“Please Enter A Valid Email Address”

by Paul Sherman on March 25, 2009 · 17 comments

in Web


(Click picture to see full-sized)

Here’s the thing, Intuit: that *is* a valid email address. Gmail has this really neat feature where you can append “+[foo]” to your email handle, and it’ll still get delivered to your regular gmail address.

Why would I want to do this? It’s a great way to filter email, for one. You can simply set up a filter that searches for the “+” strings, dropping them neatly into different folders on your desktop email client.

More importantly, using the “+” is a great way to figure out who’s selling your email address to spammers. If all of a sudden you find that you’re receiving lots more spam to your “+badcompany” address, you can be sure that Badco has sold your address to spammers and other ne’r-do-wells.

So is that what companies are afraid of? Are they afraid that they’ll be found out as a company that aids and abets spammers?

Or is it simply that their programmers are too lazy to write accurate validation code for their web forms?

Caveat: I’m not calling out Intuit exclusively on this. Intuit’s a great company and I personally use several of their products. This has happened to me at many other sites.

Maybe I should start my own little “accept the plus sign” Internet meme…hey, everybody has their 15 minutes…

  • http://www.weatheringbrokenlinks.com WtBL

    One problem with writing “accurate validation code” is that, even with standards, what is the definition of everything that will be valid? What's standard today my just become a subset of what's standard tomorrow.

    I think the best solution would be for a lot of these validation checks to be warning+confirm checks. For example, “that doesn't look like a valid email address, are you sure that's what you want to enter?” And give the user a chance to override the validation filter which may be broken. At that point, if they don't get email's it's their own fault.

    I have a single letter of a first name. I hate that so many systems don't allow a 1 letter first name. It's my legal name (even if I don't go by it). Some systems can be tricked into working if I enter a period after it making it look like an initial, but some still insist on more than two characters or that a first name not have anything that's not a letter in it. if they were to adopt a model of saying, “hey, it looks like you might have missed a few letters, are you sure that's what you want to enter?” it would avoid the problem.

    • http://www.usabilityblog.com Paul Sherman

      Excellent points, and I certainly appreciate the perspective! Thanks for providing that feedback.

    • J Todd Bennett

      My first name is also one letter… and Intuit's Tax Cut software tells me it's an invalid name. Nothing worse than a piece of software telling you that your own name is invalid!

    • linsenk

      I agree with you. Every entry should have a warning asking if you really did enter the email address or other information correctly. Then, it should let you simply enter it and then if you entered your information wrong, it is your fault. I agree with your example of your name being one initial and not being accepted as a first name on many websites. When designers design their websites and use forms, they should allow more than one ideal entry. Everyone around the world has different information and we cannot expect to have every user to enter their information in one specific way. Designers should be flexible and meet the needs of the users in the best way possible. In this case, having a warning and a confirmation check would do the trick!

  • Keijo S.

    I guess most of the time improper validation code is the sad result of laziness or simply just not giving a damn. However, accepting all peculiarities allowed by RFC 2822 would probably result in accepting a lot of typos, too. This guy has come up with a rather nice idea of a three-valued validation instead of the usual accept/reject logic: <http://www.markussipila.info/pub/emailvalidator…>. I haven’t seen this idea elsewhere but I think it’s pretty good.

  • http://techknack.net Andrew

    “Gmail has this really neat feature where you can append “+[foo]” to your email handle…”

    So what?

    IE has this neat feature where you can enclose IE-only content in specialized HTML comments. That doesn't mean it's an appropriate implementation. So what?

    Rather than pointing to a currently-popular email provider and a “neat feature” they support, you should point to the document that defines the standard, which I believe is RFC 2822 for email. Section 3.2.4 defines “+” (amongst many other characters that are likely considered “invalid” by a lot of form validators) as part of “atext”, which is part of the “dot-atom”, which is part of the “local-part”, the part before the @.

    I'd bet that the developer of that validation system probably just wrote a regex based on what they were familiar with in terms of email addresses. That's what happens when you don't bother to consult the standard.

    However, along with what Keijo said, RFCs at times can be very extensive in their specifications — and it's always possible to miss something, get something wrong, etc with such complex regexes.

    WtBL, what's standard today may be obsoleted by tomorrow… but for practicality's sake, we can't just sit still for fear of breaking a future standard, can we? Though I like the validator-override method you mentioned :)

    Aside: re: WtBL's one-letter FN… is there a standard format for names? :3

  • eric

    This happens a lot using music download
    freemusicconnection.com
    Or EZtracks
    Both say gmail is invalid. How can I verify?

  • mark09
  • mark09
  • George dinkel

    i want to join ecards

  • jeremy
  • Guest
  • Guest
  • Guest
  • Guest
  • TheresNoEscapingSpam

    We can thank Yahoo for aiding and abetting spammers with the feature of “disposable email accounts”
    To add the email address to the spam portion of mail options is useless because once the address is added the spammer has already deleted that email address from their account.

  • MD:SAFIN HAYDER (SHUVO)

    read

Previous post:

Next post: