How many websites do we all have to register with, too many, and if they require an email address then you can often get frustrated and have to find ways around using your regular email address on hundreds of sites.

I've always used Plus Addressing, if you don't know it, it is fairly simple.

Rather than sign up for a new streaming service with [email protected], I use [email protected]. The email will still be delivered to the same email address of [email protected], but the 'streaming' bit I added to the email address will allow me to see who the email is from, if they have passed my email address on to anyone else I will know which site it was, and I can easily sort (well, auto delete), emails with 'streaming' in the address using a rule in my email client.

❌ Failing Validation

It has become more common recently that when using this trick the form I am using the email address on doesn't allow it, and I fail a validation check.

I got annoyed about this, had a moan, and moved on. 🤬

That is until doing a recent code review and finding this. 🫨

^[a-zA-Z0-9%]+@[a-zA-Z0-9-]+\.[a-zA-Z]{2,3}$

A bit of Regex to validate the email address. I'm sure the Regex experts among you have already seen one or two issues, I'll get to those in a moment.

I was pretty sure the person who'd written this didn't know much, if anything, about Regex, they had certainly never used it before. Plus, there was a comment above it in the code which didn't look like a real code comment, but rather more like a prompt for AI 💻 to generate some code.

Indeed, I checked out quite a lot of different AIs, asking them for some Regex to validate an email address, and the responses were mixed, some did well, and some did very badly and would reject a lot of valid email addresses.

❓ The Problems

So what are the problems? Well, in the first part of the address, we are not allowing the + symbol, so my life hack is blown. In fact, we also don't allow other symbols, so [email protected] won't be able to sign up.

In the domain section, sub-domains wouldn't be allowed. So if you worked for a company that had multiple sites, you could have an email address something like [email protected] or [email protected], and wouldn't be able to sign up.

The top-level domain is also limited, to 2-3 characters, as someone who has websites with top-level domains of .cooking and .menu for a couple of restaurants, I found this very annoying.

Amazingly, I had to explain why this was bad, I guess a lot of people are just used to .com and .org and not much else. One person thought that the address part of the email could only include letters, numbers and a full stop (period for our USA friends), they had no idea you could use a + or a - in an email address.

📧☎️🔠 It Isn't Just Emails

As I continued with the code review I discovered it wasn't just emails, someone had learned what Regex was and by golly, they were going to use it.

Phone numbers, that must only contain numbers! No no, in different countries people format phone numbers in different ways, some use brackets, some use hyphens, and many use spaces.

Full name, validating that they have used one space (and only one space) and only characters. Hang on, have you heard of double-barrelled names? What if someone wants to put in a first name, middle name and last name, that wouldn't be allowed. What would Spiderman's 🕷️🕸️ girlfriend Mary Jane do? By the way, you only allowed Latin alphabet characters too.

💡 The Solution

Some of the issues with this particular Regex might be obvious, but the point remains, did it really need that level of validation anyway?

The solution is simple, don't over-validate things.

Sure, check if an email has an @ symbol in it, but beyond that, allow it. If someone wants to format their phone numbers in a way that is strange to you, let them.

We have to trust the end user a little bit, don't we?