[RFC] Simplify the Email Validator

[javiereguiluz]

Problem

• Validating email addresses is absurdly complex.
• We've received tens of issues in the past years about this validation.

Solution

• Let's simplify the email validator to just check that email addresses "look valid" using a good regexp.
• If you need to validate that the email is real, send a confirmation email (by the way, do you know any serious service which doesn't send a confirmation email after signing up?).

HTML5 Standard proposes this regexp to validate emails:

/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}
[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/

Proposal

• Update the regexp of the EmailValidator to use the HTML5 regexp
• Deprecate strict option
• Deprecate checkMX option
• Deprecate checkHost option

[Pierstoval]

IMO, the checkMX and checkHost should still be available and set to false by default. Some private companies / governments want to use these features so it could be good to keep them even if set to false by default.

[nicolas-grekas]

👍 but we should take care of BC breaks, that's the difficult part...

[egulias]

Hi there.
There are two things you should not use a RegExp for

• parsing HTML
• validating emails

That being said, of course HTML5 one will be "valid" for more of the cases. But, just as an example, that RegExp is saying that example.@example.com is valid, which is not. And of course you are not allowing UTF8 emails.
One of the issues, I guess, with the email validation in Symfony is the fact that Swiftmailer has not seen a release in a year and that the validation it uses conflicts with Symfony's one despite being the default email client. v6 of Swiftmailer was supposed to use the same validation than Symfony (it is integrated) but the project is a bit stale right now, correct?

[update] By the way, during the addition of the library, even the use of filter_var was removed in the simple option. Please see the thread #1581

However I do think that replacing the "non strict" with HTML5 regexp will be more useful than the one currently in use.
On checkMX and checkHost I agree with @Pierstoval

[dunglas]

Just my 2 cents. Use filter_var for the simple case and fix it upstream if applicable.

[patrick-mcdougle]

I personally think checkMX and checkHost should be kept as well.

[stof]

@dunglas fixing it upstream would take years to have a working validation with widespread adoption though (assuming we manage to make upstream change the validation rules of filter_var). And such changes would probably not even be backported to patch releases of previous PHP versions
And currently, filter_var rejects many valid emails (and accepts invalid ones), which is precisely why we stopped using it.

[ghost]

Please DO NOT try to filter email addresses. The only thing that would be good is to provide an interface to let the developer choose how to filter email addresses.

Similar discussion in FOSUserBundle: FriendsOfSymfony/FOSUserBundle#1923

Additionally we should add a warning on the documentation of Symfony about email address filtering and explain why it is complex.

Email validation is not recommended:
http://stackoverflow.com/questions/201323/using-a-regular-expression-to-validate-an-email-address/201378#201378

A valid regex for only one RFC (RFC 822) is crazy. And there are a lot more RFCs for valid email addresses. http://stackoverflow.com/a/13719870

[javiereguiluz]

Closing it because of the lack of recent activity and because it hasn't attracted enough attention from the community.