1577

I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.

you are viewing a single comment's thread
view the rest of the comments
[-] jwt@programming.dev 71 points 11 months ago

Probably, from what I can see the address in question isn't really that exotic. but an email regex that validates 100% correctly is near impossible. And then you still don't know if the email address actually exists.

I'd just take the user at their word and send an email with an activation link to the address that was supplied. If the address is invalid, the mail won't get delivered. No harm done.

[-] Alexstarfire@lemmy.world 25 points 11 months ago

Actually, one of our customers found out the hard way that there is harm in sending emails to invalid addresses. Too many kickbacks and cloud services think you're a bot. Prevented the customer from being able to send emails for 24 hours.

This is the result of them "requiring" an email for customers but entering a fake one if they didn't want to provide their email, and then trying to send out an email to everyone.

Our software has an option to disable that requirement but they didn't want to use it because they wanted their staff to remember to ask for an email address. It was not a great setup but they only had themselves to blame.

[-] jwt@programming.dev 19 points 11 months ago

My guess is that would also occur with valid but non-existing e-mail addresses no? The regex would not be a remedy there anyway.

Of course you should only use the supplied e-mail address for things like mass mailings once it has been verified (i.e. the activation link from within the mail was clicked)

[-] Alexstarfire@lemmy.world 2 points 11 months ago

That's exactly what they did. They used something like noaddress@ourbusniess.com to get around the checks we had in place. I've intentionally been vague but most people will give their email address to our customers and won't give a fake one. So under normal situations the amount of bounce backs would be minimal: fat fingering, hearing them incorrectly, or people misremembering their email. Not enough to worry about. Never thought we'd come across a customer intentionally putting in bad email addresses for documentation purposes. They could have just asked us to make the functionality they wanted.

[-] FreeFacts@lemmy.world 19 points 11 months ago* (last edited 11 months ago)

Email standard sucks anyway. By the official standard, User@email.com and user@email.com should be treated as separate users...

[-] rottingleaf@lemmy.zip 31 points 11 months ago

Personally I don't think that sucks or is even wrong. Case-independent text processing is more cumbersome. 'U' and 'u' are two different symbols. And you have to make such rules for every language a part of your processing logic.

If people can take case-dependence for passwords (or official letters and their school papers), then it's also fine for email addresses.

The actual problem is cultural, coming from DOS and Windows where many things are case-independent. It's an acquired taste.

[-] Redredme@lemmy.world 13 points 11 months ago

Im with the earlier "yeah.. No."

Because

"If people can take case-dependence for passwords"

They cant now do they ? If they could passwords would be a-okay and there wouldn't be any need for stickies on monitors, password managers, biometrics, SSO, MFA and passwordless authentication.

The dumbest idea in computing is assuming everyone is as smart as you.

They aren't. Why isn't *nix any bigger? Here's your answer. People are stupid.

Why did IT only finally took off with windows 3.11? because people could understand that. Barely. Most of us where way to dumb for everything which came before.

Why does ipv6 acception takes so long? Because people are stupid and don't get it. Nobody really gets hex. So they just stay with what they can read and more or less get. Even the hardest part of ip4, subnetting, has an easy way out: just add 255.255.255.0 in there and it works. Doesnt work? Keep replacing 255 with zeros and eventually it will. Subnetting on ipv6? No idea. Let's just disable ipv6 on the internal lan and leave everything on ipv4. Zero migration, zero risk, zero training needed.

Why do so many companies only go half assed into cloud? Because they don't get it.

Powershell? Only half, a third even, of the admins truly get it.

I could go on.

Succes is build on simplicity.

[-] rottingleaf@lemmy.zip 5 points 11 months ago

Oh, I like writing such rants too, so I'll answer with lots of words.

They cant now do they ? If they could passwords would be a-okay and there wouldn’t be any need for stickies on monitors, password managers, biometrics, SSO, MFA and passwordless authentication.

Hardware tokens. With sufficient demand the scale would make them really cheap.

It's exactly because of having experience with making work the whole zoo that engineers don't understand how much easier that would be for normies.

The dumbest idea in computing is assuming everyone is as smart as you.

Assuming that everyone is as dumb as me in areas where I'm dumb would also be a mistake.

Why isn’t *nix any bigger? Here’s your answer. People are stupid.

Because of oligopoly. People are not stupid, but they have priorities and they don't have some of the knowledge we have. Also it doesn't really have to be that big immediately, all in good time.

Why did IT only finally took off with windows 3.11? because people could understand that. Barely. Most of us where way to dumb for everything which came before.

Can't comment on that, I was born in 1996.

Why does ipv6 acception takes so long? Because people are stupid and don’t get it. Nobody really gets hex. So they just stay with what they can read and more or less get. Even the hardest part of ip4, subnetting, has an easy way out: just add 255.255.255.0 in there and it works. Doesnt work? Keep replacing 255 with zeros and eventually it will. Subnetting on ipv6? No idea. Let’s just disable ipv6 on the internal lan and leave everything on ipv4. Zero migration, zero risk, zero training needed.

Because not everything supports it right, including some industrial equipment and network hardware, there may be new bugs in everything involved, the old ways work and it's not just v4 with longer address, so people fear making mistakes in configuration.

Why do so many companies only go half assed into cloud? Because they don’t get it.

Now think about similar horrors in, say, piping in houses, or other construction stuff. Or cars. Or roads. Everything is half-assed. It's normal.

Powershell? Only half, a third even, of the admins truly get it.

I kinda get it, but also hate it. Hard to read.

In general:

The most precious secret you can get from experience is that people are not stupid when they are given easy opportunity to try many things and choose what they like.

[-] dan@upvote.au 12 points 11 months ago* (last edited 11 months ago)

'U' and 'u' are two different symbols. And you have to make such rules for every language a part of your processing logic.

Unicode has standard rules for case folding, which includes the rules for all languages supported by Unicode. Case-insensitive comparisons in all good programming languages uses this data.

Note that you can't simply convert both strings to uppercase or lowercase to compare them, as then you'll run into the Turkish i problem: https://haacked.com/archive/2012/07/05/turkish-i-problem-and-why-you-should-care.aspx/

[-] rottingleaf@lemmy.zip 5 points 11 months ago

So good that we all use Unicode now. No CP1251, no ISO single-byte encodings, no Japanese encoding hell.

[-] sukhmel@programming.dev 2 points 11 months ago

Yeah, living in 2123 sure is good

[-] labsin@sh.itjust.works 3 points 11 months ago* (last edited 11 months ago)

It's that capitalization is language dependent, which email addresses shouldn't be as I hope the rules for France shouldn't be different than for Dutch. For instance é in Dutch is capitalized as E, but in French it is É. The eszett didn't even have an official capital before 2017

In most programming languages, case-insensitive string compare without specifying the culture became deprecated. It should imo only be used for fuzzy searching doubles, which you probably will do with ToUpper for performance reasons, or maybe some UI validation.

[-] dan@upvote.au 5 points 11 months ago* (last edited 11 months ago)

For instance é in Dutch is capitalized as E, but in French it is É

Sure, but we're just talking about string comparison rules, and Unicode sees all three of those as being equal. For example, a search engine that uses proper case folding rules in its indexer should return results for "entrée" if you search for "entree", "Čech" if you search for "cech", etc.

It should imo only be used for fuzzy searching doubles, which you probably will do with ToUpper

You can't just use ToUpper for comparisons due to issues like you mentioned, and the Turkish i problem. You need to do proper case-insensitive comparisons, which is where the Unicode case folding rules are used.

[-] rottingleaf@lemmy.zip 1 points 11 months ago

offtopic: The eszett strictly speaking was a ligature for 'sz', which Hungarian orthography kinda preserved while for German the separated version is 'ss', and there's plenty of such stuff in nature.

In most programming languages, case-insensitive string compare without specifying the culture became deprecated. It should imo only be used for fuzzy searching doubles, which you probably will do with ToUpper on all four performance reasons, or maybe some UI validation.

Thank you for saying that more clearly.

[-] Natanael@slrpnk.net 4 points 11 months ago

But then you run into the issue of incredibly trivial impersonation on any email service which doesn't reserve all variants of registered names

[-] rottingleaf@lemmy.zip 1 points 11 months ago

Yes, email as it really exists kinda sucks, but the idea was nice. When it ran over UUCP, LOL.

[-] sukhmel@programming.dev 1 points 11 months ago

I know at least one bank that has case-insensitive password in their app 🌚

[-] rottingleaf@lemmy.zip 2 points 11 months ago

Life being scary is not news to me

[-] Evotech@lemmy.world 6 points 11 months ago

Yeah, no

Sometimes standards are wrong lol

[-] echodot@feddit.uk 19 points 11 months ago

The best of validation is just to confirm that the email contains a @ and a . and if it does send it an email with a confirmation link.

[-] __dev@lemmy.world 33 points 11 months ago

TLDs are valid in emails, as are IP V6 addresses, so checking for a . is technically not correct. For example a@b and a@[IPv6:2001:db8::1] are both valid email addresses.

[-] HotChickenFeet@sopuli.xyz 26 points 11 months ago

I feel like using a@[IPv6:2001:db8::1] is asking for trouble everywhere online.

But its tempting to try out, not many people would expect this.

[-] Crass_Spektakel@lemmy.world 2 points 11 months ago

try user@123.45.67.89.in-addr.arpa or user@d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa just for the giggles. Mix it with BANG-Adressing:

123.45.67.89.in-addr.arpa!d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa!user

[-] willis936@lemmy.world 13 points 11 months ago

Jeez and I feel like I'm tempting fate just by using a custom domain.

[-] JackbyDev@programming.dev 1 points 11 months ago
[-] PoolloverNathan@programming.dev 3 points 11 months ago

TLDs could theoretically have MX records too! Email addresses as specified also support IPv6 addresses! The regex would need to be .+@.+ and at this point it's probably easier to just send an email.

[-] JackbyDev@programming.dev 2 points 11 months ago

I'm with you, and I agree that is technically correct, but I believe the sheer number of people who might accidentally write "gmail" instead of "gmail.com" compared to people using an IPv6 address (seems like a spam bot) or using a TLD like "admin@com" make requiring the dot worthwhile.

[-] PoolloverNathan@programming.dev 4 points 11 months ago* (last edited 11 months ago)

That's why I have an "allow anyway" button for addresses that look misspelled but are still technically valid.

Edit: believe it or not, that was a typo.

this post was submitted on 15 Dec 2023
1577 points (99.1% liked)

Mildly Infuriating

35455 readers
148 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago
MODERATORS