Had a user confused that they were not able to log in with any email address of theirs, so I went to look it up and the user had supplied a username, not an email address, for the email address field (no @ etc.).
I subscribe to the thought that the best way to validate that a string is an email address is to try to send an email to it, not go down the rabbit hole of giant complex regexes that always get proven wrong, but a low-effort thing like validating that there's an @, maybe a ., in it to prevent user mistakes like this seems reasonable.
Had a user confused that they were not able to log in with any email address of theirs, so I went to look it up and the user had supplied a username, not an email address, for the email address field (no
@etc.).I subscribe to the thought that the best way to validate that a string is an email address is to try to send an email to it, not go down the rabbit hole of giant complex regexes that always get proven wrong, but a low-effort thing like validating that there's an
@, maybe a., in it to prevent user mistakes like this seems reasonable.