My (least) favorite in this category is email addresses. It’s astonishing how many developers screw this up by trying to validate an email address by some means other than sending a message to it.
The problem is that if you send a message just blindly, you can be tricked into sending spam to millions of addresses. I do one thing that prevents that, but does violate the standard, I verify there’s only 1 ‘@’ in the address… this technically prevents people with '@'s in their name, but they probably find it impossible to do anything with that address anyway.
My (least) favorite in this category is email addresses. It’s astonishing how many developers screw this up by trying to validate an email address by some means other than sending a message to it.
The problem is that if you send a message just blindly, you can be tricked into sending spam to millions of addresses. I do one thing that prevents that, but does violate the standard, I verify there’s only 1 ‘@’ in the address… this technically prevents people with '@'s in their name, but they probably find it impossible to do anything with that address anyway.
100% agree.
™@tld
user-at-fqdn@domain.tld.
"user with spaces"@domain.tld
"user@notdomain"@domain.tld
endswitha_@domain.tld
user+tag@gmail.com
unicodedomain@🤡.tld
All of those are valid, and the know-it-all developer’s shitty regex won’t cover most of them.
Except lots of email services won’t take a technically correct email anyway.
“Systems that break email already exist, so let’s add more to the world.”
Please, no.