Any point in validating SMTP addresses with a regex?

Question

I have an app where users can send emails to other users by selecting names from a list. There's also a textbox where they can freely enter a list of email addresses to Cc. Currently, each address to Cc is validated by an extensive regular expression, which checks conformance to RFC2822. The address is then added to the System.Net.Mail.MailMessage.CC collection, something like this...

MailMessage message = new MailMessage(/*...*/);    

//foreach address ...
{
  try
  {
    MailAddress address = new MailAddress(strAddress);
    message.CC.Add(address);
  }
  catch (FormatException fe)
  {
    // display error to user, don't sent the message
    return false;  
  }
}
//send the message ...

My question is this - is there any point validating each address with a regex, or should I just rely on System.Net.Mail.MailAddress to do the validation for me?

Answer 1

MailAddress seems to have some problems (see the comments at the end of this page: http://msdn.microsoft.com/en-us/library/system.net.mail.mailaddress.aspx). I would rather use a regex (see for example http://www.regular-expressions.info/email.html) since this will allow you to do modifications if needed (if you use MailAddress, you depend on Microsoft correcting the address validation bugs on future framework versions or service packs).

Answer 2

KISS. A regular expression for RFC2822 is nothing of the sort (check out the infamous perl regular expression for this). I would not use a regular expression at all -- thinking that is the only approach has already boxed you in a corner.

Whether or not to reply upon MailAddress (or another library, preferably already existing and tested) is just a matter of accepting the limitations of MailAddress (which may be sufficient). Note that MailAddress makes no claims of RFC2822 conformance in the documentation, but rather hints at a subset that it accepts.

And, if you are already using code that relies upon conformance to the e-mail addresses accepted by MailAddress, then that can only be restricted, not expanded upon, with a pre-filter.

Answer 3

If you're sending mail using the System.Net.Mail then it's a good idea to use the MailAddress class to do the validation as then you know you can send the mail using those classes (it doesn't permit all technically valid email addresses, but there's no point in permitting addresses you can't send to).

It's a shame there's no TryParse method as an invalid address isn't really an exceptional case, and it's not nice having to use exceptions for flow control in this way, but it's essentially the same way we do it.

I did add a basic sanity check beforehand to mitigate the number of exceptions thrown on blatantly invalid addresses. Nothing fancy, just a check that there is an @ and a . in reasonable positions. I can't remember off the top of my head but it was so simple I think I just used String.IndexOf rather than a regex. So yeah, I reckon something like that's worth doing, but don't spend too much time on it.