Closed
Bug 3744
Opened 26 years ago
Closed 15 years ago
Must require email address to be syntactically valid
Categories
(MailNews Core :: Backend, defect)
MailNews Core
Backend
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 422814
People
(Reporter: phil, Unassigned)
References
(Depends on 1 open bug, )
Details
This is one of the "failing" items in the Good Netkeeping Seal of Approval (see
URL above). The user is allowed to enter a From address which is not
syntactically correct. We could fix this in preferences by preflighting the
email address the user typed. Or we could fix it at send-time in the "sanity
check" process for outgoing messages.
Reporter | ||
Updated•26 years ago
|
Assignee: ducarroz → alecf
Target Milestone: M6
Reporter | ||
Comment 1•26 years ago
|
||
I think this is best done as a prefs-validation thing, and since alecf has the
identity prefs for 5.0, reassigning to him for M6.
Updated•26 years ago
|
Status: NEW → ASSIGNED
Updated•26 years ago
|
Target Milestone: M6 → M8
Comment 2•26 years ago
|
||
minor, pushing to m8
Updated•26 years ago
|
Priority: P3 → P2
Comment 3•26 years ago
|
||
going on vacation, mass-moving these M8 bugs to M9
correcting platform to All since this appears to be cross platform.
Comment 5•26 years ago
|
||
moving low priority, high risk, and time-intensive bugs to M10
Updated•26 years ago
|
Target Milestone: M10 → M12
Updated•25 years ago
|
Component: Composition → Account Manager
Comment 8•25 years ago
|
||
Adding nbaca to Cc: list.
Comment 9•25 years ago
|
||
ok, I've fixed this in the wizard. I need to fix this in the account manager now
Comment 10•25 years ago
|
||
Build 2000010515M13: Linux/Redhat 6.0
I noticed that just entering "@" as the email address allowed me to progress.
Should the validation procedure be more rigorous?
Comment 11•25 years ago
|
||
ugh, yes, good catch :)
don't reopen this though, I'm checking in a fix right now.
Comment 12•25 years ago
|
||
oops, it's not marked fixed anyway
anyway, I fixed it so that you MUST have characters before and after the @.
There are still other non-rfc822 compliant e-mail addresses that can go here,b
ut this is good enough.
Comment 13•25 years ago
|
||
moving beacuse this isn't a beta blocker
Updated•25 years ago
|
Target Milestone: M14 → M15
Comment 14•25 years ago
|
||
another case found in the comments in bug
http://bugzilla.mozilla.org/show_bug.cgi?id=29270.
Comment 15•25 years ago
|
||
The right way to fix this is propably to create a nsIURI with it and prepended
"mailto:". See bug 32442 for that.
Updated•25 years ago
|
Target Milestone: M15 → M17
Comment 16•25 years ago
|
||
Minor UI fixups to M18. If this is incorrect, please adjust.
Target Milestone: M17 → M18
Comment 17•25 years ago
|
||
Adding dependency to bug 32442 "More checks for mailto URLs". Note, that
"syntactically correct" is a high bar (i.e. will take some time to implement
correctly). RFC822 knows *several* escape mechanisms.
Depends on: 32442
Reporter | ||
Comment 18•25 years ago
|
||
I recommend that we crawl, walk, run here. I definitely do not want to see us
put in something complicated which ends up having false hits (flagging addresses
as incorrect which are in fact correct). How about (strlen(address) > 2 &&
strchr('@',address) != nsnull).
If we decide to do something compicated, we'd better have some pretty good
tests, as we used to in addr.c/addrutil.cpp (I assume that still exists in
mozilla somewhere)
Comment 19•25 years ago
|
||
Phil, while I'd like to see a correct parser in Mozilla, I see, that there are
more important things to work on. As for the proposed algorithm, IIRC, the state
of bug 32442 is already better.
I suggest to fix this bug that way I suggested above (asking Necko via nsIURI,
which will take advantage for any code for 32442. The latter would block 12669 then.
Reporter | ||
Comment 20•25 years ago
|
||
Sorry, I should avoid suggesting specific algorithms. My real point is let's not
be overly aggressive and risk false hits. We did exactly that when we started
validating newsgroup names, and found that many people use newsgroup names which
are not strictly legal, so our well-intended code ended up breaking things which
used to work.
Comment 21•25 years ago
|
||
I like the idea of using necko for this though. Thanks for referencing that bug,
I didn't even realize there was mailto: validation going on.
Comment 22•25 years ago
|
||
This is a GNKSA MUST, adjusting SUMMARY.
Summary: Should validate user email address → Must validate user email address
Comment 23•25 years ago
|
||
Alec, do we need to fix more of this for this release, or do we have enough to
be sufficient for our RTM?
Comment 24•25 years ago
|
||
I think it's sufficient for RTM...
Comment 26•24 years ago
|
||
*** Bug 57036 has been marked as a duplicate of this bug. ***
Comment 27•24 years ago
|
||
massive reassign of account manager bugs -> sspitzer
please feel free to put me back on the CC if you have any questions/comments
Assignee: alecf → sspitzer
Status: ASSIGNED → NEW
Comment 28•24 years ago
|
||
mass re-assign of account manager bugs to racham.
Assignee: sspitzer → racham
Comment 29•24 years ago
|
||
I was just wondering about "local" users' e-mail addresses - can't they be
specified without an "@" symbol?
So you want an e-mail address format to be:
Pre-@ RFC 822 allowable chars (minimum of 1)
or
Pre-@ RFC 822 allowable chars followed by an @ followed by Post-@ RFC 822
allowed chars (i.e. allowable chars for a domain name)
Comment 30•24 years ago
|
||
The From address must be fully qualified, since it most likely will get sent
outside the local network. Dunno, if any spec requires this, but using "From:
ben" doesn't make much sense to me.
But this is actually a good point wrt the dependance of bug 12699, since "ben"
is a completely legal email address. So we'd probably need to do additional
checks here (or have modes (for local addressed allowed or not) in the generic
code). Although strictly not being sufficient, as a first implementation,
checking for validity (see bug 12699) *and* existance of "@" should be enough.
Comment 31•24 years ago
|
||
Ok, please remove that validation on the prefs menu. It is annoying.
Comment 32•24 years ago
|
||
Sorry, I meant on add account.
Comment 33•24 years ago
|
||
BTW: I believe some pop servers don't require an @ in the address. (Don't quote
me on this).
Reporter | ||
Comment 34•24 years ago
|
||
Removing address validation from our prefs (i.e. which would be used in the
From: header of an outgoing message) would be a mistake. This bug is for how
much, if at all, we improve on what's already there.
Comment 35•24 years ago
|
||
Agree with Phil. It is also a GNKSA requirement.
POP servers are irrelevant - they never see the address (apart from msg
contents, of course). It is only for From in outgoing msgs.
Why is it annoying?
Comment 36•24 years ago
|
||
Just when I feel like using MailNews the first time and don't feel like
entering in an account.
Comment 37•24 years ago
|
||
I want to type in fdfjdklafjdsafl for everything.
Reporter | ||
Comment 38•24 years ago
|
||
It should be possible to use mozilla mail/news without creating a valid account.
Dunno if that's possible now, but if it's not, it's a separate bug. It should
not be possible to create a mail account, or send a message, without having a
valid email address, including the '@' sign.
Updated•24 years ago
|
Summary: Must validate user email address → Must require email address to be syntactically valid
Comment 39•24 years ago
|
||
For contrast, see bug 88298, News requires a valid e-mail address.
Comment 40•24 years ago
|
||
I'm sorry, but this bug is the most ridiculous bug I've ever seen. The user
should be given the option to use whatever e-mail address he wants. Enforcing
valid e-mail addresses is up to the server handling the messages and any attempt
to control this in a browser will just make people switch to other mail/news
clients without these limitations. It is especially important that the
newsreader does not behave in this way (bug 29270). MailNews will never be able
to stop spammers from entering fake e-mail addresses - it just forces them to
format them properly.
Comment 41•24 years ago
|
||
> The user should be given the option to use whatever e-mail address he wants.
He has the option. He just has to enter an *email address*. ;-P
Other comments in bug 29270.
Comment 42•23 years ago
|
||
It should be possible to make a news account without an @ symbol for the email
address since the messages are posted to the news server regardless of emails.
It should also be possible to make an email account without the @ symbol if
there are any ways that people could send an email in an intranet, etc, without
a valid email address. I don't think that Mozilla should be a police force. One
simple warning with a little "Click here if you want to see this again" should
be sufficient.
Comment 43•23 years ago
|
||
The relevant internet standards (RFC 1036) require a From header with
the contents of "the electronic mailing address of the person who sent the
message, in the Internet syntax". Which means that it needs a fully
qualified domain name.
In this instance the GNKSA is simply checking/enforcing RFC compliance.
Comment 44•22 years ago
|
||
*** Bug 29497 has been marked as a duplicate of this bug. ***
Comment 46•21 years ago
|
||
If MailNews uses MAPI, sendmail, or equivalent, let them deal with validation.
They know best, after all, since they are the core mail facilities. A "From:"
of +17035551212 would be perfectly legal if the "To:" was +44567234523 and
some provider for international faxing was installed. Actually, a
syntactically valid RFC2822 address would be illegal in that case.
If MailNews does not use MAPI, then it should offer full RFC2822 support,
including in-address comments not SMTP'd, and *optionally* require
verification in the sanity check. Some option buried deep in preferences,
mangled so that John Q. Spammer can't automagically turn it on, and must do so
by hand, to say, "Yes I know my address isn't valid but let me send e-mail
anyway" would be the ticket. But it still should be "crawl walk run" if it
isn't in there yet.
And I would not recommend enforcing validation at first-run, as netdragon
seems to have issues with, but at send time, as part of the sanity check, as
PPeterson proposed.
Updated•20 years ago
|
Product: Browser → Seamonkey
Updated•20 years ago
|
Assignee: sspitzer → mail
Updated•16 years ago
|
Priority: P2 → --
QA Contact: nbaca
Target Milestone: Future → ---
Updated•16 years ago
|
Assignee: mail → nobody
Component: MailNews: Account Configuration → Backend
Product: SeaMonkey → MailNews Core
QA Contact: backend
Comment 47•16 years ago
|
||
<+44567234523@fax.example.com> or similar is legal and used by most services.
---
We're fixing this to some degree in the new account wizard, see bug 422814 comment 110.
Updated•16 years ago
|
Depends on: autoconfig
Comment 48•15 years ago
|
||
The main avenue to create accounts has been fixed by bug 422814. The new mail account wizard requires syntactically valid email addresses as your own address.
There are still other ways to configure your email address, e.g. the Account Settings and Identity edit dialog, as well as the old account wizard which is used for Movemail accounts. But I think we can consider this FIXED.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
No longer depends on: autoconfig
You need to log in
before you can comment on or make changes to this bug.
Description
•