tags:

views:

58

answers:

3
Q: 

How do I make an arbitrary string email address safe?

I need to take an arbitrary string and make it safe to use as part of an email address, replacing characters if necessary. This is to submit text to an API that requires values to be encoded into the address the email is being sent to. However, this is fraught with pitfalls and I'd like to make sure that whatever is input isn't going to break mail delivery. I'm already planning on just double-quoting the entire local part, which is going to mitigate a lot of the issues.

I've found a guide to what characters can be used in the local part of an email address, but it seems to make no distinction between 'It's forbidden by the RFCs' and 'It can be confusing so it's best to stay away' and 'it can only be used when escaped properly'. Does anyone have a reference to something clearer/faster to read than the appropriate RFCs themselves?

Edit: I have no control over the parsing on the receiving end nor can I change how the text gets submitted as something other than a straight ASCII string.

A: 

Why don't you just confine the characters you use in the email address to the ones in the table you referenced that are marked "OK"?

That would include plus, minus, hyphen, period, upper and lower case letters, numeric digits, and the underscore.

Robert Harvey  2010-09-07 19:17:27
Makes it difficult to include a string 'John Doe (ABD Admin), Jane Doe (ABD CEO)' in the email address without totally munging it then.
Oesor  2010-09-07 19:24:30
@Oesor: `[email protected]`
Robert Harvey  2010-09-07 19:45:34
Then the string is 'John.Doe.ABD.Admin'. I'm not trying to make up an email address that I can use for such and such string, I'm interacting with an API that requires that fields be passed as parts of the email address the mail is sent to. IE, the email is something like 'foo=The quick brown fox/bar=jumped over the lazy [email protected]' would theoretically assign foo and bar to those strings, respectively. Yes, it's a somewhat insane API.
Oesor  2010-09-07 21:04:48
I assume that if the people who wrote the API use these characters in an email address, that they manage to do so successfully (i.e. they tested their own stuff to make sure it works).
Robert Harvey  2010-09-07 22:38:43
You're far more trusting than I am.
Oesor  2010-09-08 18:28:08
@Oesor: Perhaps. But if it doesn't work it's not because you aren't making your emails character-safe, it's because they didn't write their API properly. Either way, I don't see how you can fix it if it's broken.
Robert Harvey  2010-09-08 19:01:52
+1  A: 

The RFCs themselves are perfectly clear. Ignoring obsolete and quoted forms, the local part of an address is:

atext       =       ALPHA / DIGIT / ; Any character except controls,
                    "!" / "#" /     ;  SP, and specials.
                    "$" / "%" /     ;  Used for atoms
                    "&" / "'" /
                    "*" / "+" /
                    "-" / "/" /
                    "=" / "?" /
                    "^" / "_" /
                    "`" / "{" /
                    "|" / "}" /
                    "~"
David M.  2010-09-07 19:20:22
The table that the OP references gives some very good reasons why some of these characters should not be used.
Robert Harvey  2010-09-07 19:21:17
Yeah, found rfc 3696 (http://tools.ietf.org/html/rfc3696#page-5) which does a decent job of summarizing the various rules.
Oesor  2010-09-07 19:23:22
A: 

Assuming you control the API, why not Base64 encode the data?

Base64EncodeString("Hello")
Base64DecodeString("SGVsbG8=")

You should probably replace the padding character = with an email-safe character like - minus.

Edit
It seems = is a safe character, no need to replace it.
However, the resulting text may start with a number so pad it with a letter and have the receiver discard the padding.

Greg  2010-09-07 19:20:23
That will work if you don't mind having unreadable email addresses.
Robert Harvey  2010-09-07 19:21:57
That would be great if the receiving end could take base64 encoded strings.
Oesor  2010-09-07 19:24:58
@Robert - Who reads their email anyway? :)
Greg  2010-09-07 19:25:08

related questions

I ALMOST understand how email works, but I'm missing something.
Sending Email in .NET Through Gmail
MS hotfix delayed delivery.
How to send email from a program _without_ using a preexisting account?
Email SMTP validator
Maximum length of a MIME Content-Type header field?
If email is not the answer then what is?
Accessing an Exchange Server without Outlook
Recommendations for a .NET component to access an email inbox
Email queueing in php
How do I open the default mail program with a Subject and Body in a cross-platform way?
How do I send a file as an email attachment using Linux command line?
Read from .msg files
What was your biggest mistake involving programmatically sending email?
Good email service for bulk emailing
parsing raw email in php
Is there any wiki engine that supports page creation by email?
Sending emails without looking like spam
What's in your .procmailrc
Why won't Entourage work with Exchange 2007?
Can I use JavaScript to create a client side email?
E-mail Notifications
Is a "Confirm Email" input good practice when user changes email address?
MAPI and managed code experiences?
How do you make sure email you send programmatically is not automatically marked as spam?