Open bmassemin opened 4 years ago
Thank you for reporting this @bmassemin with detail, and welcome to the Go project!
Those addresses are valid according to the specification that net/mail follows aka RFC 5322, which is loose of a specification that what you are referencing in RFC 1035 and correct according to RFC 5322's syntax in which it is accepted as a dot-atom per atom
However, in that RFC 5322 that net/mail uses, they say that enforcement of stricter address validations are left to the discretion of the implementers per https://tools.ietf.org/html/rfc5322#section-3.4.1
This bug will then perhaps a discussion of whether we should tighten address validation to dip into the requests of RFC 1035 et al, or whether we should leave it alone. I shall retitle this bug.
Kindly /cc-ing @iWdGo @dsymonds @ianlancetaylor
Yes, net/mail
deliberately sticks closely to the spec, and, if memory serves, actually accepts slightly more. People have very weird old mail boxes that they like to be able to parse, so being a bit more liberal in the parsing was a deliberate choice.
I'd say leave net/mail
as it is.
I agree this can stay as is, however I would still add a note in the comments of ParseAddress to explain which RFC is implemented.
I agree this can stay as is, however I would still add a note in the comments of ParseAddress to explain which RFC is implemented.
It already does that in the package doc comment.
Change https://golang.org/cl/238118 mentions this issue: net/mail: declare that domain parsing is less strict than expected
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes: https://play.golang.org/p/Z3a5zj6Qch6
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
https://play.golang.org/p/Z3a5zj6Qch6
What did you expect to see?
I'm expecting the test to pass, since
test@--domain.com
is not a valid address. A domain can't starts or ends with a dash according to this RFCWhat did you see instead?
The email address is properly parsed with the invalid domain.