 Next up is Stavros with a problem, every sysitman and IM1 has faced validating email addresses. So, a big applause for a short talk by Stavros. Thank you. Thank you, everybody. I'm Stavros. My last name is unpronounceable in your language, so I won't bother. I'm here to speak about something that's very important to me, and I think this is the most important talk in the conference. But, yeah, I also see many people here, so I'm afraid you have grossly overestimated how useful this talk is going to be, but that's fine. So, I'm going to talk about a new technology called electronic mail. It's a product, well, it's a technology that lets you send letters to your pen pals across the world, instantly, over the internet. How many of you have an electronic mail account? Just raise your hands, maybe with, you know, hotmail, AOL. So, it's, okay, pretty popular, I see, okay. How many people have sent an electronic mail to somebody or received one? Okay, that's fairly few people, that's good. How many people have written software that uses electronic mail? All right, that's okay. How many of you have written software that has to parse an electronic mail address and validate whether it's correct or not? Okay, you are all going to need this talk. So, let me see if my clicker works. It doesn't work, that's fine. I'm going to do this by hand. No, this doesn't work either, what? Sorry, yeah, electronic mail works, presentations doesn't. Okay, so, I'm going to show you one address per slide, and I want you to shout whether it's valid or invalid. Just, like, go up and shout, and if you need any clarification afterwards or something, just shout, it's fine. So, this address. Valid, okay, that is valid, good. So, you guys are off to a good start. How about this one? Invalid, there is no domain, of course. How about this one? There's a plus there. Okay, that's good, most of you have seen it. How about the dot there? Valid, okay. How about the dot there? It is invalid. If you've said valid, you need to come to me for classes, for tutoring. How about two dots? Invalid, that's still invalid. Yeah, you can't have two dots in a row. How about this one? It is invalid. If you said valid, you should feel bad because you're trying to be too clever, but you weren't. How about this one? There's an asterisk and a bad word. It is valid. You can have an asterisk and an electronic mail address. How about this one? That is also valid because you can have all these characters here. They're fine. How about this one? Are you sure? Do you want to change your answer? It is invalid. You cannot have parentheses in the email address. How about this one? This is valid. This is actually a comment. You can have comments there. This is actually IFC compliant. This is standard compliant. You can have a comment there. You can just put it. It's ignored by the mail server, but you can do it. You can just put whatever you want in there. How about this one? This is also a comment, and it's still valid. Are you all right? Who wrote this stuff? How about this? It is invalid because you have two at signs. You can't have two at signs. How about this? Yes. SMTP level. Somebody has read the RFC, but yeah, this is SMTP. Yes. That question was whether this is SMTP level or whether this was user-facing mail client stuff. No, this is SMTP. This is in the RFC. So yeah, if you said valid, you need to take a good look at yourself and try not to be so clever. This is a bunch of illegal characters. It doesn't have anything. How about this one? Oh, that's just, yeah, the display is too short. It's supposed to be one line. Valid or invalid? Yeah. Who said valid? Go out again. It's just a bunch of characters. How about this one? The too clever person was actually correct this time because you can have quoted at signs in the address. How about this one? With a space? It is actually valid because if you quote the space, it's fine. Yes. How about this one? It's a standard ASCII 32 space. So no, yeah. Unicode will work as well, but yeah, anyway. How about this one? Yeah, this is valid. You quoted the space. You can have a space as your local part. That's fine. How about now? That is invalid and not because of the at sign. It's invalid because the quotes must be dot separated. So if you have a quote, you must separate it by dots. How about this one? No, you don't know because you posted a bunch of them and they were invalid. So is it invalid now? Is it valid? Okay, this is valid because we did separate the quoted part and the quote is escaped. So yeah, if you send email to this, I will reply to you. I will literally do it, yeah. Tricky one. We're escaping it, but it's still a space. It's invalid because you have to quote the spaces even if you escape them. How about this one? I see you guys know about IPv6. That's a valid IPv6 host name. How about this one? Okay, that's good. It's valid because it's a TLD. Somebody at the TLD will take it. How about this one? It is valid because it's Unicode. It's fine. How about this one? It isn't valid because 23456789 is not a domain, so it can't get delivered. Sorry, it's not a TLD, so yeah, if you go register the TLD and pay the $100,000, you can get it. Just tell me to update my slides though. How about now? Confusing, but it's actually a VV4 valid because it's a decimal IPv4 address. It was an IPv6, so it was correct for the wrong reasons, so you should feel even more bad. Okay, so since we've kind of demonstrated that you can't tell by the email address, how do we validate? And keep in mind that the RFC is kind of a recommendation at this point because the RFC says that the local part is case sensitive, but nobody really does it as case sensitive, so how do we validate an email address? We don't. We just check if there's an ad sign in there, and if there is one, we say, okay, pass the first check, you send an email to it, and then you wait for the user to click the link, or whatever. So if I see another sign up form that says that my address is not valid, I'm going to hunt you down, whoever it is, and yeah, I'm going to show you the presentation again. Thank you very much. Any questions? I do not expect it. Yeah, go. No, no, no, no. I cannot put emojis because that would be cheating. Next question. Actually, that's a good idea about emojis though. Next question. This is a pretty new standard. It's still under development. Sorry, the question was whether there are any new developments. Yeah, it's changing all the time, but I think you can be kind of sure that following my advice will do, yeah, it will suit you. Anybody else? Come on, you must have questions. This is amazing technology. Yes, what library is to check? Every language has an email validation library. Usually you check if at in string, that's it, and every language will do it. So you're really lucky, they've all been available. Next question. Oh, sorry, yes. Well, yes, does it need to be so complicated is the question. If you want an easy way to talk to all your pen pals throughout the world, it's kind of like you have to make some concessions. You have to check the address, you have to send an email to it, you have to see if the user will click the link. There's really no easier way to validate. Oh, so yeah, yes. I will suggest that to the elders of the internet and maybe they will take your suggestion. Thank you. Next question. Is there an email server? Who's talking? Oh, there, okay. Is there any mail server that is validating the local part except checking if it's in its directory, especially for forwarding mail servers? Well, I mean, every mail server will validate and kind of let you know like they will send you a message back if the user doesn't exist. But, yeah, I don't know of one that you can run as a service kind of, if that's what you're asking. Anybody else? Do we have time? Time for more questions. I do have one. Why do so many people reject if there is a plus sign or whatever? I mean, everybody has faced that. Why do so many people do that? Is there another motivation behind such bullshittering? Well, it's clearly because they have not seen my presentation. But also, yeah, I mean, that's it. They think that they know better, but they don't because they've seen like 10 email addresses and they figure that it's fine because they're all looking the same. But, yeah, they should watch this. Anybody else? Oh, yeah. Oh, poor you. Yeah. My condolences, you shouldn't have had a four letter TLD. That's on you. Oh, sorry. Yes, the question was that this person has a four letter TLD and nobody accepts it, which is, yeah, if you have five letters, you're just done. You should get a Gmail one and be done with it. Next question. Are there security risks associated with allowing, with your simple rule? No, no, no. Actually, my rule is the most secure of all because you will actually send an email and the user will have to reply back and make sure that they receive the email before you can consider them valid. So it actually has no false positives and no false negatives. You were thinking of something, but you appear to be tricksy. You can get me later and we can discuss it. Are there denial of service implications? Yes, there are. And it's going to be kind of costly to send all these emails, but again, it's the cost of doing business. What are you going to do? Anybody else? Your question? Yes. Wait, wait. The volunteer is running. Do you have a link to post when I want to post issue about broken libraries that do it wrong? Yes, you can email me at any of these addresses that you saw, the ones that were valid, and I will personally reply to you and address the issue. There's another question there? Yes, yes. So the question was whether the email address can be valid if the domain is basically not accessible from the internet, you mean? Yes. Yes, that's fine. You can use your own internet servers and it will work fine. As long as the machine can resolve the address, you're good. So my rule again accepts this. So you can just check for the app sign, send the email, and we're fine. You see no exceptions. So hard to find a rule like this. So there seems to be a few additional rules like needs a local part. Would it just be a waste of time to check for those as well? So you use your simple rule if there's an ad it's good enough or are they somehow flexible as well? Actually, that's a good question. You can check for the invalid ones if you're sure they're invalid just to make sure that the address cannot ever be reached. But I think the most general way to do it is just check for the ad sign because you never know what kind of crazy new domains there will be and things like that. So just send the email and be done with it. Next question over there. Yes, behind the, yeah. What if the user is on the same host? Do you really need the ad sign then? Well, so I'm not sure, but you know, better included just in case because you never know when the host might move or whatever. Yeah, exactly, exactly. Why would you be checking without reason for the ad sign? I don't know. Some people just call in presentations and spread misinformation. Next person? Sorry, there's a few over there. So what if you just have a quoted ad sign and that's the only one? Then you don't deserve to be using the internet and computers. So yeah, you're fine. You deserve whatever you get. Next question. After the ad sign, no, because that's, well, hmm, that's interesting. I don't think so, but who knows what these new domains do with their internationalized stuff? Maybe it's not an actual quotation mark. Maybe it's like a Russian something sign and it's a valid unicode domain. So yeah, could be. Yes, this was, this was the old form that was two days ago. We changed it. Sorry. Yes, it was the question was whether it's, it's fine to have an explanation mark after the ad sign. So for the remote part. Next question. It can be the end. Come on, somebody. It looks like everybody is happy with one simple rule. Great. Check for a bloody ad sign. Thank you very much. Thank you for your talk. This is my, this is my invalid email address and this is my, my website. You can see stuff there. And if you want, I'll be around. Thank you.