I also reached out to them on Twitter but they directed me to this form. I followed up with them on Twitter with what happened in this screenshot but they are now ignoring me.

  • 48954246@lemmy.worldEnglish
    110·
    1 year ago

    The best way to validate an email address is to sent it an email validation link.

    Anything outside of that is a waste of effort.

  • Ratulf@feddit.deEnglish
    56·
    1 year ago

    If that’s their standard, you can probably just edit the html to make the login button active and then sign-in.

    • shastaxc@lemm.eeEnglish
      5·
      1 year ago

      It depends if they have backend validation on their API as well that has the same rules

  • tiredofsametab@kbin.social
    22·
    1 year ago

    I signed up to an insurance company here in Japan with first.last+something@domain.com and they later changed their rules and I couldn’t sign in at all. They told me to open a new account. I didn’t want to pay them once let alone twice. Never doing business with them again.

      • max@feddit.nlEnglish
        13·
        1 year ago

        Same. Nowadays I just use a catch-all email address. Companyname@domain.tld. Allows me to name, shame, and block the company that leaks my email address.

        • Syndic@feddit.deEnglish
          3·
          1 year ago

          I like to use the Gmail feature where you can add +randomstring to your email and it still gets to the regular email to sign up to random sites. But this way you can identify and block spam if that email get’s compromised. Technically this Google catch all feature also isn’t following the email standard but at least it’s useful.

          • nybble41@programming.devEnglish
            1·
            1 year ago

            In what sense do you think this isn’t following the email standard? The plus sign is a valid character in the local part, and the standard doesn’t say how it should be interpreted (it could be a significant part of the name; it’s not proper to strip it out) or preclude multiple addresses from delivering to the same mailbox.

            Unfortunately the feature is too well-known, and the mapping from the tagged address to the plain address is too transparent. Spammers will just remove the label. You need either a custom domain so you can use a different separator (‘+’ is the default but you can generally choose something else for your own server) or a way to generate random, opaque temporary addresses.

            If you want to talk about non-compliant address handing, aside from not accepting valid addresses, the one that always bothers me is sites that capitalize or lowercase the local part of the address. Domain names are not case-sensitive, but the local part is. Changing the case could result in non-delivery or delivery to the wrong mailbox. Most servers are case-insensitive but senders shouldn’t assume that is always true.

          • max@feddit.nlEnglish
            31·
            1 year ago

            Problem with that is that you can very easily strip off the + and any bit after it to get your “normal” email address. Then again, when they find out mine is a catch-all, they can spam me as well… I guess you never win.

  • diffusive@lemmy.worldEnglish
    9·
    1 year ago

    And this is one of the many reasons that these days I create a @duck.com email address for each website.

    My password manager (Bitwarden) happily generates for me both the mail and the password… now instead of having to look up for the unique password for each website I need to look for both the unique password and unique email 🤷

    Furthermore if they are incompetent enough to make shitty regexp they are for sure incompetent to keep their db safe from hacking/leaking… and I am fine with a duck.com address being locked, less so with my actual email address

    • laurelraven@lemmy.blahaj.zoneEnglish
      184·
      1 year ago

      That’s what it looks like to me too

      I could probably write a RegEx for email format validation that’s accurate, but why would I when there are ones already written and readily available that covers all possible legit variations on the standard? I never understood why people insist on writing their own (crap) RegEx for something with as many possible variations they can miss like email…

      And that one isn’t even a weird edge case! It’s a domain with a sub domain, if they can’t even cover that case then it’s an extra shitty RegEx

      • ShunkW@lemmy.worldEnglish
        93·
        1 year ago

        Let’s see your regex pattern that covers every possible valid email address and rejects all invalid then. It’s not remotely as easy as you’re making it out to be.

        Not saying this isn’t a shitty pattern, but you can’t make a claim like that.

        • laurelraven@lemmy.blahaj.zoneEnglish
          41·
          1 year ago

          What claim, that I probably could? I didn’t say anything at all about it being easy, it would be a pain in the ass and involve a lot of checking the RFC, but I could probably make one that accurately represents the spec if I wanted to take the time, and even then I’m not exactly confident I would hit every edge case.

          But why would I go to that hassle when there are well designed and vetted ones available?

          I believe you missed the point I was making

          • elephantium@lemmy.worldEnglish
            1·
            1 year ago

            when there are well designed and vetted ones available?

            I’m not convinced of this, tbh. IIRC the RFC can’t be described in a regex at all.

          • nybble41@programming.devEnglish
            2·
            1 year ago

            The full email address syntax described in the RFC cannot be precisely matched with a mere regular expression due to the support for nested comments. The need to track arbitrarily deep nesting state makes it a non-regular language.

            If you remove the comments first the remainder can be parsed with a very complex regex, but it will be about a kilobyte long.

    • jwt@programming.devEnglish
      661·
      1 year ago

      Probably, from what I can see the address in question isn’t really that exotic. but an email regex that validates 100% correctly is near impossible. And then you still don’t know if the email address actually exists.

      I’d just take the user at their word and send an email with an activation link to the address that was supplied. If the address is invalid, the mail won’t get delivered. No harm done.

      • Alexstarfire@lemmy.worldEnglish
        241·
        1 year ago

        Actually, one of our customers found out the hard way that there is harm in sending emails to invalid addresses. Too many kickbacks and cloud services think you’re a bot. Prevented the customer from being able to send emails for 24 hours.

        This is the result of them “requiring” an email for customers but entering a fake one if they didn’t want to provide their email, and then trying to send out an email to everyone.

        Our software has an option to disable that requirement but they didn’t want to use it because they wanted their staff to remember to ask for an email address. It was not a great setup but they only had themselves to blame.

        • jwt@programming.devEnglish
          18·
          1 year ago

          My guess is that would also occur with valid but non-existing e-mail addresses no? The regex would not be a remedy there anyway.

          Of course you should only use the supplied e-mail address for things like mass mailings once it has been verified (i.e. the activation link from within the mail was clicked)

          • Alexstarfire@lemmy.worldEnglish
            21·
            1 year ago

            That’s exactly what they did. They used something like noaddress@ourbusniess.com to get around the checks we had in place. I’ve intentionally been vague but most people will give their email address to our customers and won’t give a fake one. So under normal situations the amount of bounce backs would be minimal: fat fingering, hearing them incorrectly, or people misremembering their email. Not enough to worry about. Never thought we’d come across a customer intentionally putting in bad email addresses for documentation purposes. They could have just asked us to make the functionality they wanted.

        • rottingleaf@lemmy.zipEnglish
          301·
          1 year ago

          Personally I don’t think that sucks or is even wrong. Case-independent text processing is more cumbersome. ‘U’ and ‘u’ are two different symbols. And you have to make such rules for every language a part of your processing logic.

          If people can take case-dependence for passwords (or official letters and their school papers), then it’s also fine for email addresses.

          The actual problem is cultural, coming from DOS and Windows where many things are case-independent. It’s an acquired taste.

          • Redredme@lemmy.worldEnglish
            175·
            1 year ago

            Im with the earlier “yeah… No.”

            Because

            “If people can take case-dependence for passwords”

            They cant now do they ? If they could passwords would be a-okay and there wouldn’t be any need for stickies on monitors, password managers, biometrics, SSO, MFA and passwordless authentication.

            The dumbest idea in computing is assuming everyone is as smart as you.

            They aren’t. Why isn’t *nix any bigger? Here’s your answer. People are stupid.

            Why did IT only finally took off with windows 3.11? because people could understand that. Barely. Most of us where way to dumb for everything which came before.

            Why does ipv6 acception takes so long? Because people are stupid and don’t get it. Nobody really gets hex. So they just stay with what they can read and more or less get. Even the hardest part of ip4, subnetting, has an easy way out: just add 255.255.255.0 in there and it works. Doesnt work? Keep replacing 255 with zeros and eventually it will. Subnetting on ipv6? No idea. Let’s just disable ipv6 on the internal lan and leave everything on ipv4. Zero migration, zero risk, zero training needed.

            Why do so many companies only go half assed into cloud? Because they don’t get it.

            Powershell? Only half, a third even, of the admins truly get it.

            I could go on.

            Succes is build on simplicity.

            • rottingleaf@lemmy.zipEnglish
              61·
              1 year ago

              Oh, I like writing such rants too, so I’ll answer with lots of words.

              They cant now do they ? If they could passwords would be a-okay and there wouldn’t be any need for stickies on monitors, password managers, biometrics, SSO, MFA and passwordless authentication.

              Hardware tokens. With sufficient demand the scale would make them really cheap.

              It’s exactly because of having experience with making work the whole zoo that engineers don’t understand how much easier that would be for normies.

              The dumbest idea in computing is assuming everyone is as smart as you.

              Assuming that everyone is as dumb as me in areas where I’m dumb would also be a mistake.

              Why isn’t *nix any bigger? Here’s your answer. People are stupid.

              Because of oligopoly. People are not stupid, but they have priorities and they don’t have some of the knowledge we have. Also it doesn’t really have to be that big immediately, all in good time.

              Why did IT only finally took off with windows 3.11? because people could understand that. Barely. Most of us where way to dumb for everything which came before.

              Can’t comment on that, I was born in 1996.

              Why does ipv6 acception takes so long? Because people are stupid and don’t get it. Nobody really gets hex. So they just stay with what they can read and more or less get. Even the hardest part of ip4, subnetting, has an easy way out: just add 255.255.255.0 in there and it works. Doesnt work? Keep replacing 255 with zeros and eventually it will. Subnetting on ipv6? No idea. Let’s just disable ipv6 on the internal lan and leave everything on ipv4. Zero migration, zero risk, zero training needed.

              Because not everything supports it right, including some industrial equipment and network hardware, there may be new bugs in everything involved, the old ways work and it’s not just v4 with longer address, so people fear making mistakes in configuration.

              Why do so many companies only go half assed into cloud? Because they don’t get it.

              Now think about similar horrors in, say, piping in houses, or other construction stuff. Or cars. Or roads. Everything is half-assed. It’s normal.

              Powershell? Only half, a third even, of the admins truly get it.

              I kinda get it, but also hate it. Hard to read.

              In general:

              The most precious secret you can get from experience is that people are not stupid when they are given easy opportunity to try many things and choose what they like.

          • Natanael@slrpnk.netEnglish
            4·
            1 year ago

            But then you run into the issue of incredibly trivial impersonation on any email service which doesn’t reserve all variants of registered names

            • rottingleaf@lemmy.zipEnglish
              1·
              1 year ago

              Yes, email as it really exists kinda sucks, but the idea was nice. When it ran over UUCP, LOL.

          • dan@upvote.auEnglish
            11·
            1 year ago

            ‘U’ and ‘u’ are two different symbols. And you have to make such rules for every language a part of your processing logic.

            Unicode has standard rules for case folding, which includes the rules for all languages supported by Unicode. Case-insensitive comparisons in all good programming languages uses this data.

            Note that you can’t simply convert both strings to uppercase or lowercase to compare them, as then you’ll run into the Turkish i problem: https://haacked.com/archive/2012/07/05/turkish-i-problem-and-why-you-should-care.aspx/

            • rottingleaf@lemmy.zipEnglish
              4·
              1 year ago

              So good that we all use Unicode now. No CP1251, no ISO single-byte encodings, no Japanese encoding hell.

            • labsin@sh.itjust.worksEnglish
              41·
              1 year ago

              It’s that capitalization is language dependent, which email addresses shouldn’t be as I hope the rules for France shouldn’t be different than for Dutch. For instance é in Dutch is capitalized as E, but in French it is É. The eszett didn’t even have an official capital before 2017

              In most programming languages, case-insensitive string compare without specifying the culture became deprecated. It should imo only be used for fuzzy searching doubles, which you probably will do with ToUpper for performance reasons, or maybe some UI validation.

              • dan@upvote.auEnglish
                5·
                1 year ago

                For instance é in Dutch is capitalized as E, but in French it is É

                Sure, but we’re just talking about string comparison rules, and Unicode sees all three of those as being equal. For example, a search engine that uses proper case folding rules in its indexer should return results for “entrée” if you search for “entree”, “Čech” if you search for “cech”, etc.

                It should imo only be used for fuzzy searching doubles, which you probably will do with ToUpper

                You can’t just use ToUpper for comparisons due to issues like you mentioned, and the Turkish i problem. You need to do proper case-insensitive comparisons, which is where the Unicode case folding rules are used.

              • rottingleaf@lemmy.zipEnglish
                1·
                1 year ago

                offtopic: The eszett strictly speaking was a ligature for ‘sz’, which Hungarian orthography kinda preserved while for German the separated version is ‘ss’, and there’s plenty of such stuff in nature.

                In most programming languages, case-insensitive string compare without specifying the culture became deprecated. It should imo only be used for fuzzy searching doubles, which you probably will do with ToUpper on all four performance reasons, or maybe some UI validation.

                Thank you for saying that more clearly.

      • Echo Dot@feddit.ukEnglish
        201·
        1 year ago

        The best of validation is just to confirm that the email contains a @ and a . and if it does send it an email with a confirmation link.

        • __dev@lemmy.worldEnglish
          31·
          1 year ago

          TLDs are valid in emails, as are IP V6 addresses, so checking for a . is technically not correct. For example a@b and a@[IPv6:2001:db8::1] are both valid email addresses.

          • HotChickenFeet@sopuli.xyzEnglish
            251·
            1 year ago

            I feel like using a@[IPv6:2001:db8::1] is asking for trouble everywhere online.

            But its tempting to try out, not many people would expect this.

            • Crass Spektakel@lemmy.worldEnglish
              2·
              1 year ago

              try user@123.45.67.89.in-addr.arpa or user@d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa just for the giggles. Mix it with BANG-Adressing:

              123.45.67.89.in-addr.arpa!d.e.a.d.b.e.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.0.0.0.1.2.3.4.ip6.arpa!user

  • Matrim@lemmy.worldEnglish
    2516·
    1 year ago

    Burritos are easy to meal prep. Make your own shit and stop paying these clowns.

    • TheGreenGolem@lemm.eeEnglish
      81·
      1 year ago

      Could we please stop with this nonsense that “hey just make your own blahblah”.

      Yeah, when I have literally 10 minutes between meetings to stuff something into my mouth, I’ll sure start to prep my meal. And on weekends? Fuck that too, I just want to lay on my couch doing nothing. But certainly not my meal.