Your email address is invalid. Please enter a valid address.

Warning: This blogpost has been posted over two years ago. That is a long time in development-world! The story here may not be relevant, complete or secure. Code might not be complete or obsoleted, and even my current vision might have (completely) changed on the subject. So please do read further, but use it with caution.
Posted on 28 Dec 2009
Tagged with: [ email ]  [ validation

Error: Your email address is invalid.

Every time I see those or similar words when I fill out a registration form I start to cry a little. It’s not my email address that is invalid, it’s the websites email validation functionality and it’s a great and effective way to loose visitors and/or customers quickly.

Maybe the biggest problem with validation of user data is that not a lot of people ask the question: why are we validating this data for anyway? Do you want to validate an email address so you can send emails to the person? Is it because you don’t want people to apply multiple times? Do you want to check if somebody actually owns an specified email-address? All these questions cannot be answered by checking if an email address is syntactically correct. Even sending an activation email doesn’t say much. There are a lot for disposable email address providers (like mailinator etc) where you can receive such emails so the only thing you will know it that you have a lot of people in your userbase where you will never receive your email. Especially when you outsource mailings this can become costly as well.

So, what’s wrong with my address then?

There are a lot of tricks people nowadays perform to “protect” their email addresses. Spam filters are probably the most common one, but a lot of people use sub-addressing. Sub-addressing is a specific way to use different mailboxes in one account. For instance, i could have an email address like this:

jthijssen+discussiongroup1@example.org and jthijssen+discussiongroup2@example.org

Both will be send to the jthijssen account, but in 2 different mailboxes or directories. Some mailers like gmail will just send everything just as it was send without the + part. This would make it possible for me to use jthijssen+ebay@example.org, jthijssen+reddit@example.org, jthijssen+privatemail@example.org without any hassle. When somebody starts sending spam, i could easily detect which site is the bad guy and act accordingly (block everything from jthijssen+ebay for instance).

Now.. the catch is.. many.. way to many sites do not like me to add a + sign, or any other “tropical” character for that matter with no obvious reason except for stupidity. Not only is incorrect and bad behaviour, but the only thing you will loose are potential customers. A lot of people, including yours truly will not hesitate to go to another site and buy products there..

My advice on validating addresses: don’t.

As said, it’s far too difficult to validate them. There are so many catches that are well defined, yet complex (take a look at RFC 822, 2822, 3696, 5322 to name a few). Did you know that in some cases JTHIJSSEN@example.org and jthijssen@example.org are 2 different addresses? Or that "This is completely valid"@example.org is correct. Or even jthijssen (this is joshua thijssen's private emailbox)@example (not affiliated with example.com).org

Even if you are able to force users into your way of having an email address, you will still know nothing. Especially the larger user bases will have a very high rate of mickeymouse@disney.com or billgates@microsoft.com’s in them (and trust me, he isn’t visiting your site). Not only will it agitate your customers, it will only trick you into thinking you have a very solid email list.

Some sites will provide validation because they can catch typo’s. Sorry to say this: but you can’t. You can never validate if the local part of an email address is available (without sending authentication emails). You could theoretically check if the domain-part exists (is hotmail.com registered?), but that would take time and all typo-variations like htmail, hotmial etc also exists.

Even checking the TLD is not safe.. Mali has got the .ML tld, while the Netherlands are using .NL tld. Very close on the keyboard and they look also very similar (mysite.nl and mysite.ml).

A better way is to let the visitor typing in the address twice. From experience I know that a lot of people don’t check their list (let alone checking it twice), so letting the visitor typing it twice will catch typo’s many times.

So what to do then?

Registration onto your site should never be mandatory. It would only scare away visitors and unless you have a good reason it’s not very polite either. When you let users register (because they get extra benefits etc), let them register without too much mandatory data. Don’t make it mandatory to let them fill in their email address just because you can send them every month updates on your site and products. When customers are interested they will provide you their (correct) email address anyway and you will KNOW that those customers are sincerely interested in your site of products.

On e-commerce systems, if users want to buy products, there are better ways of checking their credibility then an email address. A lot of my friends only have an hotmail address, which is banned on some sites. There are a lot of other (and better) sites for getting a free and disposable email address and by the time you have entered one into your filter, 10 more already are born..

In conclusion: don’t think you can outsmart your visitors. When they really want to enter your site or register with a false email address, they can do it and in the end you will only hurt your “normal” user base. When you need to: ask for their address, not force them into handing over something that you would like to hear, which is probably never the truth anyway..