Fake emails

Robert

Quick and simple bug in the emails. It appears that you can set a invalid email address while registering or editing by just adding a @ in the field, and its accepted.

Henry Wright

@Kowlin just a side note, I always make sure I require email verification which seems to stop spoof email addresses at the point of registration.

julian

We purposefully err on the side of accepting emails because running a regular expression to validate emails is ridiculously hard:

Robert

But atleast one thing is consistent, emails will always have a @ and . in them. Might be more helpful to do that then just @ to have a bigger safeguard to human failur.

julian

The idea is that rejecting emails outright serves no purpose besides being an annoying roadblock for a user upon registration.

If someone wants to put in a garbage email, they'll figure out a way, and on the other hand, throwing errors on legit signups increases barrier to entry.

a_5mith

As above, best way to validate is to force email validation.

Community

Fake emails

Suggested Topics

Can't save email

Unable to hide email for people who sign up with 'Social Authentication' plugin (Security)

NodeBB Notification Email Issue

Invalid email error when trying to reset password

hook: filter:user.create firing when email is not available.