I read an article the other day that briefly touched base on some common validation flaws in most modern websites, and I decided to do some research on it.

Turns out, MOST websites, and email providers (hotmail, yahoo) are being TOO STRICT with their validation.

–

In section 2.3.10 of RFC 2821

Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address.

In section 3.4.1 of RFC 2822 It goes into more detail as to what the user-interpreted string should be!

An addr-spec is a specific Internet identifier that contains a locally interpreted string followed by the at-sign character (“@”, ASCII value 64) followed by an Internet domain. The locally interpreted string is either a quoted-string or a dot-atom.

In section 3.2.4 of RFC 2822 And finnally, tells us that a dot-atom may include any of the following characters

$ & * – = ^ ` | ~ # % ‘ + / ? _ { }

In RFC 3696 It goes further to display a list of valid emails.

• “Abc\@def”@example.com
• “Fred Bloggs”@example.com
• “Joe\Blow”@example.com
• “Abc@def”@example.com
• customer/department=shipping@example.com
• $A12345@example.com
• !def!xyz%abc@example.com
• _somename@example.com

Now, My question to all you guys out there, how strict should I validate emails. According to the RCF? or according to the crowd. And what are the majority of people out there validating too?