1

We are using the following validation code to check for a valid email address formatting on a web form driving by Lotus Notes: 

@If((@ValidateInternetAddress([Address821]; @ThisValue)!="" 
| @Contains(@ThisValue; "\"") | @Contains(@ThisValue; "'") 
| @Contains(@ThisValue; " ")); "Please include a valid email address."; "");

Currently, if a user enters any of the following inputs, the verification throws the error message:

  • empty field
  • " ", ', or / character
  • the domain portion of the email: "test.com"
  • only @

However, if a user enters test@test the form validates this as a valid email address format.

Is this format considered to be a valid "Address821" format? Or is the form validating an incorrect format as a valid email address?

Richard Schwartz
  • 14,463
  • 2
  • 23
  • 41
amy_e_carrigan
  • 13
  • 5
  • I tested just the @ValidateInternetAddress function, and you are correct, "test@example" does return a blank string, which indicate a valid address. I looked at http://tools.ietf.org/html/rfc821 but can't find any specification of the address format. I would assume that there in theory could have been valid addresses using that format. RFC 821 has been replaced by RFC 2821, but I don't think the Notes Formula language been updated. – Karl-Henry Martinsson Sep 19 '12 at 21:13
  • I would use Javascript regexp to check the address instead, put it on the onBlur event of the field (as you said this is a web application). Even regexp is not 100% reliable, there are soem really unusual addresses out there, but you should be able to cover most cases. – Karl-Henry Martinsson Sep 19 '12 at 21:15
  • Unfortunately, we cannot introduce js into this legacy form. – amy_e_carrigan Sep 19 '12 at 21:41
  • This appears to be a problem with the @ValidateInternetAddress formula. See: http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b8525689b005ba1c0/7232a22922103cfe8525710f002fc3f6?OpenDocument&Highlight=0,%40validateinternetaddress and http://lekkimworld.com/2007/06/20/rfc821_address_functions_in_notes_are_they_working_properly.html – amy_e_carrigan Sep 19 '12 at 21:42
  • I guess that is a bug then. I don't think you can expect it to be fixed, but it might not hurt for you to submit a PMR. Why can't you introduce Javascript? Especially as you said this is a web form. Just add the code to onBlur and display a message to the user if the address is invlad. Not different from what you are trying to do with @Formula, just another language... – Karl-Henry Martinsson Sep 19 '12 at 21:46
  • According to the comments on Mikkel's blog, test@example is (technically) a valid address, per RFC 821... So you need to code around that. – Karl-Henry Martinsson Sep 19 '12 at 21:50
  • The address spec is actually in RFC5322 (which superseded the successor of the original 822; similarly 5321 is the current incarnation of 821). But it's complex and you need to grok the ABNF notation they use. See also http://ex-parrot.com/~pdw/Mail-RFC822-Address.html – tripleee Oct 08 '12 at 09:41

1 Answers1

1

Yes, it technically is valid address syntax, both by past and current standards.

The language in the RFC's has evolved over time:

RFC-821: 3.7. DOMAINS

Domains are a recently introduced concept in the ARPA Internet mail system. The use of domains changes the address space from a flat global space of simple character string host names to a hierarchically structured rooted tree of global addresses. The host name is replaced by a domain and host designator which is a sequence of domain element strings separated by periods with the understanding that the domain elements are ordered from the most specific to the most general.

This isn't very precise. It doesn't explicitly say that there must be more than one element in the domain name, but it doesn't explicitly prohibit it either. But this was obsoleted by:

RFC-2821: 2.3.5 Domain

A domain (or domain name) consists of one or more dot-separated
components. ... The domain name, as described in this document and in [22], is the entire, fully-qualified name (often referred to as an "FQDN"). A domain name that is not in FQDN form is no more than a local alias. Local aliases MUST NOT appear in any SMTP transaction.

This seems to be saying that it's illegal, but actually it isn't saying that. I'll explain below, but first let's have a look at the draft standard that is intended to obsolete 2821, and which clarifies things a great deal:

RFC-5321 2.3.5 Domain Names

A domain name (or often just a "domain") consists of one or more components, separated by dots if more than one appears. In the case of a top-level domain used by itself in an email address, a single string is used without any dots. This makes the requirement, described in more detail below, that only fully-qualified domain names appear in SMTP transactions on the public Internet, particularly important where top-level domains are involved. ... The domain name, as described in this document and in RFC 1035 [2], is the entire, fully-qualified name (often referred to as an "FQDN"). A domain name that is not in FQDN form is no more than a local alias. Local aliases MUST NOT appear in any SMTP transaction.

What this makes clear is that no dot is required in a domain name, as long as it is a top level domain.

@ValidateInternetAddress cannot reasonably know whether "test" is a valid top level domain. Even if IBM programmed in the list of approved public TLD's (which IMHO would be a bad idea since it can and does change), you can in fact set up a private TLD called "test" in your own DNS. That's not the same thing as a "local alias" which the standard does prohibit. There's no rule against actual TLDs.

And for that matter, it could even be a public TLD. Theoretically, the owner of a TLD could set up a mail server for the TLD. I.e., President@US, or Queen@UK. Not likely, but possible in those cases, but with all the new TLD's coming on line, I wouldn't be surprised if some of the registrars are using info@domain.

I guess theoretically @ValidateInternetAddress could make the DNS call to check whether it can resolve "test" as a TLD, but the doc for that function only says that it checks the syntax of the address, and the existence of the TLD is a semantic issue, not a syntax issue.

Richard Schwartz
  • 14,463
  • 2
  • 23
  • 41