Chapter #37. Don't Attempt to Validate Email Addresses
Your user is entering an email address and you're thinking about writing some code to validate it (check that it's in a sensible format and they haven't entered gibberish or mistyped it). Think again.
It used to be so simple to validate email addresses on the client side. A little bit of JavaScript was all it took to check that the domain was in the format:
user@domain.tld
If it didn't match this pattern, it wasn't a valid email and the user couldn't sign up. We used to only have a handful of top-level domains (TLDs). Now, we have over 1,000 TLDs, with more being added all the time:
stealthy+user@example.ninja
stealthy+user@example.ninja
holidays@.ws
email@www.co
website@email.website
The above addresses are all valid domains*, but the TLD list changes all the time, so good luck writing the JavaScript to validate them—there are too many edge cases.
The side effect of this is that any errors will prevent legitimate users from signing up or...