May I safely treat email addresses lower case?

views:

322

answers:

+5 Q:

May I safely treat email addresses lower case?

In theory emails are case sensitive. But using emails as system login I want them to be all lower case (i.e. [email protected] and [email protected] cannot be different users).

Can this be a problem for some users who use case sensitivity in their email address? Does somebody use it out there?

Edit: Because there are many "preserve case on save, ignore on login" answers: This system would break if I really had two different users john@smith and John@smith, wouldn't it?

Example: john@smith and John@smith have the password 123. How do I know which one just authenticated?

Yes, that is a problem. I just made a little test on Linux (running exim) and only the mail with correct case reached the mailbox...

I think that most commercial mail providers normalize all email addresses but in general you have to use the correct case!

Johannes Weiß 2009-10-01 11:29:51

This link says that "hardly any email service or ISP does enforce case sensitive email addresses".

Scavenger 2009-10-01 11:29:51

Translation: Some email services / ISPs enforce case sensitive email addresses.

Bill 2009-10-01 12:51:35

I don't know of any implementation that distincts between email-addresses having the same letters but in different case.

I've never heard of a message not being transmitted correctly only because the cases were wrong.

Atmocreations 2009-10-01 11:30:53

+11 A:

According to [RFC 2821][1]:

The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. Mailbox domains are not case sensitive. In particular, for some hosts the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged.

So, while you can treat emails addresses with case sensitivity, you are discouraged from doing so.

[1]: http://RFC2821 - Simple Mail Transfer Protocol

Pete OHanlon 2009-10-01 11:31:14

I read that paragraph (linked to it in my question) but is this a yes or no? How applicable is this in real-world systems?

Jakob Stoeck 2009-10-01 16:17:25

It's a yes, for most values of "safe". You will not likely encounter a problem and if you do, the work-around (using a different address) is easier than user-experience problems you'll cause by enforcing case.

Troy J. Farrell 2009-10-13 16:00:26

+4 A:

Some systems are case sensitive.

I'd suggest it be preserved but ignored a la windows filesystems.

i.e. remember john signed up with [email protected] but let him log in as [email protected], [email protected] or [email protected].

It's unlikely to cause conflicts and if anyone has a case-sensitive email I'm sure they'll be aware of it.

wefwfwefwe 2009-10-01 11:32:56

Please see my edit. I think this would only work if I preserved cases but forbid any new registrations with the same letters but different cases, which contradicts the whole case sensitivity thing, no?

Jakob Stoeck 2009-10-01 16:20:56

That's exactly what i'm suggesting

wefwfwefwe 2009-10-02 07:13:15

If you're using it as a system login, no need. Usually (when talking about logins), admin and Admin are one and the same person ... so is JohnDoe and johndoe ... also , the number of people who use email providers that allow for case sensitivity is way, way too low.

Aviral Dasgupta 2009-10-01 11:42:57

+1 A:

IMHO store and display the address the way the user entered it, not only because the RFP says you have to respect case, but because if the user has a preference, you should respect that preference. It's their email address. I'm not a fan of systems reformatting the personal details I provide to them. For example, you'd be surprised how many systems INSIST on calling me "Tj" -- which is clearly wrong -- rather than "T.J." (+1 to SO for getting it right).

So if John Smith signs up as "[email protected]", then that's how John Smith wants to see his email address (if he has a preference). I probably wouldn't let someone else sign up with the "[email protected]" email address because the odds are overwhelming that it's the same as the other account's address, but I wouldn't muck about with the user's formatting of their address or other details. At most I might prompt them if they give me a lot of ALL CAPS SHOUTING, asking if they wouldn't prefer something more...gentle.

T.J. Crowder 2009-10-01 11:50:17

+6 A:

Don't throw away data. Store the email address or username exactly as you received it, with the exception of trimming both ends of the string.

When sending email, use the case that was supplied by the user. Just because case-sensitivity is rare is no reason to not handle it - otherwise that user gets no mail, and can possibly not even register.

When authenticating a user, you can optionally do a compare on lower case (or upper case) strings, so that the case is disregarded.

So, by preserving the user input data you have suddenly given yourself options: whether to do case-sensitive compares on authentication, and whether to use case-sensitive email addresses when sending mail. Even if you don't choose to avail yourself of them now, the purpose of preserving data is to allow you (or some other developer) to have those choices down the road.

RedFilter 2009-10-01 12:31:17

ansaurus

tags:

views:

answers:

May I safely treat email addresses lower case?

related questions