This is a post for IPv6 geeks and people who care about email address validation. That’s probably not you, so I’m warning you that it gets a bit nerdy below. YHBW.

People keep saying the IPv4 address space is going to run out Real Soon Now but it’s still the protocol you are using right now to connect to the internet. It’s still working. When I was at school many years ago, I was told that oil would probably run out before the year 2000. People who believed this started investing in Alternative Energy such as solar power, wind power and, least successful of all, wave power. Most of the early investors lost their money, I guess.

The Alternative Energy of the internet is IPv6. This is the solution that people designed when they first thought the IPv4 address space was in danger of running out. It’s still a minority sport even though your Windows PC has it installed and running. It’s talking this language to nobody though. Even if you have a few computers at your house, the router you use to network them together is still only talking IPv4.

IPv6 is there and it’s real. One day we might start using it. Until then it remains a laboratory curiosity.

But it’s a valid part of an email address. So if you want to validate somebody’s email address in your registration form you shouldn’t go rejecting jon.postel@[IPv6:1234::cdef] just because it doesn’t match the usual first.last@domain.com format. It’s a valid address. Check out RFC 5321 if you don’t believe me.

OK, let’s assume you actually clicked that link and read the RFC (I won’t tell if you don’t).

Now tell me whether this is a valid address: jon.postel@[IPv6:1111:2222:3333:4444:5555::7777:8888]

The answer according to the bible of SMTP is no. I quote the comments to the definition of ipv6-comp: “The “::” represents at least 2 16-bit groups of zeros. No more than 6 groups in addition to the “::” may be present.”

But let’s look at the bible of IPv6, RFC 4291: “The use of “::” indicates one or more groups of 16 bits of zeros.”

So RFC 4291 appears to disagree with RFC 5321. Thanks, IETF. Which should we use as our authority when validating email addresses? Perhaps RFC 5321 is documenting a special case of IPv6 that only applies to SMTP transactions. Hmmm.

Fortunately just when we feel like banging John Klensin’s head against RFC 4291 or (frankly) anything solid, along come Seiichi Kawamura and Masanobu Kawashima to our rescue. The brand-new RFC 5952 gives us clear guidelines about the use of the double colon in IPv6 addresses:

The symbol “::” MUST NOT be used to shorten just one 16-bit 0 field.

Phew. We have clarity at last.

Or do we?

Remember Jon Postel’s Robustness Principle? “Be conservative in what you do, be liberal in what you accept from others”. How might we apply that here? RFC 5952 still accepts the authority of RFC 4291. It is a recommendation for how IPv6 addresses might be standardised when written as text. The robustness principle would suggest we should ensure our own addresses conform to RFC 5952, but we should accept any addresses that conform to RFC 4291.

My conclusion is this: my own validator is_email() will accept as valid any address that conforms to RFC 4291 (even though that is contradicted by RFC 5321). It will raise a warning if the double colon elides only one zero group.

As a final personal note, I would say that an address of the format ::1111:2222:3333:4444:5555:6666:7777 is nonsense. It’s valid according to RFC 4291 but it contains 8 colons. That’s just silly. I think it’s clear that the only sensible use of the double colon is to elide two or more zero groups and I certainly agree with RFC 5952 that that should be the standard.

Quick links: Source code | Email address validators head-to-head

Thanks to my correspondent Michael Rushton for bringing my attention to this issue.

I’ve had a lot of correspondence about is_email(), the free PHP email address validation software that I maintain. The principle topics of debate were the edge cases where an email address is technically valid but extremely unlikely in the real world.

Examples of this sort of address would be “”@example.com or benedictXIII@va – the first because it doesn’t contain any text to identify the mailbox and the second because it’s at a Top Level Domain.

Both these addresses could exist but neither is likely to. If a user entered one of these addresses into your registration page it is much more likely to be a typo than a real address.

So in the first versions of is_email() I made the decision to call these address invalid because they were unlikely. It was this decision that generated most of the correspondence.

My learned correspondents were right. The purpose of is_email() is to determine whether an address is valid or not. It should not be rejecting valid addresses – this is the most common fault of other ways of validating email addresses.

But I wanted to identify unlikely addresses without declaring them invalid. For this reason I added a Warning feature to is_email(). Without losing any backward compatibility, I have enabled it to return a diagnostic code that identifies either the fault (if it’s invalid) or the reason it’s unlikely to be a real address (despite being valid).

This has allowed me to make it a true validator – it follows the RFCs as precisely as I can make it – without losing real-world usefulness.

is_email() version 2.1 was released yesterday. Try it. Let me know if it works for you.

Quick links: Source code | Email address validators head-to-head

I was turning a blind eye to the part of RFC5322 that allows you to put comments within an email address. But Cal H brought it up in an email so I had to bite the bullet.

On reflection I think this was worthwhile. The most common error in email address validators is that they reject valid addresses. This really annoys people who like to put a ‘+’ in their address and find they can’t because registration form won’t allow it.

Why do they like putting a ‘+’ in their address? Well it effectively tags the incoming email for you automatically. Mail sent to first.last+hello@example.com will go to the first.last mailbox, tagged with ‘hello’. GMail will do this for you – try it.

So that’s why I think it’s worth allowing comments. The next GMail might be able to do the same thing or something even more useful with comments:

first.last(notify IM)@example.com

Version 1.6 of my validator now passes all 222 unit tests. So does Cal’s. I see no reason why you wouldn’t use one of these in your project: they are free and they work. Why reinvent the wheel?

RFC nerd notes

Comments can contain folding white space and can be nested. This is the final nail in the coffin for regular expressions that claim to validate email address. Show me a regex that says this is a valid address:

first(Welcome to
 the (“wonderful” (!)) world
 of email)@example.com

A thank-you also to Paul Gregg who allowed me to add his validator to the head-to-head (and added mine to his page). He also provided some more unit tests.

Quick links: Source code | Email address validators head-to-head

The amazingly helpful Cal Henderson has nearly caught up in the arms race that is email address validation. After our latest round of discussions we disagree about only one of the 161 test cases in the test suite. Cal’s validator successfully validates all the test cases except that one (and he may be right about it -we’ll see).

I’ve released version 1.3 of my validator and you can download it with the test cases from Google Code.

RFC nerd notes

I had a lesson from Cal on Folding White Space. Who knew that you could have an email address that was split over several lines? Please don’t run out and try this – it’s strictly for completeness.

Secondly, all those validators out there that use RFC2822 as their authority: those are yesterday’s validators. All the cool kids are validating using RFC5322. It’s the latest thing.

Quick links: Source code | Email address validators head-to-head