Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#31960 closed Uncategorized (wontfix)

Document that Django email validator does not enforce valid emails

Reported by: James Pic Owned by: nobody
Component: Uncategorized Version: 3.1
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by James Pic)

Currently, Django makes it seem that using an EmailField / EmailValidator will protect projects from getting invalid emails in their database.

But in reality, users must not count on Django for that:

This makes the following documentation statement inaccurate:

"EmailField: A CharField that checks that the value is a valid email address using EmailValidator."

Source : https://docs.djangoproject.com/en/3.1/ref/models/fields/#emailfield

It would be only fair to users to document that the EmailValidator will let invalid emails through, which will be the cause of SMTPError, and that people who don't want invalid emails in their EmailField must override and fix Django's default behaviour.

As to why EmailValidator would reject emails starting with a dot like ".foo@…" but not emails starting with a hyphen "-foo@…": this will remain a mystery.

Change History (5)

comment:1 by James Pic, 4 years ago

Description: modified (diff)

comment:2 by James Pic, 4 years ago

Description: modified (diff)

comment:3 by James Pic, 4 years ago

Description: modified (diff)

comment:4 by James Pic, 4 years ago

Resolution: wontfix
Status: newclosed

comment:5 by James Pic, 4 years ago

Actually I think there is nothing we can do really, even SMTP VRFY is not going to be reliable because some providers block it "to foil spammers": https://docs.python.org/3/library/smtplib.html#smtplib.SMTP.verify

Note: See TracTickets for help on using tickets.
Back to Top