我不是在问完整的电子邮件验证。
我只想知道电子邮件地址的 user-name 和 server 部分允许使用哪些字符。这可能过于简单化,也许电子邮件地址可以采用其他形式,但我不在乎。我只询问这个简单的形式: user-name@server (例如 [电子邮件受保护])以及两个部分中允许的字符。
I'm not asking about full email validation.
I just want to know what are allowed characters in user-name and server parts of email address. This may be oversimplified, maybe email adresses can take other forms, but I don't care. I'm asking about only this simple form: user-name@server (e.g. [email protected]) and allowed characters in both parts.
发布评论
评论(18)
请参阅 RFC 5322:互联网消息格式,并在较小程度上查看RFC 5321:简单邮件传输协议。
RFC 822 也涵盖了电子邮件地址,但它主要处理其结构:
其中
atom和word被定义为像往常一样,维基百科有一个不错的有关电子邮件地址的文章:
> 自 2012 年起您可以使用国际上述字符
U+007F,编码为 UTF-8,如 RFC 6532 规范 并在 维基百科。请注意,截至 2019 年,这些标准仍标记为“提议”,但正在缓慢推出。此规范中的更改本质上添加了国际字符作为有效的字母数字字符(atext),而不影响允许的规则受限制的特殊字符,例如!#和@:。有关验证,请参阅使用正则表达式验证电子邮件地址< /a>.
domain部分定义如下:See RFC 5322: Internet Message Format and, to a lesser extent, RFC 5321: Simple Mail Transfer Protocol.
RFC 822 also covers email addresses, but it deals mostly with its structure:
where an
atomandwordare defined asAnd as usual, Wikipedia has a decent article on email addresses:
In addition to ASCII characters, as of 2012 you can use international characters above
U+007F, encoded as UTF-8 as described in the RFC 6532 spec and explained on Wikipedia. Note that as of 2019, these standards are still marked as Proposed, but are being rolled out slowly. The changes in this spec essentially added international characters as valid alphanumeric characters (atext) without affecting the rules on allowed & restricted special characters like!#and@:.For validation, see Using a regular expression to validate an email address.
The
domainpart is defined as follows:当心!这个线程中有很多知识腐烂(过去是正确的但现在不是)。
为了避免当前和未来世界以及世界任何地方的实际电子邮件地址被误报拒绝,您至少需要了解 RFC 3490,“应用程序中的国际化域名 (IDNA)”。我知道美国和美国的人们通常不了解这一点,但它已经在世界各地(主要是非英语占主导地位的地区)广泛且迅速增加使用。
要点是,您现在可以使用 mason@日本.com 和 wildwezyr@fahrvergnügen.net 等地址。不,这还不能与现有的所有内容兼容(正如上面许多人所感叹的那样,即使是简单的 qmail 风格的 +ident 地址也经常被错误地拒绝)。但是有一个 RFC,有一个规范,它现在得到了 IETF 和 ICANN 的支持,而且更重要的是,有大量且不断增长的实现支持当前正在使用的这种改进。
我自己对这一发展了解不多,直到我搬回日本并开始看到像 hei@やる.ca 这样的电子邮件地址和这样的亚马逊 URL:
http://www.amazon.co.jp/erekutoronikusu-dejiジタルカメラ-ポータブルオーディオ/b/ref=topnav_storetab_e?ie =UTF8&node=3210981
我知道您不希望链接到规范,但如果您仅依赖互联网论坛上黑客的过时知识,您的电子邮件验证器最终将拒绝非英语的电子邮件地址-会说话的用户越来越期望能够工作。对于这些用户来说,这种验证就像我们都讨厌的常见的脑死亡形式一样令人讨厌,这种形式无法处理 + 或三部分域名或其他任何内容。
所以我并不是说这不麻烦,而是“在某些/任何/无条件下允许”的完整字符列表是(几乎)所有语言中的所有字符。如果您想“接受所有有效的电子邮件地址(以及许多无效的电子邮件地址)”,那么您必须考虑 IDN,这基本上使得基于字符的方法毫无用处(抱歉),除非您首先 转换国际化电子邮件地址(自 2015 年 9 月起已停止使用,曾经是 像这样 - 一个可行的替代方案是 此处)到 Punycode。
完成此操作后,您可以遵循上面的(大部分)建议。
Watch out! There is a bunch of knowledge rot in this thread (stuff that used to be true and now isn't).
To avoid false-positive rejections of actual email addresses in the current and future world, and from anywhere in the world, you need to know at least the high-level concept of RFC 3490, "Internationalizing Domain Names in Applications (IDNA)". I know folks in US and A often aren't up on this, but it's already in widespread and rapidly increasing use around the world (mainly the non-English dominated parts).
The gist is that you can now use addresses like mason@日本.com and wildwezyr@fahrvergnügen.net. No, this isn't yet compatible with everything out there (as many have lamented above, even simple qmail-style +ident addresses are often wrongly rejected). But there is an RFC, there's a spec, it's now backed by the IETF and ICANN, and--more importantly--there's a large and growing number of implementations supporting this improvement that are currently in service.
I didn't know much about this development myself until I moved back to Japan and started seeing email addresses like hei@やる.ca and Amazon URLs like this:
http://www.amazon.co.jp/エレクトロニクス-デジタルカメラ-ポータブルオーディオ/b/ref=topnav_storetab_e?ie=UTF8&node=3210981
I know you don't want links to specs, but if you rely solely on the outdated knowledge of hackers on Internet forums, your email validator will end up rejecting email addresses that non-English-speaking users increasingly expect to work. For those users, such validation will be just as annoying as the commonplace brain-dead form that we all hate, the one that can't handle a + or a three-part domain name or whatever.
So I'm not saying it's not a hassle, but the full list of characters "allowed under some/any/none conditions" is (nearly) all characters in all languages. If you want to "accept all valid email addresses (and many invalid too)" then you have to take IDN into account, which basically makes a character-based approach useless (sorry), unless you first convert the internationalized email addresses (dead since September 2015, used to be like this—a working alternative is here) to Punycode.
After doing that you can follow (most of) the advice above.
电子邮件地址的格式为:
local-part@domain-part(最多 64@255 个字符,总共不超过 256 个字符)。local-part和domain-part可以有不同的允许字符集,但这还不是全部,因为还有更多规则。一般来说,本地部分可以包含以下 ASCII 字符:
abcdefghijklmnopqrstuvwxyz,ABCDEFGHIJKLMNOPQRSTUVWXYZ,0123456789,!#$%&'*+-/=?^_`{|}~,.(不是第一个或最后一个字符,也不是重复的,除非引用)、"(),:;<>@[\](有一些限制)、()(允许在括号内,例如(评论)[电子邮件受保护]/域部分:
abcdefghijklmnopqrstuvwxyz,ABCDEFGHIJKLMNOPQRSTUVWXYZ,0123456789,-< code>(不是第一个或最后一个字符),jsmith@[192.168.2.1]或jsmith@[IPv6:2001:db8::1]< /代码>。这些电子邮件地址有效:
[电子邮件受保护]< /code>[电子邮件受保护][电子邮件受保护][电子邮件受保护][电子邮件受保护](一个字母的本地部分)“much.more异常”@ example.com"[电子邮件受保护]" @example.com"very.(),:;<>[]\".VERY.\"very@\ \"very\".unusual"@strange.example.com< /code>[电子邮件受保护]<#!$%&'*+-/=?^_`{}|[电子邮件受保护]"()<>[]:,;@\ \"!#$%&'-/=?^_`{}| ~.a"@example.org" "@example.org(引号之间有空格)example@localhost(从 localhost 发送)< a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="95f0edf4f8e5f9f0d5e6bbe6faf9e0e1fcfafbe6">[电子邮件受保护](请参阅 互联网顶级域列表)user@comuser@localserver< /code>user@[IPv6:2001:db8::1]这些无效示例:
Abc.example.com(没有@字符)A@b@[电子邮件受保护](引号外只允许有一个@)a"b(c)d,e:f;gi[j\k][email protected](此本地部分中的特殊字符不允许在引号之外)just"not"[电子邮件受保护](引用的字符串必须点分隔或构成本地部分的唯一元素)this is"not\ [电子邮件受保护](空格、引号和反斜杠仅在带引号的字符串内且前面有反斜杠时才存在)this\ still\"not\[email受保护](即使转义(前面有反斜杠)、空格、引号、并且反斜杠仍必须包含在引号中)[电子邮件受保护](@之前的双点); (需要注意的是:Gmail 允许此操作)[电子邮件受保护](@后的双点)来源:维基百科上的电子邮件地址
Perl 的 RFC2822 正则表达式 用于验证电子邮件:
另请参阅:PHP 中的 RFC 822 电子邮件地址解析器。
电子邮件地址的正式定义位于:
相关:
The format of e-mail address is:
local-part@domain-part(max. 64@255 characters, no more 256 in total).The
local-partanddomain-partcould have different set of permitted characters, but that's not all, as there are more rules to it.In general, the local part can have these ASCII characters:
abcdefghijklmnopqrstuvwxyz,ABCDEFGHIJKLMNOPQRSTUVWXYZ,0123456789,!#$%&'*+-/=?^_`{|}~,.(not first or last character or repeated unless quoted),"(),:;<>@[\](with some restrictions),()(are allowed within parentheses, e.g.(comment)[email protected]).Domain part:
abcdefghijklmnopqrstuvwxyz,ABCDEFGHIJKLMNOPQRSTUVWXYZ,0123456789,-(not first or last character),jsmith@[192.168.2.1]orjsmith@[IPv6:2001:db8::1].These e-mail addresses are valid:
[email protected][email protected][email protected][email protected][email protected](one-letter local part)"much.more unusual"@example.com"[email protected]"@example.com"very.(),:;<>[]\".VERY.\"very@\ \"very\".unusual"@strange.example.com[email protected]admin@mailserver1(local domain name with no top-level domain)#!$%&'*+-/=?^_`{}|[email protected]"()<>[]:,;@\\"!#$%&'-/=?^_`{}| ~.a"@example.org" "@example.org(space between the quotes)example@localhost(sent from localhost)[email protected](see the List of Internet top-level domains)user@comuser@localserveruser@[IPv6:2001:db8::1]And these examples of invalid:
Abc.example.com(no@character)A@b@[email protected](only one@is allowed outside quotation marks)a"b(c)d,e:f;gi[j\k][email protected](none of the special characters in this local part are allowed outside quotation marks)just"not"[email protected](quoted strings must be dot separated or the only element making up the local part)this is"not\[email protected](spaces, quotes, and backslashes may only exist when within quoted strings and preceded by a backslash)this\ still\"not\[email protected](even if escaped (preceded by a backslash), spaces, quotes, and backslashes must still be contained by quotes)[email protected](double dot before@); (with caveat: Gmail lets this through)[email protected](double dot after@)Source: Email address at Wikipedia
Perl's RFC2822 regex for validating emails:
See also: RFC 822 Email Address Parser in PHP.
The formal definitions of e-mail addresses are in:
Related:
维基百科对此有一篇很好的文章,并且 官方规范在这里。来自维基百科:
Wikipedia has a good article on this, and the official spec is here. From Wikipdia:
接受的答案在讨论电子邮件地址的有效本地部分时引用了维基百科文章,但维基百科并不是这方面的权威。
IETF RFC 3696是此事的权威,并且应该请参阅第 3 节。第 5 页上的电子邮件地址限制:
正如其他人所做的那样,我提交了一个适用于 PHP 和 JavaScript 的正则表达式来验证电子邮件地址:
The accepted answer refers to a Wikipedia article when discussing the valid local-part of an email address, but Wikipedia is not an authority on this.
IETF RFC 3696 is an authority on this matter, and should be consulted at section 3. Restrictions on email addresses on page 5:
As others have done, I submit a regex that works for both PHP and JavaScript to validate email addresses:
您可以从维基百科文章开始:
You can start from wikipedia article:
谷歌用他们的 gmail.com 地址做了一件有趣的事情。
gmail.com 地址仅允许字母 (az)、数字和句点(将被忽略)。
例如, [email protected] 与 [email protected],两个电子邮件地址将发送到同一个邮箱。 [电子邮件受保护] 也会传送到同一邮箱。
因此,要回答这个问题,有时取决于实施者想要遵循多少 RFC 标准。 Google 的 gmail.com 地址样式与该标准兼容。他们这样做是为了避免混淆,因为不同的人会使用相似的电子邮件地址,例如
维基百科链接是关于电子邮件地址通常允许的内容的一个很好的参考。
http://en.wikipedia.org/wiki/Email_address
Google do an interesting thing with their gmail.com addresses.
gmail.com addresses allow only letters (a-z), numbers, and periods(which are ignored).
e.g., [email protected] is the same as [email protected], and both email addresses will be sent to the same mailbox. [email protected] is also delivered to the same mailbox.
So to answer the question, sometimes it depends on the implementer on how much of the RFC standards they want to follow. Google's gmail.com address style is compatible with the standards. They do it that way to avoid confusion where different people would take similar email addresses e.g.
The wikipedia link is a good reference on what email addresses generally allow.
http://en.wikipedia.org/wiki/Email_address
检查 @ 和 。然后发送电子邮件供他们验证。
我仍然无法在互联网上 20% 的网站上使用我的 .name 电子邮件地址,因为有人搞砸了他们的电子邮件验证,或者因为它早于新地址的发布有效的。
Check for @ and . and then send an email for them to verify.
I still can't use my .name email address on 20% of the sites on the internet because someone screwed up their email validation, or because it predates the new addresses being valid.
简短的回答是有两个答案。你应该做什么有一个标准。即明智的行为可以让你摆脱麻烦。对于你应该接受而不惹麻烦的行为还有另一个(更广泛的)标准。这种二元性适用于发送和接受电子邮件,但在生活中也有广泛的应用。
有关您创建的地址的良好指南; 参阅:https://www.jochentopf.com/email/chars.html
请 过滤有效的电子邮件,只需传递任何足以理解的内容即可查看下一步。
或者开始阅读一堆 RFC,小心,这里有龙。
The short answer is that there are 2 answers. There is one standard for what you should do. ie behaviour that is wise and will keep you out of trouble. There is another (much broader) standard for the behaviour you should accept without making trouble. This duality works for sending and accepting email but has broad application in life.
For a good guide to the addresses you create; see: https://www.jochentopf.com/email/chars.html
To filter valid emails, just pass on anything comprehensible enough to see a next step.
Or start reading a bunch of RFCs, caution, here be dragons.
名称:
服务器:
Name:
Server:
很多人已经尝试回答这个问题。很多人还表示,许多答案已经过时了。这是我根据 2022 年的情况给出的答案。
问题的答案显然并不像人们提出的那么简单。所提议的标准在涉及邮箱名称的命名时,具体来说,是<用户名>。在此背景下,对这些 RFC 的解释也多种多样。
对于<用户名>部分,普遍适用性指导小组在标题为 UASG-028 此处。
对于<服务器>部分,此处提到的所有字符“应用程序的 Unicode 代码点和国际化域名 (IDNA)”,角色状态为“PVALID”。此外,状态为“CONTEXTJ”和“CONTEXTO”的字符在某些上下文条件下有效。
A lot many have already attempted answering this question. A lot many have also said that many answers are already outdated. Here is my answer, as things stand in 2022.
The answer to the question is obviously not as simple as it has been posed. The proposed standards when it comes to naming of a mailbox name, to be specific, <user-name> in this context, alongwith the interpretations of those RFCs are far and many.
For the <user-name> part, Universal Acceptance Steering Group has put up a detailed guideline as to what all constitute an e-mail ID local part in a document titled UASG-028 here.
For the <server> part, all the characters mentioned herein "The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)" with the character status "PVALID". Also, the characters with status as "CONTEXTJ" and "CONTEXTO" are valid in certain contexual conditions.
很好地阅读了 事情。
摘抄:
A good read on the matter.
Excerpt:
答案是(几乎)
ALL(7 位 ASCII)。如果包含规则是“...在某些/任何/无条件下允许...”,
只需查看 RFC 5322 在第 17 页的顶部我们发现:
此描述中唯一缺少的三个字符是在域文字
[]中使用,形成引号对\和空白字符正如第 3.5 节开头所述,所有这些控制字符都是允许的:
因此,这样的包含规则“太宽了”。或者,从另一种意义上说,预期的规则“过于简单化”。
The answer is (almost)
ALL(7-bit ASCII).If the inclusion rules is "...allowed under some/any/none conditions..."
Just by looking at one of several possible inclusion rules for allowed text in the "domain text" part in RFC 5322 at the top of page 17 we find:
the only three missing chars in this description are used in domain-literal
[], to form a quoted-pair\, and the white space characterAll this control characters are allowed as stated at the start of section 3.5:
And such an inclusion rule is therefore "just too wide". Or, in other sense, the expected rule is "too simplistic".
可以在此维基百科链接中找到
As can be found in this Wikipedia link
在我的 PHP 中,我使用此检查
自己尝试 http://phpfiddle.org/main/code/9av6 -d10r
In my PHP I use this check
try it yourself http://phpfiddle.org/main/code/9av6-d10r
为了简单起见,我通过在验证之前删除双引号内的所有文本以及双引号周围的相关文本来清理提交内容,并根据不允许的内容对电子邮件地址提交进行拒绝。只是因为有人可以让 John.."The*$hizzle*Bizzle"[电子邮件受保护] 地址并不意味着我必须在我的系统中允许它。我们生活在未来,获得一个免费电子邮件地址可能比擦屁股花费的时间更少。电子邮件标准并不是没有贴在输入内容旁边,说明什么是允许的,什么是不允许的。
在删除引用的材料后,我还会清理各种 RFC 明确不允许的内容。特别禁止的字符和模式的列表似乎是一个要测试的短得多的列表。
不允许:
在给出的示例中:
在尝试添加或更改电子邮件地址时向剩余结果发送确认电子邮件是查看您的代码是否可以处理提交的电子邮件地址的好方法。如果电子邮件在根据需要进行多轮清理后通过验证,则关闭该确认。如果请求从确认链接返回,则新电子邮件可以从保留||临时||炼狱状态或存储状态移至真正的、真正的一流存储电子邮件。
如果您想体贴,可以将电子邮件地址更改失败或成功的通知发送到旧电子邮件地址。在合理的时间后,未经确认的帐户设置可能会因为尝试完全失败而从系统中掉出。
我不允许在我的系统上发送臭味电子邮件,也许那只是在浪费钱。但是,99.9% 的情况下,人们只是做了正确的事情,并且收到的电子邮件不会利用边缘情况兼容性场景将一致性限制推向边缘。小心正则表达式 DDoS,这是一个可能会遇到麻烦的地方。这与我做的第三件事有关,我对我愿意处理任何一封电子邮件的时间设置了限制。如果它需要减慢我的机器的速度才能得到验证,那么它就无法通过我的传入数据 API 端点逻辑。
编辑:这个答案一直因为“糟糕”而受到批评,也许这是罪有应得。也许仍然很糟糕,也许不是。
For simplicity's sake, I sanitize the submission by removing all text within double quotes and those associated surrounding double quotes before validation, putting the kibosh on email address submissions based on what is disallowed. Just because someone can have the John.."The*$hizzle*Bizzle"[email protected] address doesn't mean I have to allow it in my system. We are living in the future where it maybe takes less time to get a free email address than to do a good job wiping your butt. And it isn't as if the email criteria are not plastered right next to the input saying what is and isn't allowed.
I also sanitize what is specifically not allowed by various RFCs after the quoted material is removed. The list of specifically disallowed characters and patterns seems to be a much shorter list to test for.
Disallowed:
In the example given:
Sending a confirm email message to the leftover result upon an attempt to add or change the email address is a good way to see if your code can handle the email address submitted. If the email passes validation after as many rounds of sanitization as needed, then fire off that confirmation. If a request comes back from the confirmation link, then the new email can be moved from the holding||temporary||purgatory status or storage to become a real, bonafide first-class stored email.
A notification of email address change failure or success can be sent to the old email address if you want to be considerate. Unconfirmed account setups might fall out of the system as failed attempts entirely after a reasonable amount of time.
I don't allow stinkhole emails on my system, maybe that is just throwing away money. But, 99.9% of the time people just do the right thing and have an email that doesn't push conformity limits to the brink utilizing edge case compatibility scenarios. Be careful of regex DDoS, this is a place where you can get into trouble. And this is related to the third thing I do, I put a limit on how long I am willing to process any one email. If it needs to slow down my machine to get validated-- it isn't getting past the my incoming data API endpoint logic.
Edit: This answer kept on getting dinged for being "bad", and maybe it deserved it. Maybe it is still bad, maybe not.
我根据 RFC 指南创建了这个正则表达式:
I created this regex according to RFC guidelines:
Gmail 只允许 + 号作为特殊字符,在某些情况下还允许 (.),但 Gmail 不允许使用任何其他特殊字符。 RFC 规定您可以使用特殊字符,但应避免将包含特殊字符的邮件发送到 Gmail。
Gmail will only allow + sign as special character and in some cases (.) but any other special characters are not allowed at Gmail. RFC's says that you can use special characters but you should avoid sending mail to Gmail with special characters.