I agree with Jordyn because it happens time and time again. remember when SLDs and TLDs couldn’t start with a digit? then 3m.com came along and RFC was changed. remember the acceptance problem .info had when it went live because it was 4 characters? now we are discussing the 2 character issue and guess what… IDNs. maybe we’ll have 1 character TLDs soon. what about all-numeric TLDs? can’t have that currently (i forget which RFC) because IP address right? what if the SLD is not solely digits? then maybe. who knows Tim Berners-Lee regrets “http://“ for gods sake. maybe that will change too someday. Jon Postel said be liberal in what you accept from the universe and conservative in what you send out to the universe (i forget exact quote). I think that applies here. do not restrict what’s accepted. the restriction will change and then we’re screwed… again.
On Sep 14, 2017, at 11:07 AM, M3 Sweatt <msweatt@microsoft.com> wrote:
Adding this back to the main thread (sorry)
From: Jordyn Buchanan Sent: Thursday, September 14, 2017 10:51 AM To: M3 Sweatt Cc: Rubens Kuhl Subject: Re: [UA-discuss] Regular Expression
I have no idea, and that's the point. But probably people writing the current regexps weren't anticipating EAI or even IDN TLDs generally, and when there were only a handful of gTLDs that hadn't changed since RFC 1591 was written it probably seemed reasonable to hard code the white list.
So I'd rather avoid baking in assumptions about what types of addresses are likely to work in the future where the implementation is separate from the infrastructure that actually handles the delivery of mail. That way we don't increase the number of lines of code we have to touch next time we want to change the set of valid e-mail addresses.
Jordyn
On Thu, Sep 14, 2017 at 1:43 PM, M3 Sweatt wrote: @Jordyn Buchanan <mailto:jordyn@google.com>, thanks for the perspective. What do you mean that the “rules may change again”?
From: ua-discuss-bounces@icann.org [mailto:ua-discuss-bounces@icann.org] On Behalf Of Paul Stahura Sent: Thursday, September 14, 2017 10:46 AM To: Jordyn Buchanan <jordyn@google.com> Cc: Universal Acceptance <ua-discuss@icann.org> Subject: Re: [UA-discuss] Regular Expression
I totally agree with Jordyn and Mark "Just capture the string and send a test message.”
On Sep 14, 2017, at 10:38 AM, Jordyn Buchanan via UA-discuss <ua-discuss@icann.org <mailto:ua-discuss@icann.org>> wrote:
Also worth remembering that "works according to the universe at the moment the RegExp was written" is how we got into a lot of today's UA mess in the first place. Just because dotless domains or some other rule is in place today, I'd want to avoid encoding them into a regexp that we tell people to use since the rules may change again and I don't want to have another group following along in our wake 10 years from now trying to undo the code that we told everyone to write.
Jordyn
On Thu, Sep 14, 2017 at 1:27 PM, Rubens Kuhl <rubensk@nic.br <mailto:rubensk@nic.br>> wrote:
The BiDi issue suggests to me that even enforcing the non-dotless rule is too much for a simple regex, as shabaka.example@don <mailto:shabaka.example@don> is a valid Arabic EAI , while the same ASCII combination is not valid even if a .don TLD gets delegated. [non-empty]@[non-empty] looks better to me.
Rubens
Em 14 de set de 2017, à(s) 13:58:000, Don Hollander <don.hollander@icann.org <mailto:don.hollander@icann.org>> escreveu:
Thanks Jim.
The BiDi issue, with raw data input, is which side has the domain side.
usually you’ll encounter mailbox@domainname.tld <mailto:mailbox@domainname.tld>
But in Arabic or Hebrew you’ll encounter tld.domainname@mailbox <mailto:tld.domainname@mailbox>
Don
On 15/09/2017, at 3:44 AM, Jim Hague <jim@sinodun.com <mailto:jim@sinodun.com>> wrote:
On 12/09/2017 19:44, Don Hollander wrote:
One RegEx has stood out as being simple and correct. I’d like the UASG to consider recommending this in our documentation. Toward that end, this thread is for discussion.
/^.+@(?:[^.]+\.)+(?:[^.]{2,})$ <mailto:/%5e.+@(?:[%5e.]+\.)+(?:%5b%5e.%5d%7b2,%7d)$>
Regular expression check in Javascript. This accepts any Unicode characters, only insisting that the domain must have more than one label and the TLD is 2 characters or longer.
Note that this in the context of an in-browser check. I only examined a small random subset of the sites surveyed in the main evaluation, and obviously without access to server code could only examine client-side operations. In all the sites I examined, the only check performed was against one (or in one case two) regular expression(s). No decomposition of the email address was attempted, and certainly no translation of the domain to Punycode.
It was in that context that I highlighted the above regex, on the basis that it's probably the only sensible option to suggest to organisations as a low-impact UA improvement (I won't say fix) at the moment. If a future evaluation exercise verifies that an existing Javascript module does the right thing, that would be a better alternative, but that would involve more substantial modifications to site code.
I agree that modifying it to allow 1 character TLDs would be sensible.
I also agree with the page referenced at the start of the thread (which I read before working on the report) that just checking for '@' is about all one should attempt, certainly client-side.
Turning again to the above regex, of course, being a proposed regex for validating email addresses, it's got an obvious deficiency. It needs to add support for other label separators (e.g. open dot).
Mark Svancarek raised the excellent point of bidi in the domain. Personally I'm not confident I understand the bidi rules. But if the regex requires at least one label separator character in the domain and non-empty labels, will that work, given that if the regex allows 1 character TLDs then a valid TLD is simply a non-empty label? -- Jim Hague - jim@sinodun.com <mailto:jim@sinodun.com> Never trust a computer you can't lift.
Don Hollander Universal Acceptance Steering Group Skype: don_hollander