Email validation in PHP: well-formedness vs existence

As this post correctly points out, only checking if an email address is well-formed is not sufficient (especially if you check it against the RFC specification.. the PCRE regular expression for accomplish this task may be a real nightmare - see PHP Cookbook for instance). We should also check if the email address is active by querying its DNS server.

Although this approach could seem feasible and correct, I think that we should always ask if it's necessary first. For example, if a customer wants to download a document and the link for downloading that file will be provided via email, why in the world should he/she provide a false/incorrect email address? Again: if someone signs up to a social network and the platform send him/her a link to activate his/her account, why should he/she try to fake it? Simply put, sometimes there are situations in which we should trust user input (though we must always filter it, of course). Moreover, querying a DNS server on a busy production server may be even expensive than a simple regular expression.

Leave a Reply

Note: Only a member of this blog may post a comment.