I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.
Nah, it’s just a old school chat bot following a predefined flow chart. And in this flowchart someone implemented an improper email check.
It’s pretty much the same as if there was just a website with an email field which then complains about a non valid email which in fact is very valid. And this is pretty common, the official email definition isn’t even properly followed by most mail providers (long video but pretty funny and interesting if you’re interested in the topic).
You can use symbols like [ ] . { } ~ = | $ in the local-part (bit before the @) of email addresses. They’re all perfectly valid but a lot of email validators reject them. You can even use spaces as long as it’s using quotation marks, like
"hello world"@example.comA lot of validators try to do too much. Just strip spaces from the start and end, look for an
@and a., and send an email to it to validate it. You don’t really care if the email address looks valid; you just care whether it can actually receive email, so that’s what you should be testing for.Not even a dot: TLDs are valid email domains. joe@google is a correct address.
Mmm… That doesn’t seem right, it’s usually gotta be fully expanded to at least a particular A record/MX.
How would you tie the tld itself to an MX?
TLD is just another DNS layer, try an SOA or NS lookup for “com.” those are obviously hosted somewhere. Hell the “.” at the end is even another layer with the root nameservers. You’d probably trip up a bunch of systems that filter on common convention rather than the actual RFC, but you could do it.
How the hell were the original rfc designers so creative as to result in such a flexible system?? It’s gets crazier the more you look at it.
To this point, there’s a website dedicated to the subject. Some of the regexes get pretty wild…
https://emailregex.com/
Yea but most of the time its more important to block code injection than to have the last promille of valid mail adresses be accepted.
I think emailregex.com offers best of both worlds.
You’re not going to get code injection via an email address field. Just make sure you’re using prepared statements (if you’re using a SQL database) and that you properly escape the email if you output it to a HTML page.
The first rule of tautology club is the first rule of tautology club.
Yeah that video is great. My favourite part is the Russian post address thing.
He has a lot of interesting and funny talks like that.
yes but that would be an AI still
Here is an alternative Piped link(s):
properly followed by most mail providers
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
That is AI…
Even “algorithm”, you could say! The text adventure game I made in BASIC when I was 14 is going to blow your mind. It is 100% artificial and uses logic (IF statements), hence AI!