It seems like it should be easy to validate email addresses. After all, it’s pretty easy to recognize a valid email address on sight. Shouldn’t that make it easy to validate one with a computer? If only we were so lucky.
That Dragon, Email Validation
For a long time, web designers worked hard to create a perfect email address validation system. Having a broken email address on your mailing list is frustrating for you and frustrating for the user. If you pay on a per-subscriber basis, for example, broken email addresses represent a total waste of money. And if the user was excited to receive your mailing list and then never does, they’ll feel let down. But broken email addresses aren’t the worst of it: if you just accept unprocessed user input on a web form, you leave yourself open to a vast array of security holes. So web designers have often attempted, with various levels of commitment, to pre-determine whether email addresses are correct.
Let’s imagine that, as naive, fresh-faced web developers, we decide to write a regular expression or script that verifies an email address before a sign up form is submitted. What kind of qualifications would we use to judge our prospective email address? Well, we would definitely look for the @ symbol. We know that’s required for every email address. And we should probably check to see if the email address ends in a top level domain. So we create a regular expression that matches against @ and a pile of TLDs – .com, .net., .org., .edu and .gov, for example. You’ve probably realized the major problem with this process, which is that it doesn’t include any country TLDs, or any newer TLDs like .today or .limo. So maybe we expand our list of TLDs to include all these new ones, as well as country-level domains.
We still have a problem though: new top-level domains get added pretty regularly. If we hard-code the list of “valid” TLDs in our regular expression, we’ll need to change the script on every site we’ve built every time a new TLD is added. Even if we use one centralized script, it’s a maintenance headache we’d rather avoid.
Even if we attempt to validate against the specification that describes valid email address, we still probably won’t get it right. People have tried, and we end up with a regular expression so complex that its virtually unreadable. And when we throw in non-Latin characters and ever-evolving standards, we can end up with a real nightmare for maintenance.
But even if we could write a perfect validation script, there’s a bigger problem. Simply validating email address this way doesn’t confirm intent. Regular expressions can’t prevent accidental sign ups, nor can they prevent pranks like users signing up a friend for newsletters or something equally mischievous. But more important, this validating doesn’t confirm that the email address is actually active and in use. It only confirms that it meets some kind of formatting standard.
There has to be a better way to validate email addresses!
The Best Way To Validate Email Addresses
Hands down, the best way to validate an email address is to send an email to that address. This is the dominant method of validating email addresses in the industry, and we know that it works every time. Mass-mailing companies like MailChimp and Constant Contact use this technique to validate mailing list subscriptions, as do other companies that handle email in industrial quantities. Let’s check out the process using the example of a mailing list signup:
1. User inputs email address: The user types their email address in a box on your website and clicks “Sign Up!” to sign up for your mailing list.
2. User sees a thank-you screen: This screen confirms that the user has just signed up for your mailing list. Importantly, this screen also tells the user that, before their subscription is confirmed, they must click on a confirmation email which they’ll receive shortly.
3. Confirmation email is sent: Your mailing list system sends out an email to this provided email address with a link. That link, when clicked, automatically marks the customer’s email as “valid” in your mailing list database.
4. User receives confirmation email: The confirmation email shows up in the user inbox. They open the email and click on a large “Confirm Subscription!” button to finalize their subscription.
5. Final confirmation message: After clicking on this button or link to confirm their subscription, the user sees a success screen, thanking them for signing up. You might also show them a sample newsletter, or otherwise contextualize what they’ve just accomplished.
We should also have an “abort” button someone in this process. In a well-designed scheme, the user will have a clear off-ramp to cancel the subscription process. If they realize half way through the subscription process that they would prefer not to receive your newsletter, they should know what to do. For example, the confirmation email should include some kind of language that covers this situation. You might say, “If you didn’t mean to sign up for this newsletter, simply ignore this email and you will be removed from our mailing list.” And most users are bright enough to know that, should they stop half way through the subscription process, the subscription won’t be completed.
Conclusion: Best of Both Worlds
The best strategy for validating emails combines both techniques. We use a simple regular expression on our form to make sure the most fundamental parts of an email address, like the @ symbol, are present. If that bar is passed, then we confirm that the email address is functional by sending a confirmation email to that address. The best news is that you don’t even need to write this yourself. If you embed the newsletter signup form from MailChimp (or another newsletter company), you can get all this taken care of without any personal input.
Featured image designed by Freepik
You might also like: