Flattr this Bookmark and Share

Tuesday, April 8, 2014

Yet another blog post on how to validate email addresses

I have read a lot of blog posts and Stack Overflow answers over the years on "the best way to validate an email address".  This article uses the example of validating in ASP.NET MVC but the theories could apply to any code base.

What I have learnt is that like most things, there is no "best" way, it depends on your requirements.

So I thought I would outline my most common requirements and how I do it.

Usually my requirements for capturing an email address are:

  1. Let the user know if they have possibly not typed in an email address at all (E.g. maybe they accidentally put their name in the email field).  This should be done client side so it is fast.
  2. I want the email validation to be as "loose" as possible, not check every known variation.  However, I want my mail sending code to work.  I don't want to queue up an email task on a background process for it to not be able to deal with the email address supplied.
  3. Optionally (not always), I want to know that someone actually got the email
(NOTE: High Performance is not a requirement - this is for validating emails as a user enters them, not batch validating.  So I am not worried about overhead of Regex vs String.Contains or anything like that)

To meet requirement #1, Regex works.  Basically I just want to know they typed something then the @ symbol and then something else to prevent "accidental entry".  Nothing more than that.  Regex is nice because you can easily apply the same logic on the server and client side.  This means the check to make sure it is possibly an email address can happen in the browser without even hitting the server.  One .NET Regex pattern for checking something@something is: ".+\@.+$" (please let me know in the comments if there is a better way).

For requirement #2, I do not use Regex.  Sure there are Regex patterns that claim to validate email "as per the spec" - but I am sure most email clients don't support a lot of those addresses and who knows if everyone actually implements as per the spec.  At the end of the day, I want to use the mechanism that is going to send my email to validate my email now, so I know it won't fail validation later.  If you are using a third party service to send emails, see if they have a validation service you can call.  If you are just using the built in System.Net.Mail namespace, you can verify with the "MailAddress" class.  In ASP.NET MVC, this is an example of a Model class with the Regex, plus checking that "System.Net.Mail.MailAddress" thinks that the address is valid:

For requirement #3, you could in theory try to check for a "bounce" - but that will not work in all scenarios.  Read receipts are also not reliable as the user has the option to not send one and not all mail clients support them.  If you really need to know if someone got the email, the only way I can think of is to put a link in there that they have to click to let you know.  They are not always going to click it either, so they might need some incentive.  A common example is when someone signs up to a service, in the email you put "click here to activate your account".  If they never click it, their account is never enabled.

Hopefully if you have the same requirements as this then these ideas will help you to quickly implement your email validation without researching options for hours and testing Regex patterns!