Validate an E-Mail Address with PHP, the Right Way

Develop a working PHP function to validate e-mail addresses.

The regular expression in the outer test looks for a sequence of allowable or escaped characters. Failing that, the inner test looks for a sequence of escaped quote characters or any other character within a pair of quotes.

If you are validating an e-mail address entered as POST data, which is likely, you have to be careful about input that contains back-slash (\), single-quote (') or double-quote characters ("). PHP may or may not escape those characters with an extra back-slash character wherever they occur in POST data. The name for this behavior is magic_quotes_gpc, where gpc stands for get, post, cookie. You can have your code call the function, get_magic_quotes_gpc(), and strip the added slashes on an affirmative response. You also can ensure that the PHP.ini file disables this “feature”. Two other settings to watch for are magic_quotes_runtime and magic_quotes_sybase.

The two regular expressions in Listing 5 are appealing because they are relatively easy to comprehend and don't require repetition of the allowable character group, [A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-]. Here's a test for you. Why does the character group require two back-slash characters before the forward slash and one back-slash character before the single quote?

One deficiency of the outer test of Listing 5 is that it passes local part strings that include dots anywhere in the string. Requirement number two states that dots can't start or end the local part, and they can't appear together two or more times. We could address this by expanding the outer regular expression into form ^(a+(\.a+)+)$, where a is (\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~-]). We could, but that leads to a long, hard-to-read, repetitive expression that's difficult to believe in. It's clearer to add the simple checks shown in Listing 6.

The local part is a wrap. The code now checks all local part requirements. Checking the domain will complete the e-mail validation. The code could check all of the labels in the domain separately, as does the whiskey-loving code shown in Listing 2, but, as hinted earlier, the solution presented here allows the DNS check to do most of the domain validation work.

Listing 7 makes a cursory check to ensure only valid characters in the domain part, with no repeated dots. It goes on to make DNS lookups for MX and A records. It makes the check for the A record only if the MX record check fails. The code in Listing 4 verified the length of the domain value.

So, is it good? You decide. But, it would be nice to test the logic to ensure that it at least is correct. Listing 8 contains a series of e-mail address test cases that any e-mail validation should pass.

Be sure to run the test to see the valid and rejected e-mail addresses, the double-escaping (\\) inside the PHP strings tends to obfuscate the addresses. You're challenged to subject your favorite e-mail validation code to this test. Be assured that the code in Listing 9 does pass!

Listing 9 contains a complete function for validating an e-mail address. It isn't as concise as many—it certainly isn't a one-liner. But, it is straightforward to read and comprehend, and it correctly accepts and rejects e-mail addresses that many other published functions incorrectly reject and accept. The function orders the validation tests roughly according to increasing cost. In particular, the more complex regular expression and, certainly, the DNS lookup, both come last.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

I agree: too much DNS, and is too slow

Anonymous's picture

First off,
DNS lookups are quite slow, but without them this script will validate many obviously wrong addresses (like "a@b").

With a google search, I found this function which is much faster and it does a pretty good job, especially for not relying on the DNS at all...

function emailcheck($email) {
		return preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $email);
}

Also,
instead of:
preg_match('/\\.\\./', $local)

use:
strpos($local,'..')!==false)

strpos() is much faster than preg_match.

Relies too much on DNS

Bill's picture

DNS checking is resource intensive. If you take out the DNS checks, all of the bugs in the logic start to appear.

This routine will accept the following as a valid email address:

a@b.c
a@b
a@b.

It is doing zero validation of the host and domain extension. Instead it relies on DNS to do these checks, which is a waste of system resources.

Since this article was posted over two years ago and no corrections have been made, I would suggest looking for something better.

Awesome script, just what I was looking for!!

Falstaff Computing's picture

Great script with comments and explanations so you can learn and understand what the code is doing!! Excellent!!

sorry this code have a

Anonymous's picture

sorry this code have a bug

just test : michael.good@gmail

wihout any .COM or .ANYTHING , the function recognize the email as valid !!!

It is prob due to your dns

VeNoMouS's picture

It is prob due to your dns search suffix, is it set to .com? if so its appending .com onto domains that are not fqdn

Thanks mate, this is working

Anonymous's picture

Thanks mate, this is working just perfectly for me ;-)

Thinks don't have to be perfect in my oppinion, as long as some scumbag spambots cannot spam with viagra_pills@for.free i'm happy :-D

This will reject 'postmaster'.

David Schwartz's picture

These validations will reject 'postmaster' which is, at least in some circumstances such as an SMTP RCPT line, required to be considered a valid email address.

I'm a little late, but I think I found a bug...

D'Arcy Flynn's picture

Hi there,
I am using this code to validate emails on the fly with the help of AJAX, on my site. I noticed that as I entered random email addresses the user could simply put
"myemail@a"
and it would consider it valid.
it didn't need the .____ attached.
so I added this to the middle of the validation:

else if (!preg_match('/\\./', $domain))
{
// domain has no dots
$isValid = false;
}

It fixed it.

Thanks for the code :)

I wrote my own e-mail

Geoffrey Lee's picture

I wrote my own e-mail validation function after spending hours with RFC 2822. It passes all of the above test cases with NOYB's corrections. I would appreciate if you submit any bugs to: geoffreyj.lee at Gmail.

function validateEmail($input)
{
  $atom = '[a-zA-Z0-9!#$%&\'*+\-\/=?^_`{|}~]+';
  $quoted_string = '"[^"\\\\\r\n]*"';
  $word = "$atom(\.$atom)*";
  $domain = "$atom(\.$atom)+";
  return strlen($input) < 256
    && preg_match("/^($word|$quoted_string)@{$domain}\$/", $input);
}

I realized that my

Geoffrey Lee's picture

I realized that my quoted-string regexp allowed too many characters. Here's the corrected version:

function validateEmailAddress($input)
{
  $atom = '[a-zA-Z0-9!#$%&\'*+\-\/=?^_`{|}~]+';
  $quoted_string = '"([\x1-\x9\xB\xC\xE-\x21\x23-\x5B\x5D-\x7F]|\x5C[\x1-\x9\xB\xC\xE-\x7F])*"';
  $word = "$atom(\.$atom)*";
  $domain = "$atom(\.$atom)+";
  return strlen($input) < 256 && preg_match("/^($word|$quoted_string)@${domain}\$/", $input);
}

Thanks!

Anonymous's picture

Thanks for the function. It's clean and simple. I'm using it to validate addresses. Appreciate your post.

Question

SidAhmed 's picture

Hello guys

i have connection internet and i installed xampp last version i would like to test validation of email this is the form :

Enter your email :

but its not working plz can u help me

replay urgent

just thought i'd leave a

alexanderdickson's picture

just thought i'd leave a note to say your link to Dave Child's website, ilovejackdaniels.com has changed to addedbytes.com

Wee fix

Pawel B.'s picture

This should check the top-level domain as well. I thought everything is fine until someone typed email address like this xxx@yyy.p instead of xxx@yyy.pl . DNS checking is switched off on a server so I cannot validate email address using it.

Lets add:


elseif (strlen(substr($domain, strrpos($domain, '.')+1)) < 2 || strlen(substr($domain, strrpos($domain, '.')+1)) > 6) {
$isValid = false;
}

Top level domain AFAIK is at least 2 char long and 'museum' is longest at the moment. This should do the trick.

Thanks for this code BTW! Very useful.

Wrong start!

Anonymous's picture

$isValid = true;
Should be $isValid = false;
If everything fails it should allways return false... pfff, spread the word!

R U Stupid?

Mihai's picture

The beginning of the code is perfect, "$isValid = true;" and not what you said!
It starts with the idea that the email is valid, and the checks are made!
If it doesn't pass, then it will return false!

He has a good point and not stupidity...

Anonymous's picture

the first set should be false...

to prove that the email is true (and only true) is to pass through tests.. after all tests have been done and all passed, that's the only time you set and agree that the email is valid. It is rather right than saying, at first the email is already valid and go through all the tests and prove it wrong.

What about other languages?

Johny Iversen's picture

Great article! Everything was neatly explained. I would say that Tom Burt is right though, the wording in the rule section seems to imply that a domain name can not begin with a number, which of course is wrong.

But what about if I wanted to do it in other languages like ASP.NET, or just plain javascript, is there any chance you will be working on examples for that too? :)

This doesn't work with

Anonymous's picture

This doesn't work with emails such as "someone@somewhere.co.uk" or "someone@somewhere.mn" ....

A validator that can tell back the exact nature of the anomaly.

Sacapuss's picture

Hello!

First, I want to thank and congratulate the author of this article for its quality and desirability.

I admit that, wishing to write a form that tests the submited addresses, I have been searching for a long time in vain on the Web a document that clearly explains the email addresses syntax, and that it seems I found it here.

I want to write a mail addresses validator that can tell back the visitor the exact nature of the anomaly. Furthermore, I don't want to use regular expressions, often reading bad things about them, and... not knowing how to use them.

So I show you candidly the code I wrote, for submission to the fire of your critics. It is not perfect: particularly in the management of the escapement.

Here you have:

<?php // testor_email_0.php

$testable_mail = html_entity_decode( $mail ) ;
$butee = strlen( $testable_mail ) ;
$aro_pos = strrpos( $testable_mail, $aro ) ;

$nout = array( "nom d'utilisateur", "user name" ) ;
$nodo = array( "nom de domaine", "domain name" ) ;
$car = array( "caractère", "character" ) ;
$et = "être" ;

if( ! $testable_mail )
$avertissement = array( "$viv $adel[$lang_index]", "$svps[$lang_index] include your $adel[$lang_index]" ) ;

else if ( $aro_pos === FALSE )
$avertissement = array( "Votre $adel[$lang_index] doit comporter une arobase", "Your $adel[$lang_index] must include the at sign" ) ;

else if ( $aro_pos == 0 )
$avertissement = array( "Votre $adel[$lang_index] doit comporter un $nout[$lang_index]", "Your $adel[$lang_index] must have a $nout[$lang_index]" ) ;

else if ( $aro_pos == $butee - 1 )
$avertissement = array( "Votre $adel[$lang_index] doit comporter un $nodo[$lang_index]", "Your $adel[$lang_index] must have a $nodo[$lang_index]" ) ;

else if( $testable_mail{0} == $dot )
$avertissement = array( "Un point ne peut pas débuter votre $adel[$lang_index]", "A dot cannot begin your $adel[$lang_index]" ) ;

else if( $testable_mail{$butee - 1} == $dot )
$avertissement = array( "Un point ne peut pas terminer votre $adel[$lang_index]", "A dot cannot end your $adel[$lang_index]" ) ;

else
{
$segments = explode( $dot, $testable_mail ) ;
foreach( $segments as $segment )
if( ! strlen( $segment ) )
{
$avertissement = array( "Deux points ne peuvent pas $et contigus dans votre $adel[$lang_index]", "Two dots can not be contiguous in your $adel[$lang_index]" ) ;
break ;
}

include_once "Data/hilite.php" ;
$numeri_cars = range( "0", "9" ) ;

if( ! $avertissement  ) include "testor_email_1.php" ;
if( ! $avertissement ) include "testor_email_2.php" ;
}

if( $avertissement ) $a_servir = "mail" ;

?>
<?php // testor_email_1.php

$testable_str = substr( $testable_mail, 0,  $aro_pos ) ;
$butee = strlen( $testable_str ) ;

$gui = '"' ;
$gui_nombre = substr_count( $testable_str, $gui ) ;
$dir = dir_extraire( __file__ ) ;

/* longueur maximum */

$max = 64 ;
if( $butee > $max )
$avertissement = array( "Le nombre de car[$lang_index]s de votre $nout[$lang_index] ne peut excéder $max", "The number of car[$lang_index]s in your $nout[$lang_index] can not exceed $max" ) ;


/* point a la fin  */

else if( $testable_str{ $butee - 1 } == $dot )
$avertissement = array( "Un point ne peut $et contigu à l'arobase", "A dot cannot be contiguous to the at sign" ) ;


/* guillemets */

else if( $gui_nombre )
include "$dir/testor_email_guillemets.php" ;


/* defaut */

else
{
$zauts_str = "!, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, }, ~, $dot" ;
$zauts_list = explode( $vs, $zauts_str ) ;
$valides = array_merge( $lettres, $numeri_cars, $zauts_list ) ;

for( $i = 0; $i < $butee; $i++ )
{
$ze_car = $testable_str{$i} ;
if( ! in_array( $ze_car, $valides ) )
{
$ze_car = hilite( $ze_car ) ;
$avertissement = array( "Le $car[$lang_index] $ze_car ne peut pas figurer dans votre $nout[$lang_index]", "The $car[$lang_index] $ze_car cannot appear in your $nout[$lang_index]" ) ;
break ;
}
}
}

?>
<?php // testor_email_guillemets.php

if( $gui_nombre == 1 )
$avertissement = array( "Les guillemets doivent  se présenter par paire dans votre $nout[$lang_index]", "The double-quotes must show by pair in your $nout[$lang_index]" ) ;

else if( $gui_nombre == 2 )
{
if( $testable_str{0} != $gui || $testable_str{ $butee - 1 } != $gui ) 
$avertissement = array( "Les guillemets doivent se présenter aux extrémités de votre $nout[$lang_index]", "The double-quotes must show at the ends of your $nout[$lang_index]" ) ;
}

else
$avertissement = array( "Votre $nout[$lang_index] ne peut pas avoir de guillemets ailleurs qu'aux deux extrémités", "Your $nout[$lang_index] cannot have double-quotes anywhere else but at both ends" ) ;

?>

<?php // testor_email_2.php

$testable_str = substr( $testable_mail, $aro_pos + 1 ) ;
$butee = strlen( $testable_str ) ;

$max = 255 ;
if( $butee > $max )
$avertissement = array( "Le nombre de $car[$lang_index]s de votre $nodo[$lang_index] ne peut excéder $max", "The number of $car[$lang_index]s in your $nodo[$lang_index] can not exceed $max" ) ;

else if( $testable_str{0} == $dot )
$avertissement = array( "Le premier $car[$lang_index] de votre $nodo[$lang_index] ne peut pas $et un point", "Your $nodo[$lang_index] can not begin with a dot" ) ;

else
{
$segments = explode( $dot, $testable_str ) ;
foreach( $segments as $segment )
{

$segment_len = strlen( $segment ) ;
$max = 63 ;
if( $segment_len > $max )
{
$avertissement = array( "Le nombre de $car[$lang_index]s entre deux points dans votre $nodo[$lang_index] ne peut excéder $max", "The number of $car[$lang_index]s between two dots in your $nodo[$lang_index] can not exceed $max" ) ;
break ;
}

$ze_car = $segment{0} ;
if( ! in_array( $ze_car, $lettres ) )
{
$ze_car = hilite( $ze_car ) ;
$avertissement = array( "Le $car[$lang_index] $ze_car ne peut pas figurer immédiatement après un point ou l'arobase dans le $nodo[$lang_index] de votre $adel[$lang_index]", "The $car[$lang_index] $ze_car cannot show just after a dot or the at sign in the $nodo[$lang_index] of your $adel[$lang_index]" ) ;
break ;
}

$valides = array_merge( $lettres, $numeri_cars ) ;
$ze_car = $segment{$segment_len-1} ;
if( ! in_array( $ze_car, $valides ) )
{
$ze_car = hilite( $ze_car ) ;
$avertissement = array( "Le $car[$lang_index] $ze_car ne peut figurer : ni immédiatement avant un point dans le, ni à la fin du, $nodo[$lang_index] de votre $adel[$lang_index]",  "The $car[$lang_index] $ze_car cannot show, neither just before a dot in, nor at the end of, the $nodo[$lang_index] of your $adel[$lang_index]" ) ;
break ;
}

$valides[] = $tiret ;
$butee = $segment_len - 1 ;
for( $i = 1; $i < $butee; $i++ )
{
$ze_car = $segment{$i} ;
if( ! in_array( $ze_car, $valides ) )
{
$ze_car = hilite( $ze_car ) ;
$avertissement = array( "Le $car[$lang_index] $ze_car ne peut pas figurer dans votre $nodo[$lang_index]", "The $car[$lang_index] $ze_car cannot appear in your $nodo[$lang_index]" ) ;
break 2 ;
}
}

}
}

if( ! $avertissement )
{
$dot_pos = strrpos( $testable_str, $dot ) ;
if( $dot_pos === FALSE )
$avertissement = array( "Veuillez indiquer un domaine de niveau supérieur à votre $adel[$lang_index]", "$svps[$lang_index] indicate a top level domain to your $adel[$lang_index]" ) ;

if( ! $avertissement )
{
$tld = substr( $testable_str, $dot_pos + 1 ) ;
include "../Data/tlds.php" ;
if( ! in_array( $tld, $tlds ) )
$avertissement = array( "Le domaine de niveau supérieur que vous avez indiqué ne figure pas dans notre liste de référence", "The top level domain you indicate is not in our list" ) ;

if( ! $avertissement && ! checkdnsrr( $testable_str ) && ! checkdnsrr( $testable_str, "A" ) )
$avertissement = array( "Le $nodo[$lang_index] que vous avez indiqué n'est pas reconnu par internet", "The $nodo[$lang_index] you indicate is not recognized by internet" ) ;

}
}

?>

Thank you for your contribution,

Sacapuss

I appreciate

Misafir's picture

I appreciate your efforts in producing a comprehensive email validation function for php.

Yet Another Email Address Validator

Dominic Sayers's picture

I've had a go at this too. One reason being that the code here is All Rights Reserved by Linux Journal, so I don't think you can use it in your project.

Here's my effort: RFC-compliant email address validator

I've done more checking of the domain part, particularly allowing the IP address format even though it's discouraged by the RFCs.

I believe my function respects RFCs 1123, 2396, 3696, 4291, 4343, 5321 & 5322. Please let me know if you find any problems with it.

PHP 4.0.0 Update

Archangel's picture

The line:

if (is_bool($atIndex) && !$atIndex) {

can now be updated to read:

if ($atIndex === false) {

This looks a little cleaner, but may be harder to read or confuse older PHP developers.

It can be better written this way:

John Kurlak's picture
<?php
# Offers methods for validating user input

class Validate
{
	static function email($email)
	{
		$isValid = true;
		$atIndex = strrpos($email, '@');

		if (is_bool($atIndex) && !$atIndex)
		{
			return false;
		}
		else
		{
			$domain = substr($email, $atIndex + 1);
			$local = substr($email, 0, $atIndex);
			$validLocalLength = Validate::length($local, 1, 64);
			$validDomainLength = Validate::length($domain, 1, 255);
			$validStartFinish = !($local[0] == '.' || $local[$localLen - 1] == '.');
			$validLocalDots = !preg_match('/\\.\\./', $local);
			$validDomainCharacters = preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain);
			$validDomainDots = !preg_match('/\\.\\./', $domain);
			$validLocalCharacters = !(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local)) && !preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local)));
			$validMailRecord = checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A');

			return $validLocalLength && $validDomainLength && $validStartFinish && $validLocalDots && $validDomainCharacters && $validDomainDots && $validLocalCharacters && $validMailRecord;
		}
	}

	static function length($input, $min, $max)
	{
		return isset($input[$min - 1]) && !isset($input[$max]);
	}
}
?>

fix

Anonymous's picture

Replace the line:
$validStartFinish = !($local[0] == '.' || $local[$localLen - 1] == '.');

with:
$validStartFinish = !($local[0] == '.' || $local[strlen($local) - 1] == '.');

since $localLen isn't defined

Failed Verification

Anonymous's picture

I like how you wrote the code: I did a test on the emails that were in the article and your script worked fine except it said the following emails where valid when they should have been invalid
dot.@example.com
Doug\ \"Ace\"\ L\.@example.com

function validEmail:

Anonymous's picture

I've also tried this function below to replace checkdnsrr because it doesn't work at all in windows, but still not working, page always keep on loading and nothing displayed:

function myCheckDNSRR($hostName, $recType = ''){
		if(!empty($hostName)) {
			if( $recType == '' ) $recType = "MX";
			exec("nslookup -type=$recType $hostName", $result);
			// check each line to find the one that starts with the host
			// name. If it exists then the function succeeded.
			foreach ($result as $line) {
				if(eregi("^$hostName",$line)) {
					return true;
				}
			}
			// otherwise there was no mail handler for the domain
			return false;
		}
		return false;
	}

This is from PHP Mail Validator

Mostaaf's picture

Hei Yo

validEmail not trapping invalid domains correctly

HeidiR's picture

I appreciate your efforts in producing a comprehensive email validation function for php. Unfortunately, when I tried to implement and test this function, it does not appear to invalid domains correctly. For example:

echo(_valid_email('autoit_heidi@yahoo.com')); (valid) Returns true
echo(_valid_email('autoit_heidi@yahoo.co')); (invalid domain) Returns true
echo(_valid_email('autoit_heidi@111111111111111111.com')); (invalid domain) Returns true

Is this the more current code?

quotation marks

Anonymous's picture

I used the functionality given in this article in a test case, and emails with quotation marks, with both embedded and without (the embedded ones had proper escape characters) both failed the verification standards...either there must be an update...or someone is lying

"abc@def"@example.com doesnt

Anonymous's picture

"abc@def"@example.com

doesnt work

and

"Fred \"quota\" Bloggs"@example.com

doesnt work...if its supposed to, why isnt it?

bump

Anonymous's picture

bump.

But seriously is this gonna get an update for the problem whereas the domain part of an email adress is not allowed to start with a number and yet the function allows it?

domains are allowed to start with a digit

Giuliano's picture

not sure exactly when they were allowed, but domains can start with a digit.

filter_var

Malaiac's picture

I suppose a simple
filter_var($email, FILTER_VALIDATE_EMAIL);
isn't enough ?

FILTER_VALIDATE_EMAIL

Anonymous's picture

I belive this function only work for php5 or above

filter_var isn't perfect either

Geoffrey Lee's picture

Yes, this function was introduced in PHP 5.2, and it isn't as comprehensive. A test of filter_var in PHP 5.3 gives:

All of these should succeed:
dclo@us.ibm.com is valid.
abc\@def@example.com is not valid.
abc\\@example.com is not valid.
Fred\ Bloggs@example.com is not valid.
Joe.\\Blow@example.com is not valid.
"Abc@def"@example.com is valid.
"Fred Bloggs"@example.com is valid.
customer/department=shipping@example.com is not valid.
$A12345@example.com is valid.
!def!xyz%abc@example.com is valid.
_somename@example.com is valid.
user+mailbox@example.com is valid.
peter.piper@example.com is valid.
Doug\ \"Ace\"\ Lovell@example.com is not valid.
"Doug \"Ace\" L."@example.com is not valid.

All of these should fail:
abc@def@example.com is not valid.
abc\\@def@example.com is not valid.
abc\@example.com is not valid.
@example.com is not valid.
doug@ is not valid.
"qu@example.com is not valid.
ote"@example.com is not valid.
.dot@example.com is not valid.
dot.@example.com is valid.
two..dot@example.com is valid.
"Doug "Ace" L."@example.com is not valid.
Doug\ \"Ace\"\ L\.@example.com is not valid.
hello world@example.com is not valid.
gatsby@f.sc.ot.t.f.i.tzg.era.l.d. is not valid.

The email validation is deficient.

25th jan 2010

andrew j.b.hastie's picture

when i use this email address facebook replies that it is invalid.can you provide me with a valid email address for facebook?

25th jan 2010

andrew j.b. hastie's picture

how do i make an email address not deficient?

Updates?

Matt Kantor's picture

I'd really like to see this article updated in response to some of these comments. Particularly, NOYB and the concerns about IP address domains (even if the given examples are incorrect).

Other updates I'd like to see include:

For now, I'm using your function with a few modifications (including implementing a "trust scale" of 0.0-1.0 instead of an absolute true/false), but my quest for One Email Validator to Rule Them All continues. It'd be awesome if we could somehow get to a point where we didn't need to send any annoying confirmation emails. All in all, great work.

Great code

Anonymous's picture

This is very nice routine once for all. Currently i m doing testing on window machine and windows doesnt support checkdnsrr function so i modify it following way to work with Window.

      /* Following code should be activated if hosting is on linux.
      if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
      {  // domain not found in DNS
         $isValid = false;
      }
      Following code should be activated if hosting is on windows. */
      if ($isValid && !(myCheckDNSRR($domain,"MX") || myCheckDNSRR($domain,"A")))
      {  // domain not found in DNS
         $isValid = false;
function myCheckDNSRR($hostName, $recType = '')
{
 if(!empty($hostName)) {
   if( $recType == '' ) $recType = "MX";
   exec("nslookup -type=$recType $hostName", $result);
   // check each line to find the one that starts with the host
   // name. If it exists then the function succeeded.
   foreach ($result as $line) {
     if(eregi("^$hostName",$line)) {
       return true;
     }
   }
   // otherwise there was no mail handler for the domain
   return false;
 }
 return false;
}

And please pardon my knowledge, I am very new in programming and just trying to play with it, its not my code i found from other places. But I thought it will help.

Thanks

3.4. Address Specification

Anonymous's picture

It was good for me to read about you wanna did this formal right once and for all. I really appreciate this. BUT. Let's take RFC8222 and checkout what exactly an adress is:

http://www.faqs.org/rfcs/rfc2822.html

3.4. Address Specification
Addresses occur in several message header fields to indicate senders
and recipients of messages. An address may either be an individual
mailbox, or a group of mailboxes.

address = mailbox / group

mailbox = name-addr / addr-spec

name-addr = [display-name] angle-addr

angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr

group = display-name ":" [mailbox-list / CFWS] ";"
[CFWS]

display-name = phrase

mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list

address-list = (address *("," address)) / obs-addr-list

So there I would really like to see you routine to be OK with this defitinion. For Example angle-addr as part of mailbox is not really supported. Your routine does not even check for the right mailbox definition in an address. I have not checked wether groups are. Isn't this the right place to look for the definition of an email-adress?

I think you are taking the

Giuliano's picture

I think you are taking the wrong section. What that seems to describe is the way addresses are written in headers and such.
That is something like:
Julius Caesar
What the article is about is the addr-spec, that is the part between angle brackets.

Validate an E-Mail Address with PHP... (Javascript version)

marsibigo's picture

Please replace:
1. strEmail[j] with strEmail.charAt(j)
2. local[0] with local.charAt(0)
3. local[localLen-1] with local.charAt(localLen-1)
4. domain[domainLen-1] with domain.charAt(domainLen-1)

because "strEmail[j]" did not work on ie.

Validate an E-Mail Address with PHP... (Javascript version)

marsibigo's picture
//NOTE: use this line code :
//                       strEmail= fixBackSlash(strEmail); 
//      only if email address come from a textbox (form);

function isValidEmail(strEmail)
{
	this.strrpos=function( haystack, needle, offset){
		// http://kevin.vanzonneveld.net
		// +   original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
		// *     example 1: strrpos('Kevin van Zonneveld', 'e');
		// *     returns 1: 16
	 
		var i = haystack.lastIndexOf( needle, offset ); // returns -1
		return i >= 0 ? i : false;
	}

	this.fixBackSlash=function(strEmail)
	{
		var strEmailTemp="";
		var isBackSlash = false;
		for(var j=0;j 64)
		{
			 // local part length exceeded
			 isValid = false;
		}
		else if (domainLen < 1 || domainLen > 255)
		{
			// domain part length exceeded
			isValid = false;
		}
		else if (local[0] == '.' || local[localLen-1] == '.')
		{
			// local part starts or ends with '.'
			isValid = false;
		}
		else if (local.match('\\.\\.'))
		{
			 // local part has two consecutive dots
			 isValid = false;
		}
		else if (!domain.match('^[A-Za-z0-9\\-\\.]+$')|| domain[domainLen-1] == '.')
		{
			// character not valid in domain part
			isValid = false;
		}
		else if (domain.match('\\.\\.'))
		{
			// domain part has two consecutive dots
			isValid = false;
		}
		else if(!localsave.match('^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$'))
		{
			// character not valid in local part unless 
			// local part is quoted
			if (!localsave.match('^"(\\\\"|[^"])+"$'))
			{
				isValid = false;
			}
		}
	}
	 return isValid;
}

Many other valid emails still fail

Dave's picture

Here's a few examples of valid email addresses that fail using this validator:

localhost
joe@localhost

ipv4
joe@123.456.7.89

ipv6
joe@2001:0db8::1428:57ab

Your Examples

Matt Kantor's picture

joe@123.456.7.89 is not valid, each byte of an IPv4 address can only range 0-255 decimal (and 456 is outside of this range).

Also, I didn't test your addresses, but the domains have to be registered, otherwise the DNS lookup (checkdnsrr) will fail.

Nice!

Marian M.Bida's picture

Excellent, I will use it in my systems.

Validate an E-Mail Address with PHP, the Right Way

herseybendevar's picture

thank you my page used..

JavaScript conversion...

AlexCox's picture

Hi!

I've found your PHP script very effective, so I tried to convert it to JavaScript to check an address before it's sent to the server and if necessary warn the user.

It was very easy even if I'm not an expert programmer, but I have some problems with the last "else if" statement, cause it misses the recognition of the following addresses: abc\@def@example.com, Fred\ Bloggs@example.com, Doug\ \"Ace\"\ Lovell@example.com, "Doug \"Ace\" L."@example.com, abc\@example.com (this should fail but it doesn't)

The code i used is:

else if (!local.replace("\\\\","").match(/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/))
{
// character not valid in local part unless
// local part is quoted
if (!local.match(/^"(\\\\"|[^"])+"$/))
{
isValid = false;
}
}

What I'm missing?
Thanks for any help!

Validate an E-Mail Address with PHP... (Javascript version)

marsibigo dope's picture
//NOTE: use this line code :
//                       strEmail= fixBackSlash(strEmail); 
//      only if email address come from a textbox (form);

function isValidEmail(strEmail)
{
	this.strrpos=function( haystack, needle, offset){
		// http://kevin.vanzonneveld.net
		// +   original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
		// *     example 1: strrpos('Kevin van Zonneveld', 'e');
		// *     returns 1: 16
	 
		var i = haystack.lastIndexOf( needle, offset ); // returns -1
		return i >= 0 ? i : false;
	}

	this.fixBackSlash=function(strEmail)
	{
		var strEmailTemp="";
		var isBackSlash = false;
		for(var j=0;j 64)
		{
			 // local part length exceeded
			 isValid = false;
		}
		else if (domainLen < 1 || domainLen > 255)
		{
			// domain part length exceeded
			isValid = false;
		}
		else if (local[0] == '.' || local[localLen-1] == '.')
		{
			// local part starts or ends with '.'
			isValid = false;
		}
		else if (local.match('\\.\\.'))
		{
			 // local part has two consecutive dots
			 isValid = false;
		}
		else if (!domain.match('^[A-Za-z0-9\\-\\.]+$')|| domain[domainLen-1] == '.')
		{
			// character not valid in domain part
			isValid = false;
		}
		else if (domain.match('\\.\\.'))
		{
			// domain part has two consecutive dots
			isValid = false;
		}
		else if(!localsave.match('^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$'))
		{
			// character not valid in local part unless 
			// local part is quoted
			if (!localsave.match('^"(\\\\"|[^"])+"$'))
			{
				isValid = false;
			}
		}
	}
	 return isValid;
}
Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix