https://github.com/NodeBB/NodeBB/issues/10173
Fake emails
-
Quick and simple bug in the emails. It appears that you can set a invalid email address while registering or editing by just adding a @ in the field, and its accepted.
-
@Kowlin just a side note, I always make sure I require email verification which seems to stop spoof email addresses at the point of registration.
-
We purposefully err on the side of accepting emails because running a regular expression to validate emails is ridiculously hard:
-
But atleast one thing is consistent, emails will always have a
@
and.
in them. Might be more helpful to do that then just@
to have a bigger safeguard to human failur. -
The idea is that rejecting emails outright serves no purpose besides being an annoying roadblock for a user upon registration.
If someone wants to put in a garbage email, they'll figure out a way, and on the other hand, throwing errors on legit signups increases barrier to entry.
-
As above, best way to validate is to force email validation.