Wednesday, September 13, 2006

ColdFusion Email Validation, IsValid(), And CFMail Errors

Ben Nadel posted a comparison of the differences in behavior between the IsValid() function for Email addresses in ColdFusion 7 and the addresses that the CFMail tag will accept.

I posted this as a comment on his blog, but thought it was interesting enought that others might want to know what is going on.

The IsValid() function uses the following regular expression to determine if the email is valid:
"^[a-zA-Z_0-9-'\+~]+(\.[a-zA-Z_0-9-'\+~]+)*@([a-zA-Z_0-9-]+\.)+[a-zA-Z]{2,7}$"

The CFMail tag uses the Sun Java class javax.mail.internet.InternetAddress parse() function. Since the implementation uses JavaMail, this is how we generate the InternetAddress objects that we pass in for the addresses (to, from, cc, etc).

The "strict" attribute is turned on. The JavaDoc says of this:

"Parse the given sequence of addresses into InternetAddress objects. If strict is false, simple email addresses separated by spaces are also allowed. If strict is true, many (but not all) of the RFC822 syntax rules are enforced. In particular, even if strict is true, addresses composed of simple names (with no "@domain" part) are allowed. Such "illegal" addresses are not uncommon in real messages.

Non-strict parsing is typically used when parsing a list of mail addresses entered by a human. Strict parsing is typically used when parsing address headers in mail messages"

See the InternetAddress JavaDoc at http://java.sun.com/products/javamail/javadocs/javax/mail/internet/InternetAddress.html

In general I think that the more strict IsValid() behavior is a good thing, and importantly it matches the client side validators used for forms in the browser. This is what it is intended to do (match client and server behavior).

7 comments:

Anonymous said...

I am SOOOOO glad I found your page!!! Thank you!!!! This took care of a validation loop check for cc addys I was inserting in a cfmail tag.

Beautiful web page design, too, my compliments!!

Florida Retail Federation said...

I am using a similar code to check an email and depending on the domain of the email, I am updating certain criteria. The problem is that I am getting an error message when it is validating a domain with a hyphen. Any ideas on how i can resolve that?

cfif REFindNocase("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[Jones-Thomas]+(\.[a-z0-9-]+)*\.(([a-z]{2,3})|(aero|coop|info|museum|name))$", Email)>
query name="update" datasource="XXX">
update XXX set YYY = 1 where id = #getID.id#
/query>

It works great if the email domain is not hyphenated.

Tom said...

Keith,

You would need to add a "-" as one of the characters allowed by your regular expression.

I don't claim to be a RegEx expert, but I know there are lots of resources out there to help you.

Anonymous said...

Good to know the regular expression used by the IsValid() function so the client-side check can be consistent with the server-side! Nice blog in general too!

Anonymous said...

Tom,

I've built 2 regex expressions to use to validate a form based email address.

cfset APPLICATION.single_email_pattern = "^([0-9a-zA-Z]([-._+\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+(([a-zA-Z]{2,4})))$"

cfset APPLICATION.multiple_email_pattern = "^([0-9a-zA-Z]([-._+\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+(([a-zA-Z]{2,4})))*([,]\s*[0-9a-zA-Z]([-._+\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+(([a-zA-Z]{2,4})))*$"

Unfortunately, it isn't perfect and we finde people occasionally screwing up and submitting emails where they leave off the comma between emails (hence two @ @ signs with parts of the emails between them).

Any way that you can tell us where to find 2 things?

1) a good regex expression for client side validation of 1 (OR MORE) email addresses in 1 field

2) some good CF code that we can use as validation on the server side BEFORE calling the cfmail tag?

Our internal users find ways to submit invalid emails (structurally) on the client side that we don't always catch, and then the cfmail tag hiccups and sends us an email notice. If Sun/Java specifies formats for the cfmail tag to use, than can someone on your end create some code that will validate our form.fieldname before we use it in a cfmail call?

Thanks,
Ryan, hartwichr@hotmail.com

Anonymous said...

Ryan, did you get answers to your questions? I am very interested in the same thing for an app I'm working on, and it would really be helpful! Please let me know, carla.scepaniak@alacop.gov, thanks!!!!

Hey Tom, what did you use for the word verification image production for the blog?

Art Huston said...

Interesting discussion both for validating email addresses in general, as well as ColdFusion in particular. There is a small difference n the REGEX expression on this post and the REGEX expression Tom posted on Ben Nadel's blog.. The posting on Ben's blog omits underscore as a valid character in user names by using 'a-zA-Z0-9' instead of 'a-zA-Z_0-9'.

Use the one in this post.