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 02/11/2023 19.46, Simon Connah via Python-list wrote:

On Thu, 2 Nov 2023 at 05:21, Simon Connah via Python-list
python-list@python.org wrote:

Could someone push me in the right direction please? I just want to find out if a string is a valid email address.

There is only one way to know that a string is a valid email address,
and that's to send an email to it.

What is your goal though? For example, if you're trying to autolink
email addresses in text, you don't really care whether it's valid,
only that it looks like an address.

My goal is to make a simple mailing list platform. I guess I could just send email to an address and if it bounces then I can remove it from the database. Thing is I'm not sure how close to a real email address an email has to be in order to be bounced.

If it was completely wrong it might just swallowed up.

Exactly!

Build a complementary script which inspects the returned/bounced
messages, and removes those addresses.

Given that the list of addresses is built from people signing-up in the
first place, one has to presume that people know their own addresses and
can type - there's no real defence against 'stupid'*. It's not as if you
are making-up addresses yourself (in many jurisdictions it is illegal
without opt-in).

An email address: account@domain, has to be accurate in two ways:
1 the domain - otherwise the DNS (Domain Name System) won't be able to
locate the destination email server
2 the account - otherwise the email server won't know to which mail-box
the message should be delivered.

The (1) is why there was some suggestion of using MX records (but may as
well just send the message).

The problem with (2) is that some servers will 'bounce' a message, but
others will let it die silently (not wanting to add to email-spam by
sending stuff 'back' if the message was spam in the first place!)

The exception to (2) is a "catch-all" address, which accepts every
message not addressed to a (legal) mail-box. These are sometimes used to
deal with messages addressed to a staff-member who has left (for
example). However, are somewhat problematic because they pick-up tons of garbage (eg earlier today I received a message to 456789@domain.tld.
This is not, and never has been, a mail-box on the domain; but would
drop into a catch-all mail-box.

It would be an unusual MailAdmin inspecting a catch-all address, who
would return a mis-addressed email to its source. If the message was
addressed to Smon@domain.tld, I'd be more likely to assume it was for
you, and forward it to you (in the expectation that you'd fix the
problem with the sender...). However, ...

There are some large businesses doing what you've outlined. They have
not solved this problem - and not through lack of trying!


* as fast as you make something idiot-proof, the world will show you an 'improved' class of idiot!
--
Regards,
=dn

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------9af5c7af479b047b3d270a01807b5ac5 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

See https://www.linuxjournal.com/article/9585?page=0,0

That looks painful to maintain! -----------------------9af5c7af479b047b3d270a01807b5ac5--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVDTBsJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAKRPAP4mSu7I6R6AoLYYTcItHpV97C89uGKPzlQ/gVFQgnyFFAD/QVuS 68G8EnrMf4BtEBIemXIDPru4v1DGen2wUl3jwQE=
=EXPw
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thursday, November 02, 2023 at 6:46, Simon Connah via Python-list wrote:
Re: Checking if email is valid (at least in part)

My goal is to make a simple mailing list platform. I guess I could just send >email to an address and if it bounces then I can remove it from the database.

That function is "built in" with many email clients, I use a modified version to move probably dead addresses to a "bounced" folder, from there I can build a Dlist with one click and test again later, even later I add these addresss to a larger Dlist to filter for mail from known bad/dead addresses

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 02/11/2023 19.56, Chris Angelico via Python-list wrote:

On Thu, 2 Nov 2023 at 17:47, Simon Connah <simon.n.connah@protonmail.com> wrote:

My goal is to make a simple mailing list platform. I guess I could just send email to an address and if it bounces then I can remove it from the database. Thing is I'm not sure how close to a real email address an email has to be in order to be

bounced. If it was completely wrong it might just swallowed up.

Every address is completely separate. There is no "closeness". Just
send email to an address.

Agreed.

However, with names that are frequently misspelled or which are commonly-spelled slightly differently, the 'trick' is to anticipate
problems and set up aliases which forward messages to the correct address*.

eg Kelvin -> Kevlin
Niel, Neal, Neale (etc) -> Neil

(in the same way that GoodLookingGuy@mydomain -> me,
or (more likely) MailAdmin -> me)


* however, this can end-up perpetuating the mistake, rather than
correcting...

--
Regards,
=dn

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 02/11/2023 20.28, Simon Connah wrote:

I'm not sure that would be practical. As I'm setting up a mailing list server I don't know if someone in the future is going to need to use one of those aliases and testing manually would be tedious.

Please re-read.
Discussion is about "closeness".
Thus, what you might expect from email servers and Admins, NOT what you
should do. That part should be quite evident by now!

--
Regards,
=dn

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------a4bc2d0eff77a70bacbeb621f1e9aa58 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

Agreed.

However, with names that are frequently misspelled or which are commonly-spelled slightly differently, the 'trick' is to anticipate
problems and set up aliases which forward messages to the correct address*.

eg Kelvin -> Kevlin

Niel, Neal, Neale (etc) -> Neil

(in the same way that GoodLookingGuy@mydomain -> me,

or (more likely) MailAdmin -> me)

* however, this can end-up perpetuating the mistake, rather than correcting...

--
Regards,
=dn

I'm not sure that would be practical. As I'm setting up a mailing list server I don't know if someone in the future is going to need to use one of those aliases and testing manually would be tedious.

Simon.
-----------------------a4bc2d0eff77a70bacbeb621f1e9aa58--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVDT3kJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAP37AP9B/n134411oiDA0cMb5cxvyJJy69gprtbm5Jbe5ZfHFgD/SGA2 gSeWdTcu36+Td1ee35Mo2tDHsZ+Nd0RRpIxR/Q8=
=do8i
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-02, dn wrote:

On 02/11/2023 19.46, Simon Connah via Python-list wrote:

[...]
My goal is to make a simple mailing list platform. I guess I could
just send email to an address and if it bounces then I can remove it
from the database. Thing is I'm not sure how close to a real email
address an email has to be in order to be bounced. If it was
completely wrong it might just swallowed up.

Exactly!

Build a complementary script which inspects the returned/bounced
messages, and removes those addresses.

Given that the list of addresses is built from people signing-up in the
first place, one has to presume that people know their own addresses and
can type - there's no real defence against 'stupid'*. It's not as if you
are making-up addresses yourself (in many jurisdictions it is illegal
without opt-in).

Isn't opt-in usually to the effect of "send a message with the subject SUBSCRIBE to listname-requests@mailinglist.domain.tld " ? Then the
trick becomes filtering out the spam; but the "is the email valid" check
is somewhat done as a matter of processing that inbound subscribe
message.


--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-02, D'Arcy Cain <darcy@Vex.Net> wrote:

On 2023-11-01 17:17, Chris Angelico via Python-list wrote:

On Thu, 2 Nov 2023 at 08:09, Grant Edwards via Python-list
<python-list@python.org> wrote:

Make sure it has an '@' in it. Possibly require at least one '.'
after the '@'.

No guarantee that there'll be a dot after the at. (Technically there's
no guarantee of an at sign either, but email addresses without at
signs are local-only, so in many contexts, you can assume there needs
to be an at.)

druid!darcy - doesn't work any more but not because it is syntactically incorrect.

Remember the good old days when we were able to test if an address
existed without sending? That was before the black hats discovered the Internet.

I remember the good old days when we were able to send email.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-02, Simon Connah <simon.n.connah@protonmail.com> wrote:

Valid as in conforms to the standard. Although having looked at the
standard that might be more difficult than originally planned.

Yes. Almost nobody actually implements "the standard" as in RFC 2822
section 3.4.1 (which can contain, for example, non-printable control characters, and comments), nor is it particularly clear that they
should. So while checking against "the spec" might sound right, it's
highly unlikely that it's what you actually want. Would you really
want to allow:

(jam today) "chris @ \"home\""@ (Chris's host.)public.example

for example? And would you be able to do anything with it if you did?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-02 02:04, Chris Angelico via Python-list wrote:

On Thu, 2 Nov 2023 at 15:20, AVI GROSS via Python-list <python-list@python.org> wrote:

Yes, it would be nice if there was a syntax for sending a test message sort >> of like an ACK that is not delivered to the recipient but merely results in >> some status being sent back such as DELIVERABLE or NO SUCH USER or even
MAILBOX FULL.

Yes, it would! Spammers would be able to use this syntax to figure out exactly which addresses actually have real people connected to it. It
would save them so much trouble! Brilliant idea.

Which is exactly why we stopped doing it. In fact, mailing software may
even have a control to turn it back on but definitely it doesn't reply
to the request as delivered.

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------6fa0da4d98ecba45f0a1952dd32f5fc2 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

Please re-read.
Discussion is about "closeness".
Thus, what you might expect from email servers and Admins, NOT what you should do. That part should be quite evident by now!

My apologies for making a mistake.

Simon.
-----------------------6fa0da4d98ecba45f0a1952dd32f5fc2--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVDqcQJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAABFyAP465aFpp1+1zyhu2Vahz2SsvTZliWHLBdtnPwo7HnrgdAEAi4pt RY/q/ntWd8j7LvCfp5KG4gpslxcaI2JGZ0BDWgE=
=aU9P
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Yes, Chris, many things can be used for lesser purposes.

Perhaps this could be like when people automate guessing passwords and one defense is to stop accepting after N bad guesses till some external method resets things.

-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com@python.org> On Behalf Of Chris Angelico via Python-list
Sent: Thursday, November 2, 2023 2:05 AM
To: python-list@python.org
Subject: Re: Checking if email is valid

On Thu, 2 Nov 2023 at 15:20, AVI GROSS via Python-list
<python-list@python.org> wrote:

Yes, it would be nice if there was a syntax for sending a test message

sort

of like an ACK that is not delivered to the recipient but merely results

in

some status being sent back such as DELIVERABLE or NO SUCH USER or even MAILBOX FULL.

Yes, it would! Spammers would be able to use this syntax to figure out
exactly which addresses actually have real people connected to it. It
would save them so much trouble! Brilliant idea.

ChrisA
--
https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-02 00:18, AVI GROSS via Python-list wrote:

Yes, it would be nice if there was a syntax for sending a test message sort of like an ACK that is not delivered to the recipient but merely results in some status being sent back such as DELIVERABLE or NO SUCH USER or even MAILBOX FULL.

It used to do that. The facility was very quickly turned off.

I note earlier iterations of email had addressed like mach1!mach2!mach3!ihnp4!mach5!mach6!user or even mach1!mach2!user@mach3 and
I remember tools that analyzed what other machines various machines claimed to have a direct connection to and tried to figure out a connection from
your source to destination, perhaps a shorter one or maybe a less expensive one. Hence machines like ihnp4 and various universities that were densely connected to others got lots of traffic. In that scenario, validity had another meaning.

Yep. It's called UUCP. It still exists. You can even do UUCP over TCP/IP.

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/2/23 00:42, Simon Connah via Python-list wrote:

Basically I'm writing unit tests and one of them passess in a string
with an invalid email address. I need to be able to check the string
to see if it is a valid email so that the unit test passess.

If you truly have managed to code an RFC-compliant verifier, I commend you.

Valid as in conforms to the standard. Although having looked at the
standard that might be more difficult than originally planned.

You'll have to read the relevant RFCs. Lots of corner cases! From what
I can see virtually no one on the internet gets it right, judging by the
number of times I have valid email addresses flagged as not valid by
poor algorithms.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

SWYgaSB3YW50ZWQgYW4gZW1haWwgdmVyaWZpZXIgSSB3b3VsZCBsb29rIGF0IG9wZW4gc291cmNl IGZyYW1ld29ya3MgYW5kIHNlZSBob3cgdGhleSBkbyBpdC4gRGphbmdvIGNvbWVzIHRvIG1pbmQu LS0oVW5zaWduZWQgbWFpbCBmcm9tIG15IHBob25lKQotLS0tLS0tLSBPcmlnaW5hbCBtZXNzYWdl IC0tLS0tLS0tRnJvbTogTWljaGFlbCBUb3JyaWUgdmlhIFB5dGhvbi1saXN0IDxweXRob24tbGlz dEBweXRob24ub3JnPiBEYXRlOiAzLzExLzIzICAwNzoyMyAgKEdNVCsxMDowMCkgVG86IHB5dGhv bi1saXN0QHB5dGhvbi5vcmcgU3ViamVjdDogUmU6IENoZWNraW5nIGlmIGVtYWlsIGlzIHZhbGlk IE9uIDExLzIvMjMgMDA6NDIsIFNpbW9uIENvbm5haCB2aWEgUHl0aG9uLWxpc3Qgd3JvdGU6PiBC YXNpY2FsbHkgSSdtIHdyaXRpbmcgdW5pdCB0ZXN0cyBhbmQgb25lIG9mIHRoZW0gcGFzc2VzcyBp biBhIHN0cmluZyA+IHdpdGggYW4gaW52YWxpZCBlbWFpbCBhZGRyZXNzLiBJIG5lZWQgdG8gYmUg YWJsZSB0byBjaGVjayB0aGUgc3RyaW5nID4gdG8gc2VlIGlmIGl0IGlzIGEgdmFsaWQgZW1haWwg c28gdGhhdCB0aGUgdW5pdCB0ZXN0IHBhc3Nlc3MuSWYgeW91IHRydWx5IGhhdmUgbWFuYWdlZCB0 byBjb2RlIGFuIFJGQy1jb21wbGlhbnQgdmVyaWZpZXIsIEkgY29tbWVuZCB5b3UuPiBWYWxpZCBh cyBpbiBjb25mb3JtcyB0byB0aGUgc3RhbmRhcmQuIEFsdGhvdWdoIGhhdmluZyBsb29rZWQgYXQg dGhlPiBzdGFuZGFyZCB0aGF0IG1pZ2h0IGJlIG1vcmUgZGlmZmljdWx0IHRoYW4gb3JpZ2luYWxs eSBwbGFubmVkLllvdSdsbCBoYXZlIHRvIHJlYWQgdGhlIHJlbGV2YW50IFJGQ3MuwqAgTG90cyBv ZiBjb3JuZXIgY2FzZXMhwqAgRnJvbSB3aGF0SSBjYW4gc2VlIHZpcnR1YWxseSBubyBvbmUgb24g dGhlIGludGVybmV0IGdldHMgaXQgcmlnaHQsIGp1ZGdpbmcgYnkgdGhlbnVtYmVyIG9mIHRpbWVz IEkgaGF2ZSB2YWxpZCBlbWFpbCBhZGRyZXNzZXMgZmxhZ2dlZCBhcyBub3QgdmFsaWQgYnlwb29y IGFsZ29yaXRobXMuLS0gaHR0cHM6Ly9tYWlsLnB5dGhvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9w eXRob24tbGlzdA==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 3 Nov 2023 at 07:17, Jon Ribbens via Python-list <python-list@python.org> wrote:

On 2023-11-02, Simon Connah <simon.n.connah@protonmail.com> wrote:

Valid as in conforms to the standard. Although having looked at the standard that might be more difficult than originally planned.

Yes. Almost nobody actually implements "the standard" as in RFC 2822
section 3.4.1 (which can contain, for example, non-printable control characters, and comments), nor is it particularly clear that they
should. So while checking against "the spec" might sound right, it's
highly unlikely that it's what you actually want. Would you really
want to allow:

(jam today) "chris @ \"home\""@ (Chris's host.)public.example

for example? And would you be able to do anything with it if you did?

If by checking against the spec you mean "sending an email to it with
a code or magic link", then.... sure, allow that! It's still short
enough to fit on one line, even. Seems fine to me.

Of course, since that one is in the .example TLD, it's not actually
going to succeed, but now I'm curious whether you could craft a mail
server that mandates the Queen's rule of "jam tomorrow, jam yesterday,
but never jam today". That part is technically a comment, but it's a
clear violation of a royal decree, so that should cause the email to
bounce. It's jam every OTHER day, and today isn't any OTHER day.

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I have never had a need to check email but in my reading over the years, I am aware of modules of multiple kinds you can use to do things like parsing dates, URL and email addresses and probably many other such things into some kind of object and then
you can use aspects of the object to do interesting things and perhaps change some and then ask for the object to be placed back into some other format such as text.

My guess is that a first test of an email address might be to see if a decent module of that kind fills out the object to your satisfaction. You can then perhaps test parts of the object, rather than everything at once, to see if it is obviously invalid.
As an example, what does user@alpha.......com with what seems to be lots of meaningless periods, get parsed into?

This may be another approach that reuses what may be well-designed and tested shared software. I wonder if there are also such modules that do quite a bit of what is asked which is to reject a large class of badly formed addresses. You could, of course,
take what survives and run additional screens.

In the end, this is a bit like junkmail where some light-AI algorithms go over a corpus of messages that humans have curated as junk or not junk and make some statistical decisions that are nonetheless often wrong. In that case, many humans nastily
declare thinks as SPAM just because they do not want to get such messages. If you blasted out email alerts every time a child seems to have been kidnapped to everyone in the nation, how long before many such messages would become designated as SPAM?

So is there any work where people have taken a decent collection of email addresses used in the past that turned out to be syntactically valid or not, and trained an algorithm to recognize most of them properly? That trained algorithm could be shared and
incorporated into your programs either as the only method, or one you use in special cases.

-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com@python.org> On Behalf Of Mike Dewhirst via Python-list
Sent: Thursday, November 2, 2023 6:31 PM
To: python-list@python.org
Subject: Re: Checking if email is valid

If i wanted an email verifier I would look at open source frameworks and see how they do it. Django comes to mind.--(Unsigned mail from my phone)
-------- Original message --------From: Michael Torrie via Python-list <python-list@python.org> Date: 3/11/23 07:23 (GMT+10:00) To: python-list@python.org Subject: Re: Checking if email is valid On 11/2/23 00:42, Simon Connah via Python-list wrote:>
Basically I'm writing unit tests and one of them passess in a string > with an invalid email address. I need to be able to check the string > to see if it is a valid email so that the unit test passess.If you truly have managed to code an RFC-compliant
verifier, I commend you.> Valid as in conforms to the standard. Although having looked at the> standard that might be more difficult than originally planned.You'll have to read the relevant RFCs. Lots of corner cases! From whatI can see virtually no
one on the internet gets it right, judging by thenumber of times I have valid email addresses flagged as not valid bypoor algorithms.-- https://mail.python.org/mailman/listinfo/python-list
--
https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 3 Nov 2023 at 12:21, AVI GROSS via Python-list
<python-list@python.org> wrote:

My guess is that a first test of an email address might be to see if a decent module of that kind fills out the object to your satisfaction. You can then perhaps test parts of the object, rather than everything at once, to see if it is obviously

invalid. As an example, what does user@alpha.......com with what seems to be lots of meaningless periods, get parsed into?


What do you mean by "obviously invalid"? Have you read the RFC?

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-03, Chris Angelico <rosuav@gmail.com> wrote:

On Fri, 3 Nov 2023 at 12:21, AVI GROSS via Python-list
<python-list@python.org> wrote:

My guess is that a first test of an email address might be to see if
a decent module of that kind fills out the object to your
satisfaction. You can then perhaps test parts of the object, rather
than everything at once, to see if it is obviously invalid. As an
example, what does user@alpha.......com with what seems to be lots of
meaningless periods, get parsed into?

What do you mean by "obviously invalid"? Have you read the RFC?

What do you mean by 'What do you mean by "obviously invalid"?'
Have you read the RFC?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Chris,

I don't mean anything specific in the abstract approach I outlined as a possible alternative to using one complex regular expression.

My suggestion was that some of the work could be done by the module you used and THEN you may test various parts of the rest. For example, perhaps
another module lets you test if the domain name is registered. I have not
read the RFC and have not worked on email applications in decades and am not offering specific advice. I am merely suggesting the possible use of
existing software modules that may provide a better approach in weeding out SOME bad addresses.

-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com@python.org> On Behalf Of Chris Angelico via Python-list
Sent: Friday, November 3, 2023 1:43 AM
To: python-list@python.org
Subject: Re: Checking if email is valid

On Fri, 3 Nov 2023 at 12:21, AVI GROSS via Python-list
<python-list@python.org> wrote:

My guess is that a first test of an email address might be to see if a

decent module of that kind fills out the object to your satisfaction. You
can then perhaps test parts of the object, rather than everything at once,
to see if it is obviously invalid. As an example, what does user@alpha.......com with what seems to be lots of meaningless periods, get parsed into?


What do you mean by "obviously invalid"? Have you read the RFC?

ChrisA
--
https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-02, Michael Torrie via Python-list <python-list@python.org> wrote:

On 11/2/23 00:42, Simon Connah via Python-list wrote:

Valid as in conforms to the standard. Although having looked at the
standard that might be more difficult than originally planned.

You'll have to read the relevant RFCs. Lots of corner cases! From what
I can see virtually no one on the internet gets it right, judging by the number of times I have valid email addresses flagged as not valid by
poor algorithms.

I've wondered if there are addresses that violate the RFC (and would
therefore be "correctly" rejected), but but in practice will work just
fine. I've never spent enough time looking at the RFC to even propose
test cases for that...

--
Grant

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------d1b6e742bc94863138d636c30b380be2 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

On 11/2/23 00:42, Simon Connah via Python-list wrote:

Basically I'm writing unit tests and one of them passess in a string
with an invalid email address. I need to be able to check the string
to see if it is a valid email so that the unit test passess.

If you truly have managed to code an RFC-compliant verifier, I commend you.

Sorry I wasn't clear. I haven't written anything of the sort but I was looking to see if there was a third party option but from feedback in this thread it appears that way is considered a bad option.

Simon.
-----------------------d1b6e742bc94863138d636c30b380be2--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVFKZUJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAGyeAP9UT3xm3X02tqWV6hLNEXlYPmiKyhdWLU2KHwRBPhVVnwD/R/p6 StdsiD0VBIdbCZ1EDWicX+uwsNaa8SF5EIdBbwk=
=Sgqa
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/3/2023 6:51 AM, Jon Ribbens via Python-list wrote:

On 2023-11-03, Chris Angelico <rosuav@gmail.com> wrote:

On Fri, 3 Nov 2023 at 12:21, AVI GROSS via Python-list
<python-list@python.org> wrote:

My guess is that a first test of an email address might be to see if
a decent module of that kind fills out the object to your
satisfaction. You can then perhaps test parts of the object, rather
than everything at once, to see if it is obviously invalid. As an
example, what does user@alpha.......com with what seems to be lots of
meaningless periods, get parsed into?

What do you mean by "obviously invalid"? Have you read the RFC?

What do you mean by 'What do you mean by "obviously invalid"?'
Have you read the RFC?

About reading the RFC, there's this ... but read the comments too ...

https://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------b13850dae0e89df3a7d876b0fc41350c Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

On 11/3/2023 6:51 AM, Jon Ribbens via Python-list wrote:

On 2023-11-03, Chris Angelico rosuav@gmail.com wrote:

On Fri, 3 Nov 2023 at 12:21, AVI GROSS via Python-list python-list@python.org wrote:

My guess is that a first test of an email address might be to see if
a decent module of that kind fills out the object to your
satisfaction. You can then perhaps test parts of the object, rather than everything at once, to see if it is obviously invalid. As an example, what does user@alpha.......com with what seems to be lots of meaningless periods, get parsed into?

What do you mean by "obviously invalid"? Have you read the RFC?

What do you mean by 'What do you mean by "obviously invalid"?'
Have you read the RFC?

About reading the RFC, there's this ... but read the comments too ...

https://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx/

Wow. I'm half tempted to make a weird email address to see how many websites get it wrong.

Thank you for the link.

Simon.
-----------------------b13850dae0e89df3a7d876b0fc41350c--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVGBfMJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAKoxAP4x7mf6Q7axy4usu1dWNIqIvSuKNhQe9Ss6eWxtWyBdWgEAitEy BVql5IgFoYKktKaRwWTKAVDk5CRk4E1RJ8ZzJQQ=
=zKph
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------aadc7936531d5e919f299af63eca7565 Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

On 2023-11-02, Simon Connah simon.n.connah@protonmail.com wrote:

Valid as in conforms to the standard. Although having looked at the standard that might be more difficult than originally planned.

Yes. Almost nobody actually implements "the standard" as in RFC 2822
section 3.4.1 (which can contain, for example, non-printable control characters, and comments), nor is it particularly clear that they
should. So while checking against "the spec" might sound right, it's
highly unlikely that it's what you actually want. Would you really
want to allow:

(jam today) "chris @ \"home\""@ (Chris's host.)public.example

for example? And would you be able to do anything with it if you did?

As I said in another post it would be interesting to see what broke when you tried to use an esoteric email address in the wild. Maybe when I'm bored :D.

Simon.
-----------------------aadc7936531d5e919f299af63eca7565--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVGCGIJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAIlKAP9rjIZmdtwFA08UVfTD6CpLjY+e0Iw2ue/mRNFYD3549QD/Vfeo 0l9/xzDPe5V3um2O9ncPZI71KtXIEIE1358/Kgg=
=QegP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/4/23 02:51, Simon Connah via Python-list wrote:

Wow. I'm half tempted to make a weird email address to see how many websites get it wrong.

Thank you for the link.

Nearly all websites seem to reject simple correct email addresses such
as myemail+sometext@example.domain. I like to use this kind of email
address when I can to help me filter out the inevitable spam that comes
from companies selling off my address even after claiming they won't.

So I suspect that nearly all websites are going to reject other kinds of
weird email addresses you can create that are actually correct.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-04, Michael Torrie via Python-list <python-list@python.org> wrote:

On 11/4/23 02:51, Simon Connah via Python-list wrote:

Wow. I'm half tempted to make a weird email address to see how many
websites get it wrong.

In my experience, they don't have to be very weird at all.

Thank you for the link.

Nearly all websites seem to reject simple correct email addresses
such as myemail+sometext@example.domain. I like to use this kind of
email address when I can to help me filter out the inevitable spam
that comes from companies selling off my address even after claiming
they won't.

I've always suspected that's intentional. They refuse those sorts of
e-mail addresses because they know that's what they are used for. If
they allowed "plus suffixed" e-mail addresses, then all the crap they
want to send to you would go into /dev/null where it belongs -- and we
can't have that!

So I suspect that nearly all websites are going to reject other
kinds of weird email addresses you can create that are actually
correct.

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs. People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

--
Grant

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-05 00:39, Grant Edwards via Python-list wrote:

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs. People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

And don't get me started on phone number validation. The most annoying
thing to me, though, is sites that reject names that have an apostrophe
in them. I hate being told that my name, that I have been using for
over seventy years, is invalid.

OK, now that I am started, what else? Oh yah. Look at your credit
card. The number has spaces in it. Why do I have to remove them. If
you don't like them then you are a computer, just remove them.

When do we stop working for computers and have the computers start
working for us?

--
D'Arcy J.M. Cain
Vybe Networks Inc.
http://www.VybeNetworks.com/
IM:darcy@Vex.Net VoIP: sip:darcy@VybeNetworks.com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Grant (and others),

I am asking about the overall programming process of dealing with email addresses beyond checking the string for some validity.

You mentioned requiring you type in your email twice as one example. I generally do a copy/paste to avoid typing or have my browser fill it in.
Rarely the code is set to force me to actually type it in. And I note sites that force me to do too much typing of any kind or make me jump through
hoops like having to get an email or text with a secondary number to type in
or make me look at pictures and find the right ones and so on, encourage me
to not use them much. There is a price for taking away convenience even if
you see it as some form of security. Yes, there are tradeoffs.

It really may be important to know what you want from your email addresses.
If I sign YOU up for something like the Word of the day in a dozen languages
by supplying your valid email address, then checking if it looks valid is
less useful than sending an email to that address and asking the recipient
to opt-in and verify they legitimately want it. If you want to ensure that
your newsletter is still wanted, you may do something similar every year or
so to everyone, or perhaps just those that have not had activity. If a
mailbox starts rejecting messages, perhaps you send messages to their
secondary contact info or just remove them.

There are many such strategies and some may be way harder to implement than
a simple and perhaps simplistic syntax check.

I do wonder how much it sometimes matters when we see real-world scenarios where people who died a decade ago remain on voter registration rolls. If my mailing list has a few hundred bad emails on it, the costs of sending may be small albeit dealing with rejection messages may clog my logs.

As for fake email addresses, there are many ways to play that game that are unlikely to be caught. Will they realize there is nobody at
erewhon@gmail.com? If you want to know if someone is going to sell your hello.there@gmail.com address could you supply hell.other.e@gmail.com and
then monitor mail that you will still receive as it seems google ignores periods in your email name? And, since others generally see the above as distinct, you can even use such a method to sign up for something multiple times.

Complexity leaves room for loopholes.

Still, obviously there are good reasons to do what you can to do some validation at many points along the way and especially when it may be
critical. Asking someone to type in a new password twice when they cannot easily see what they are typing, is obviously useful as the consequence of losing it is high. Are getting the email addresses right as important?

I know my wife registered a fairly common name of the jane.doe@gmail.com variety that is now useless as it keeps receiving messages someone provided
or typed in wrong that were supposed to go to janedoe@ or doe.jane@ or janedoe123@ or j.doe@ and so on. These include receipts, subscriptions to newsletters and much more. Some are inadvertent but the reality is she
stopped using that email as it is now mostly full of SPAM as the others ...








-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com@python.org> On Behalf Of Grant Edwards via Python-list
Sent: Sunday, November 5, 2023 12:39 AM
To: python-list@python.org
Subject: Re: Checking if email is valid

On 2023-11-04, Michael Torrie via Python-list <python-list@python.org>
wrote:

On 11/4/23 02:51, Simon Connah via Python-list wrote:

Wow. I'm half tempted to make a weird email address to see how many
websites get it wrong.

In my experience, they don't have to be very weird at all.

Thank you for the link.

Nearly all websites seem to reject simple correct email addresses
such as myemail+sometext@example.domain. I like to use this kind of
email address when I can to help me filter out the inevitable spam
that comes from companies selling off my address even after claiming
they won't.

I've always suspected that's intentional. They refuse those sorts of
e-mail addresses because they know that's what they are used for. If
they allowed "plus suffixed" e-mail addresses, then all the crap they
want to send to you would go into /dev/null where it belongs -- and we
can't have that!

So I suspect that nearly all websites are going to reject other
kinds of weird email addresses you can create that are actually
correct.

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs. People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

--
Grant
--
https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-05, D'Arcy Cain <darcy@VybeNetworks.com> wrote:

On 2023-11-05 00:39, Grant Edwards via Python-list wrote:

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs. People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

And don't get me started on phone number validation. The most annoying
thing to me, though, is sites that reject names that have an apostrophe
in them. I hate being told that my name, that I have been using for
over seventy years, is invalid.

Sometimes I think that these sorts of stupid, wrong, validation are the
fault of idiot managers. When it's apostrophes though I'm suspicious
that it may be idiot programmers who don't know how to prevent SQL
injection attacks without just saying "ban all apostrophes everywhere".
Or perhaps it's idiot "security consultancies" who make it a tick-box requirement.

OK, now that I am started, what else? Oh yah. Look at your credit
card. The number has spaces in it. Why do I have to remove them. If
you don't like them then you are a computer, just remove them.

Yes, this is also very stupid and annoying. Does nobody who works for
the companies making these sorts of websites ever use their own, or
indeed anyone else's, website?

Another one that's become popular recently is the sort of annoying
website that insists on "email 2FA", i.e. you try to login and then
they send you an email with a 6-digit code in that you have to enter
to authenticate yourself. So you go to your mail client and double-click
on the number to select it, and stupid thing (A) happens: for no sane
reason, the computer selects the digits *and also an invisible space
after them*. Then you copy the digits into the web form, then invisible
space tags along for the ride, and stupid thing (B) happens: the web
server rejects the code because of the trailing space.

Honestly I don't understand why every web application platform doesn't automatically strip all leading and trailing whitespace on user input
by default. It's surely incredibly rare that it's sensible to preserve
it. (I see Django eventually got around to this in version 1.9.)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/5/23 05:32, D'Arcy Cain via Python-list wrote:

On 2023-11-05 00:39, Grant Edwards via Python-list wrote:

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs.  People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

And don't get me started on phone number validation.  The most annoying thing to me, though, is sites that reject names that have an apostrophe
in them.  I hate being told that my name, that I have been using for
over seventy years, is invalid.

OK, now that I am started, what else?  Oh yah.  Look at your credit
card.  The number has spaces in it.  Why do I have to remove them.  If
you don't like them then you are a computer, just remove them.

When do we stop working for computers and have the computers start
working for us?

If this is being voted on, pretend you are in Georgia, vote often and
early. Best question of the century.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-05, Grant Edwards <grant.b.edwards@gmail.com> wrote:

On 2023-11-05, D'Arcy Cain via Python-list <python-list@python.org> wrote:

On 2023-11-05 00:39, Grant Edwards via Python-list wrote:

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs. People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

And don't get me started on phone number validation.

I can see how the truley dim-witted might forget that other countries
have phone numbers with differing lengths and formatting/punctuation,
but there are tons of sites where it takes multiple tries when
entering even a bog-standard USA 10-0digit phone nubmer because they
are completely flummuxed by an area code in parens or hyphens in the
usual places (or lack of hyhpens in the usual places). This stuff
isn't that hard, people...

Indeed - you just do "pip install phonenumbers" :-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-05, D'Arcy Cain via Python-list <python-list@python.org> wrote:

On 2023-11-05 00:39, Grant Edwards via Python-list wrote:

Definitely. Syntactic e-mail address "validation" is one of the most
useless and widely broken things on the Interwebs. People who do
anything other than require an '@' (and optionally make you enter the
same @-containing string twice) are deluding themselves.

And don't get me started on phone number validation.

I can see how the truley dim-witted might forget that other countries
have phone numbers with differing lengths and formatting/punctuation,
but there are tons of sites where it takes multiple tries when
entering even a bog-standard USA 10-0digit phone nubmer because they
are completely flummuxed by an area code in parens or hyphens in the
usual places (or lack of hyhpens in the usual places). This stuff
isn't that hard, people...

The most annoying thing to me, though, is sites that reject names
that have an apostrophe in them. I hate being told that my name,
that I have been using for over seventy years, is invalid.

OK, now that I am started, what else? Oh yah. Look at your credit
card. The number has spaces in it. Why do I have to remove them. If
you don't like them then you are a computer, just remove them.

Indeed. There is a tiny but brightly burning kernel of hate in my
heart for web sites (and their developers) that refuse to accept
credit card numbers entered with spaces _as_they_are_shown_on_the_card_!

I've concluded that using PHP causes debilitating and irreversible
brain damage.

When do we stop working for computers and have the computers start
working for us?

--
Grant

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/5/23 10:34, Grant Edwards via Python-list wrote:

Indeed. There is a tiny but brightly burning kernel of hate in my
heart for web sites (and their developers) that refuse to accept
credit card numbers entered with spaces _as_they_are_shown_on_the_card_!

I've concluded that using PHP causes debilitating and irreversible
brain damage.

I think it's the attitude that speed of deployment is more important
than any other factor, rather than just PHP :-) Plus a bunch of that
stuff is also coded in the front end (aka Javascript).

Phone numbers.
Credit card numbers.
Names (in my case - my wife has a hypenated surname which is almost as
deadly as non-alpha characters in a name which was already mentioned in
this diverging thread)

and addresses. living rurally we have two addresses: a post office
rural route box for USPS and a "street address" for anyone else. The
former looks like "{locationID} Box {number}". The single word "Box"
often triggers "we don't deliver to P.O. Boxes" - it's not a PO Box, and
it's the only address USPS will deliver to, so get over yourself. Or
triggers fraud detection alerts, because "billing address" != "shipping address".

it's astonishing how bad so many websites are at what should be a
fundamental function: taking in user-supplied data in order to do
something valuable with it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-05 06:48, Jon Ribbens via Python-list wrote:

Sometimes I think that these sorts of stupid, wrong, validation are the
fault of idiot managers. When it's apostrophes though I'm suspicious
that it may be idiot programmers who don't know how to prevent SQL
injection attacks without just saying "ban all apostrophes everywhere".
Or perhaps it's idiot "security consultancies" who make it a tick-box requirement.

https://xkcd.com/327/

OK, now that I am started, what else? Oh yah. Look at your credit
card. The number has spaces in it. Why do I have to remove them. If
you don't like them then you are a computer, just remove them.

Yes, this is also very stupid and annoying. Does nobody who works for
the companies making these sorts of websites ever use their own, or
indeed anyone else's, website?

Gotta wonder for sure. It could also be the case of programmers
depending on user input but the users insist on living with the bugs
and/or working around them. We made crash reporting dead simple to
report on and still users didn't bother. We would get the traceback and
have to guess what the user was doing.

Honestly I don't understand why every web application platform doesn't automatically strip all leading and trailing whitespace on user input
by default. It's surely incredibly rare that it's sensible to preserve
it. (I see Django eventually got around to this in version 1.9.)

Yes, I have done that forever. Never had a complaint about it dropping characters.

--
D'Arcy J.M. Cain
Vybe Networks Inc.
http://www.VybeNetworks.com/
IM:darcy@Vex.Net VoIP: sip:darcy@VybeNetworks.com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 5 Nov 2023 19:22:49 -0600, D'Arcy Cain wrote:

Gotta wonder for sure. It could also be the case of programmers
depending on user input but the users insist on living with the bugs
and/or working around them. We made crash reporting dead simple to
report on and still users didn't bother. We would get the traceback and
have to guess what the user was doing.

We've found even if you directly ask the user often the answer is 'I
dunno' or some mythology they have constructed to explain the problem. We
had one site that reported if they hit the Enter key hard the query would
work. It was a rather simple bug where the query would be randomly sent to
the wrong interface.

There is quite a bit of literature in psychology about intermittent reinforcement and the behavioral strategies that are developed. Works for
rats, works for humans.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------e91499b26292246d72bdfef8a150a90d Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8

I can see how the truley dim-witted might forget that other countries
have phone numbers with differing lengths and formatting/punctuation,
but there are tons of sites where it takes multiple tries when
entering even a bog-standard USA 10-0digit phone nubmer because they
are completely flummuxed by an area code in parens or hyphens in the
usual places (or lack of hyhpens in the usual places). This stuff
isn't that hard, people...

The thing I truly hate is when you have two telephone number fields. One for landline and one for mobile. I mean who in hell has a landline these days? And not accepting your mobile number in the landline number field is just when I give up. Or having a
landline only field that does not accept mobile phones.

Simon.
-----------------------e91499b26292246d72bdfef8a150a90d--

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wnUEARYKACcFgmVIqmkJkFrvKC74ta6lFiEEXOYF9uqFRn4815bYWu8oLvi1 rqUAAMa0APsE6I0/I6B8nOryiHQJozPzlwma13BV/hCWQrE4GPRd1wEA1ZeD OC0KR3twFCa9QAoLDc41bRMhbEX3/quzrAZ3ogY=
=toeL
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-06, D'Arcy Cain <darcy@VybeNetworks.com> wrote:

On 2023-11-05 06:48, Jon Ribbens via Python-list wrote:

Sometimes I think that these sorts of stupid, wrong, validation are the
fault of idiot managers. When it's apostrophes though I'm suspicious
that it may be idiot programmers who don't know how to prevent SQL
injection attacks without just saying "ban all apostrophes everywhere".
Or perhaps it's idiot "security consultancies" who make it a tick-box
requirement.

https://xkcd.com/327/

Indeed. My point is that the correct way to solve this problem is not
to declare vast swathes of valid inputs verboten, but to *not execute
user input as code*. Controversial, I know.

OK, now that I am started, what else? Oh yah. Look at your credit
card. The number has spaces in it. Why do I have to remove them. If
you don't like them then you are a computer, just remove them.

Yes, this is also very stupid and annoying. Does nobody who works for
the companies making these sorts of websites ever use their own, or
indeed anyone else's, website?

Gotta wonder for sure. It could also be the case of programmers
depending on user input but the users insist on living with the bugs
and/or working around them. We made crash reporting dead simple to
report on and still users didn't bother. We would get the traceback and
have to guess what the user was doing.

That was another thing that I used to find ridiculous, but seems to have improved somewhat in recent years - website error pages that said "please contact us to let us know about this error". I'm sorry, what? You want
me to contact you to tell you about what your own website is doing? How
does that make any sense? Websites should be self-reporting problems.

(Not least because, as you say, people are absolutely terrible at
reporting problems, with almost all bug reports reading effectively as
"I was doing something that I'm not going to tell you and I as expecting something to happen which I'm not going to tell you, but instead
something else happened, which I'm also not going to tell you".)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/6/23 01:57, Simon Connah via Python-list wrote:

The thing I truly hate is when you have two telephone number fields. One for landline and one for mobile. I mean who in hell has a landline these days?

People who live in places with spotty, or no, mobile coverage. We do exist.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-06, Mats Wichmann <mats@wichmann.us> wrote:

On 11/6/23 01:57, Simon Connah via Python-list wrote:

The thing I truly hate is when you have two telephone number fields.
One for landline and one for mobile. I mean who in hell has a
landline these days?

People who live in places with spotty, or no, mobile coverage. We do
exist.

Catering for people in minority situations is, of course, important.

Catering for people in the majority situation is probably important too.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-06 08:57, Simon Connah via Python-list wrote:

I can see how the truley dim-witted might forget that other countries
have phone numbers with differing lengths and formatting/punctuation,
but there are tons of sites where it takes multiple tries when
entering even a bog-standard USA 10-0digit phone nubmer because they
are completely flummuxed by an area code in parens or hyphens in the
usual places (or lack of hyhpens in the usual places). This stuff
isn't that hard, people...

The thing I truly hate is when you have two telephone number fields. One for landline and one for mobile. I mean who in hell has a landline these days? And not accepting your mobile number in the landline number field is just when I give up. Or having

a landline only field that does not accept mobile phones.

I have a landline. It's also how I access the internet.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 7 Nov 2023 at 02:05, Jon Ribbens via Python-list <python-list@python.org> wrote:

That was another thing that I used to find ridiculous, but seems to have improved somewhat in recent years - website error pages that said "please contact us to let us know about this error". I'm sorry, what? You want
me to contact you to tell you about what your own website is doing? How
does that make any sense? Websites should be self-reporting problems.

Actually, I think those serve a very important purpose. The reports
are almost certainly being discarded unread; the value of such a
reporting system is to give the user the sensation that they've "done something" to "help". It makes some people feel better about running
into a bug.

But you're right, they serve little purpose in solving web site problems.

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11/6/23 08:23, Jon Ribbens via Python-list wrote:

On 2023-11-06, Mats Wichmann <mats@wichmann.us> wrote:

On 11/6/23 01:57, Simon Connah via Python-list wrote:

The thing I truly hate is when you have two telephone number fields.
One for landline and one for mobile. I mean who in hell has a
landline these days?

People who live in places with spotty, or no, mobile coverage. We do
exist.

Catering for people in minority situations is, of course, important.

Catering for people in the majority situation is probably important too.

A good experience would do both, in a comfortable way for either.

Continuing with the example, if you have a single phone number field, or
let a mobile number be entered in a field marked for landline, you will probably assume you can text to that number. I see this all the time on signups that are attempting to provide some sort of 2FA - I enter the
landline number and the website tries to text a verification code to it
(rather have an authenticator app for 2FA anyway, but that's a different argument)

Suggests maybe labeling should be something like:

* Number you want to be called on
* Number for texted security messages, if different

Never seen that, though :-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 7 Nov 2023 at 07:10, Mats Wichmann via Python-list <python-list@python.org> wrote:

Suggests maybe labeling should be something like:

* Number you want to be called on
* Number for texted security messages, if different

Never seen that, though :-)

My responses would be:

* Don't.
* That's what cryptographic keys are for.

:)

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 6/11/23 6:34 pm, rbowman wrote:

We've found even if you directly ask the user often the answer is 'I
dunno' or some mythology they have constructed to explain the problem.

This seems to apply to hardware issues as well. Louis Rossmann has
a philosophy of "Never believe what the customer tells you."

--
Greg

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 7/11/23 7:45 am, Mats Wichmann wrote:

Continuing with the example, if you have a single phone number field, or
let a mobile number be entered in a field marked for landline, you will probably assume you can text to that number.

But if the site can detect that you've entered a mobile number into
the landline field or vice versa and reject it, then it can figure out
whether it can text to a given numner or not without you having
to tell it!

--
Greg

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 7 Nov 2023 at 10:11, Greg Ewing via Python-list <python-list@python.org> wrote:

On 7/11/23 7:45 am, Mats Wichmann wrote:

Continuing with the example, if you have a single phone number field, or let a mobile number be entered in a field marked for landline, you will probably assume you can text to that number.

But if the site can detect that you've entered a mobile number into
the landline field or vice versa and reject it, then it can figure out whether it can text to a given numner or not without you having
to tell it!

Oh yes, it totally can. Never mind that some mobile numbers are able
to accept text messages but not calls, nor that some landline numbers
can accept text messages as well as calls :)

ChrisA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 7 Nov 2023 12:11:18 +1300, Greg Ewing wrote:

On 6/11/23 6:34 pm, rbowman wrote:

We've found even if you directly ask the user often the answer is 'I
dunno' or some mythology they have constructed to explain the problem.

This seems to apply to hardware issues as well. Louis Rossmann has a philosophy of "Never believe what the customer tells you."

Truer words... A customer called to report an industrial dielectric heater wasn't putting out full power. First question was 'Did you check the
fuses?' since it was three phase but if you blew one leg it would still
operate on reduced power. He assured me he had. I went through the rest of
the common problems with no solution so the next day I flew out to the
plant. I replaced the 30 amp fuse and all was good. The customer had a
very expensive lesson in how to check fuses.

At least with software you don't have to physically appear on site.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Just mildly noticing the topics discussed have wandered quite a bit away
from Python, let alone even programming.

Phone numbers are not what they used to be. They tend to be quite portable
and in some ways can be chained so my house phone rings through to my cell phone but a text will not be forwarded. And, if I do not choose to read my texts, no amount of sending would enlighten me about your needs. I know
people who get WhatsApp messages but not standard texts, for example.

-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com@python.org> On Behalf Of Chris Angelico via Python-list
Sent: Monday, November 6, 2023 6:20 PM
To: python-list@python.org
Subject: Re: Checking if email is valid

On Tue, 7 Nov 2023 at 10:11, Greg Ewing via Python-list <python-list@python.org> wrote:

On 7/11/23 7:45 am, Mats Wichmann wrote:

Continuing with the example, if you have a single phone number field, or let a mobile number be entered in a field marked for landline, you will probably assume you can text to that number.

But if the site can detect that you've entered a mobile number into
the landline field or vice versa and reject it, then it can figure out whether it can text to a given numner or not without you having
to tell it!

Oh yes, it totally can. Never mind that some mobile numbers are able
to accept text messages but not calls, nor that some landline numbers
can accept text messages as well as calls :)

ChrisA
--
https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-06, Greg Ewing via Python-list <python-list@python.org> wrote:

On 7/11/23 7:45 am, Mats Wichmann wrote:

Continuing with the example, if you have a single phone number field, or
let a mobile number be entered in a field marked for landline, you will
probably assume you can text to that number.

But if the site can detect that you've entered a mobile number into
the landline field or vice versa and reject it, then it can figure out whether it can text to a given numner or not without you having
to tell it!

Maybe. I'm pretty sure the last time I was in Australia, you could
send/recieve text messages from landalines. And I've had mobile number
that didn't support text messaging.

If you, as a web developer, want the user to enter a text-message
capable phone number, then ASK FOR THAT!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-11-07 08:40, Grant Edwards via Python-list wrote:

If you, as a web developer, want the user to enter a text-message
capable phone number, then ASK FOR THAT!

And you may as well ask if they even want you to send texts whether they
can technically receive them or not.

--
D'Arcy J.M. Cain
Vybe Networks Inc.
http://www.VybeNetworks.com/
IM:darcy@Vex.Net VoIP: sip:darcy@VybeNetworks.com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Text messages have taken a nasty turn and especially now that so many people have unlimited messages per month in their plan. People overuse them to the point where I opt out of some things like my home town notifications as they bombard me with other things I am not interested in.

A major offender now is various forms of security which insist on not
letting you into a web site for your bank or other resources unless they
first send you an email or text message or perhaps a voice call with random digits to use as verification. Try sitting somewhere with your phone muted
as all the beeps get annoying.

There are many reasons for preferences and I know many people find it harder
to reply to texts on their phone than to emails on a PC with a full
keyboard.

But all of this is not really here or there. We are talking more about user interface design than about programming, let alone about Python.

What strikes me as a useful direction is for people to suggest what
resources and methods in the Python world are helpful. Examples would be modules that have been tested and used that do things well such as
validating phone numbers or emails, perhaps flexibly so that if a validation fails, they prompt the user asking if they are sure it is correct and maybe offer to let them type it in again for verification. Other ideas as stated recently are routines that don't just ask for a number but specify the
purpose, and perhaps messages about what circumstances would trigger a use
of the number, such as if fraud is detected, and get you to opt in or
refuse.

Reusable libraries of sorts, or good documentation of examples, would
perhaps help make User Interface design and customer satisfaction better and show Python as a good way to do some kinds of programs.

In that light, I wonder if it makes sense to NOT insist people give you
their email address at all, and make it optional so they do not need to
provide you with something bogus just to go on.

-----Original Message-----
From: Python-list <python-list-bounces+avi.e.gross=gmail.com@python.org> On Behalf Of D'Arcy Cain via Python-list
Sent: Tuesday, November 7, 2023 11:24 AM
To: python-list@python.org
Subject: Re: Checking if email is valid

On 2023-11-07 08:40, Grant Edwards via Python-list wrote:

If you, as a web developer, want the user to enter a text-message
capable phone number, then ASK FOR THAT!

And you may as well ask if they even want you to send texts whether they
can technically receive them or not.

--
D'Arcy J.M. Cain
Vybe Networks Inc.
http://www.VybeNetworks.com/
IM:darcy@Vex.Net VoIP: sip:darcy@VybeNetworks.com

--
https://mail.python.org/mailman/listinfo/python-list

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)