IsValidEmailAddress overly strict

Feb 22, 2009 at 10:11 AM
Edited Feb 22, 2009 at 10:13 AM
Right now the regex used in string.IsValidEmailAddress - ^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$ - isn't actually an accurate way to validate email addresses in that it leaves out many valid email addresses and falsely accepts many invalid email adresses.

Here's a few problems:
  • It leaves out allowed characters for the user portion. ("local-part" in the specification parlance.) The most noticeable character is "+", which on a number of systems (like Gmail) is used to "tag" a message to a user ( is delivered to but can be filtered on specifically), but which can also be used on other systems as part of an ordinary, valid email address. However, characters like "#", "!", "/", "~" and "=" are all available for use in a valid email address, and the method won't pass through any of them. 
  • Valid email addresses contain between 1 and 64 characters in the user portion. Right now, 1 or more characters are allowed.
  • The host portion allows any nonsense top level domain (".aaa") as long as it is short enough, but leaves out legitimate existing top level domains (".museum" and ".travel").
  • The host portion doesn't do the correct checks for IP addresses. "99999999.1234" is accepted.
Providing a method that claims to validate an email address that doesn't do so reliably is of questionable use; providing a method that validates an email address by all the complicated rules is instead of tremendous use. There are several libraries available containing all the logic to validate an email address according to the rules set forth in various specifications; the code from, say, this short PHP library could be ported. 

I could do it myself, even.
Dec 2, 2016 at 9:23 PM
It is very helpful, thanks allot.