I feel with you
I feel with you
Posted Sep 1, 2024 7:04 UTC (Sun) by ceplm (subscriber, #41334)In reply to: I feel with you by dskoll
Parent article: A SpamAssassin surprise
That is their canonical site are https://www.bbc.co.uk and https://www.ox.ac.uk/, respectively, all UK domains are thus divided (and Aussies copies the scheme from them, https://www.abc.net.au/).
Posted Sep 1, 2024 9:51 UTC (Sun)
by excors (subscriber, #95769)
[Link] (18 responses)
But given how common those domains have been since the early days of the internet, I'd guess the email validation systems usually aren't quite that dumb, they'll probably use something like the Public Suffix List (https://publicsuffix.org/) which tries to identify all the registrar-controlled suffixes that people can register under (so it has "com" and "uk" but also "ac.uk", "co.uk", "*.sch.uk" (the third level is the local authority name), etc). Or they'll use an incomplete, outdated, broken version of that list encoded in a regex they found on some blog two decades ago, which is fine for all the people with hotmail.co.uk addresses, and only causes a problem for the relatively few people using mail.companyname.com or new TLDs.
(The PSL is also used by e.g. DMARC to identify domains that belong to the same organisation: https://dmarc.org/2023/05/m3aawg-calls-for-coalition-to-s...)
Posted Sep 1, 2024 12:33 UTC (Sun)
by yeltsin (guest, #171611)
[Link] (8 responses)
Posted Sep 2, 2024 2:29 UTC (Mon)
by NYKevin (subscriber, #129325)
[Link] (7 responses)
Posted Sep 2, 2024 9:34 UTC (Mon)
by yeltsin (guest, #171611)
[Link] (6 responses)
e.g. ~sircmpwn/sr.ht-packages@lists.sr.ht
I guess it's one more reason we need diversity in both, because it forces everybody to comply with the standards. Gmail is very specific on what you can (or cannot) do with your username; other large providers are similar. If that's the only thing everyone is using, it is the new de-facto standard.
Posted Sep 2, 2024 9:56 UTC (Mon)
by anselm (subscriber, #2796)
[Link] (3 responses)
I'm generally happy that most places seem to have caught on to the idea that foo+bar@example.com is, in fact, a valid e-mail address in spite of the “+”. This used to be a major annoyance a few years ago.
Posted Sep 3, 2024 0:21 UTC (Tue)
by khim (subscriber, #9252)
[Link] (2 responses)
Gmail did that. In Gmail everything after Gmail is large enough and common enough to force developers to accept these. I'm not sure smaller mail providers can do that.
Posted Sep 3, 2024 7:41 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (1 responses)
That "+" thing is in the original RFC. Gmail didn't force others to accept it - they would have *been* forced to accept it.
Cheers,
Posted Sep 3, 2024 14:08 UTC (Tue)
by khim (subscriber, #9252)
[Link]
Whenever thinks worked that way? Things like Why do you think
Posted Sep 2, 2024 13:59 UTC (Mon)
by dskoll (subscriber, #1630)
[Link] (1 responses)
Yes, people don't understand email. It's very annoying.
Web developers: The only thing you should do to validate an email address is (1) check that it contains an @ character, and (2) check that everything after the last @ character is a domain name that has either an A or an MX record that ultimately points to at least one routable IPv4 or IPv6 address. That's it. Nothing else.
I say last @ character because "@$foo"@example.com is theoretically a valid form of email address, though I doubt it'd actually work in many places.
Posted Sep 3, 2024 13:44 UTC (Tue)
by brunowolff (guest, #71160)
[Link]
This illusrates another issue with email addresses. There are at least three different encodings for them (raw, 821 and 822). "@$foo"@example.com might be a raw address or it might be an 821 or 822 encoding of @$foo@example.com .
Posted Sep 1, 2024 13:20 UTC (Sun)
by farnz (subscriber, #17727)
[Link] (8 responses)
Unfortunately, I have had to use a gmail.com address at more than site that's rejected my .uk address for having "too many parts". I've also had rejections of my gmail.com address (easily worked around, thanks to Google's flexibility), since you can't have a dot to the left of the @ sign according to some web developers.
Basically, think of a way to get it wrong - there will be sites that get it wrong. Thankfully, since it's just e-mail addresses, it's relatively easy to get a new "free" address from somewhere like GMail that works around the mistakes, but I've encountered similar stupidities with credit card details, where a web developer has confidently assumed that certain things are not possible, and been absolutely floored to discover that banks have issued "impossible" cards (completely within the card spec, but not what the web developer expected, because of things like a CV2 number that "looked like" an expiry date).
Posted Sep 1, 2024 17:53 UTC (Sun)
by Heretic_Blacksheep (guest, #169992)
[Link] (1 responses)
That may be fine for personal, or small business pages that are largely just a static advertisement for a person or business, but anytime you need more than that these graphic design houses aren't qualified.
Posted Sep 2, 2024 8:42 UTC (Mon)
by farnz (subscriber, #17727)
[Link]
Combine that with an effort to minimise the number of back end errors you see (certainly the case with the e-mail and credit card ones I saw), where you're trying not to send data to the back end if you "know" it's invalid, and you have something that apparently works until you get real users on it.
The trouble is that when you try to fix "mistakes" by the user (and I have no doubt that some users would type their expiry of 1/23 into the CV2 box as 123), you have to ensure that this can't be a genuine user - asking "are you sure - 123 looks like it might be your card expiry" is OK to reduce back end error rates, but "123 is not a valid CV2" is simply wrong, when it's the number on my card.
Posted Sep 14, 2024 11:25 UTC (Sat)
by sammythesnake (guest, #17693)
[Link] (5 responses)
First, the spec is easily found and clearly defined - it's not rocket surgery to get the whole thing right (including knowing if the card is a visa or amex or whatever, so don't ask the user!)
On the other hand, the spec itself is a bear, with 1001 different historical warts, so if you think you find a way to simplify it (which inevitably means being wrong, of course) I can absolutely understand the temptation to do so...
Ideally, the banks etc. would all get together and agree to retire all but one checksum algorithm, standardise on one number length etc. so that the spec can be implemented in half a dozen lines of code, but that's herding cats :-(
Posted Sep 14, 2024 14:09 UTC (Sat)
by Wol (subscriber, #4433)
[Link]
It's amazing the number of people who it never occurs to to try and get it right. I've just been asked to implement a check on lorry driver hours, and my FIRST reaction was to ask the requester to send me a copy of the appropriate regulations.
I think this will be the third regulation I've implemented a check for - the previous one was "a driver cannot work for more than 13 calendar days without a 45hr break". The guy who implemented the previous version of the check thought all he needed to look at was the previous, current and next calendar week. How can you check a 13-day rule if at the start of the week you can only see back 8 days! And he just couldn't see what was wrong with it.
Cheers,
Posted Sep 14, 2024 16:27 UTC (Sat)
by farnz (subscriber, #17727)
[Link] (3 responses)
The trouble is that, while I've encountered cases that are the payment card industry's fault (Amex CV2 being 4 digits and in a different place on the card, some cards having a 19 digit PAN), I've also encountered a lot that add complexity (like "CV2 can't be interpreted as a date in the format M/YY"). And while I get the temptation to simplify in ways that you think don't matter, adding complexity because you assume things outside the spec doesn't make a huge amount of sense to me.
Posted Oct 2, 2024 8:22 UTC (Wed)
by taladar (subscriber, #68407)
[Link] (2 responses)
Wouldn't that break for the last three months of every year? Not to mention that 4 digit years should really be used for everything by now.
Posted Oct 2, 2024 10:12 UTC (Wed)
by farnz (subscriber, #17727)
[Link]
The CV2 is three digits; I had a CV2 (at the time) of 821, and the site rejected this on the grounds that this "must" be the issue date of my card, not the CV2.
I assume that they were looking at the last 2 digits, and deciding if it looked "too close" to a plausible expiry or issue year in order to determine if the CV2 was valid, but the error message told me that it was rejecting it because I'd supplied the issue date, not the CV2. Experimentally, it also rejected 828 as my card expiry date (even though I had put in the actual expiry date elsewhere in the form).
Posted Oct 2, 2024 10:34 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
And why use YYYY for user interaction when all dates are "about now"? Credit card dates are all within a 10-yr windows, so YY is not ambiguous.
Cheers,
I feel with you
I feel with you
I feel with you
I feel with you
I feel with you
I feel with you
+ is ignored so you may used JoeAverage+shopping@gmail.com on one web site and JoeAverage+work@gmail.com on some other web site (and can use filters to label them differently on the receiving site).I feel with you
Wol
I feel with you
!, /, or even @ are in the original RFC, too. Yet web sites don't support them (or, at least, rarely do).+ is an exception?I feel with you
I feel with you
Badly coded websites
Badly coded websites
Badly coded websites
Badly coded websites
Badly coded websites
Wol
Badly coded websites
Badly coded websites
Badly coded websites
Badly coded websites
Wol