[Freak_NL]

Please read up on present day email address validation. If you have a regex that is doing more than ^.+@.+$, then you are doing it wrong.

Don't validate the address beyond looking for an '@' in the string; just send an email with a confirmation link to see if it actually works.

[shhsshs]

I prefer the true email validation regex: https://regex101.com/r/iE0rF5/1

[Freak_NL]

I feel bad for the developers who run into that monstrosity and actually implement it.

[dalbotex]

100% this!

For reference, I didn't try any of the more obscure email address features, such as comments or quotation. My address simply has the form firstname@lastname.email

[cvs268]

> just send an email with a confirmation link to see if it actually works.

Please don't enable anyone to just send emails to arbitrary email-addresses through you. That's how your email/domain will quickly get marked for SPAM.

At the very least, put in place a rate-limit per email-id (and source-ip too maybe). Otherwise i can simply keep entering email-ids of people to spam.

[cvs268]

Why the -1's ? Isn't this a genuine concern to avoid getting on a SPAM blacklist? What am i missing?...

[eddyg]

I use:

    ^[^@]+@[^.]+\..+$

for a bit of sanity checking...

[dalbotex]

Multiple @ symbols are absolutely valid, as long as they are properly quoted ;)

[janberchtold]

Thanks we will change this!