* status: closed => reopened
* severity: => Normal
* cc: joshcartme@… (added)
* resolution: invalid =>
* easy: => 0
* ui_ux: => 0
* type: => Uncategorized
Comment:
I'm not convinced this should be closed. Although DNS should correctly
resolve a domain with a trailing dot according to the specification
(documented at the beginning of page 7 here
http://www.ietf.org/rfc/rfc1034.txt) sending emails to addresses that end
with a dot fails at least in my case. For example I tried sending an
email to and from a google apps address of mine using thunderbird. I was
sent back a Delivery Status Notification (Failure).
When trying to use EmailMultiAlternatives with a email address of this
form, m...@domain.com. as an example, msg.send() breaks with the following
error:
SMTPRecipientsRefused: {'m...@domain.com.': (501, '<tedli...@aol.com.>:
domain missing or malformed')}
Here is a quote from RFC 5321 section 2.3.5
(http://tools.ietf.org/html/rfc5321#section-2.3.5):
"A domain name (or often just a "domain") consists of one or more
components, separated by dots if more than one appears."
I think the important word is separated, it does not say terminated
therefore an email address should not be terminated by a dot.
More discussion on that here: http://tech.groups.yahoo.com/group/postfix-
users/message/244166.
At the very least I think this needs to be revisited and properly
discussed. Emails with dots at the end do not send so why should they be
validated by Django?
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
Comment:
#16310 was a duplicate. Note that this behaviour was introduced in
changeset [11605], which itself was to fix a security issue where the
email and url validation regular expressions could be exploited in public
form submissions to cause a DOS. Therefore this should be treated very
cautiously.
I haven't done enough research to confirm whether this is a genuine bug or
not. However, this behaviour (i.e. trailing dots) doesn't seem to be
tested at all. So I'm accepting this ticket on the basis that at the very
least it needs some tests.
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:3>
* needs_tests: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:4>
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:6>
* status: new => assigned
* owner: nobody => shaz
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:7>
* cc: timograham@… (added)
* needs_better_patch: 0 => 1
* stage: Ready for checkin => Accepted
Comment:
Please don't mark your own patch as RFC. It looks like this needs to be
discussed as to whether we want to continue to allow email addresses that
end with periods or not. If so, the test in the latest patch is a bit
awkward (using both unittest.expectedFailure and assertFailsValidation).
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:8>
Comment (by olau):
We just had an SMTP exception from Exim because a user managed to enter
his email address with a trailing dot. Probably he copied it from
somewhere with a period at the end. This echoes what Josh C said, but I
just want to confirm that Django's behaviour in this case caused us a real
problem, so yeah, this is a genuine bug.
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:9>
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
Comment:
Here's a simple patch that avoids messing with the regex. Perhaps it's
good enough.
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:10>
Comment (by timo):
And now a version that modifies the regex. Thanks @claudep
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:11>
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:12>
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"4cfbde71a33973cb8c8da406b2523dfc742358e7"]:
{{{
#!CommitTicketReference repository=""
revision="4cfbde71a33973cb8c8da406b2523dfc742358e7"
Fixed #12027 -- Fixed EmailValidator to reject a trailing dot.
Thanks Klas H for the report and claudep for the patch.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:13>