How much validation when using Mail::Sendmail?

I've been using an NMS form_mail script for a while but would like to use
the simpler Mail::Sendmail module and wrap my own custom HTML. The NMS
script uses very detailed checks for characters and URLs etc. How much of
this validation is needed when using Mail::Sendmail. None of the
documentation mentions how much is taken care of by the module. What exactly
do I need to validate besides a valid email regex?

Zaphod

Re: How much validation when using Mail::Sendmail?

zaphod wrote:
> I've been using an NMS form_mail script for a while but would like to
> use the simpler Mail::Sendmail module and wrap my own custom HTML. The
> NMS script uses very detailed checks for characters and URLs etc. How
> much of this validation is needed when using Mail::Sendmail. None of the
> documentation mentions how much is taken care of by the module. What
> exactly do I need to validate besides a valid email regex?

No validation is _needed_, I suppose, and as long as we are just talking
about name, subject and the actual message, there is not much to
validate IMO. However, validating the length of the total message is
advisable.

As regards "a valid email regex", how do you define "valid", and what
kind of regex do you think will take care of that?

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl

Re: How much validation when using Mail::Sendmail?

Gunnar Hjalmarsson wrote:
> zaphod wrote:
>> I've been using an NMS form_mail script for a while but would like to
>> use the simpler Mail::Sendmail module and wrap my own custom HTML. The
>> NMS script uses very detailed checks for characters and URLs etc. How
>> much of this validation is needed when using Mail::Sendmail. None of
>> the documentation mentions how much is taken care of by the module.
>> What exactly do I need to validate besides a valid email regex?
>
> No validation is _needed_, I suppose, and as long as we are just talking
> about name, subject and the actual message, there is not much to
> validate IMO. However, validating the length of the total message is
> advisable.
>
> As regards "a valid email regex", how do you define "valid", and what
> kind of regex do you think will take care of that?
>

Well, I appreciate the only truly valid email address is one that conforms
strictly to the relevant RFC but Mail::Sendmail comes with its own regex
which is supposed to be reliable for most real-world cases.

Zaphod

Re: How much validation when using Mail::Sendmail?

zaphod wrote:
> Gunnar Hjalmarsson wrote:
>> As regards "a valid email regex", how do you define "valid", and what
>> kind of regex do you think will take care of that?
>
> Well, I appreciate the only truly valid email address is one that
> conforms strictly to the relevant RFC but Mail::Sendmail comes with its
> own regex which is supposed to be reliable for most real-world cases.

Most isn't good enough, is it? Why annoy users with perfectly fine
addresses?

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl

Re: How much validation when using Mail::Sendmail?

At 2007-11-27 06:02PM, "zaphod" wrote:
> Well, I appreciate the only truly valid email address is one that conforms
> strictly to the relevant RFC but Mail::Sendmail comes with its own regex
> which is supposed to be reliable for most real-world cases.


The following subroutine generates a regular expression to validate an
RFC822 email address (taken from Friedl's Mastering Regular Expressions)

sub getRFC822AddressSpec
{
my ($esc, $space, $tab, $period) = ('\\\\', '\040', '\t', '\.');
my ($lBr, $rBr, $lPa, $rPa) = ('\[', '\]', '\(', '\)');
my ($nonAscii, $ctrl, $CRlist) = ('\200-\377', '\000-\037', '\n\015');

my $qtext = qq{ [^$esc$nonAscii$CRlist] }; # within "..."
my $dtext = qq{ [^$esc$nonAscii$CRlist$lBr$rBr] }; # within [...]
my $ctext = qq{ [^$esc$nonAscii$CRlist()] }; # within (...)
my $quoted_pair = qq{ $esc [^$nonAscii] }; # an escaped char
my $atom_char = qq{ [^()$space<>\@,;:".$esc$lBr$rBr$ctrl$nonAscii] };
my $atom = qq{ $atom_char+ # some atom chars
(?!$atom_char) # NOT followed by part of an atom
};
# rfc822 comments are (enclosed (in parentheses) like this)
my $cNested = qq{ $lPa (?: $ctext | $quoted_pair )* $rPa };
my $comment = qq{ $lPa (?: $ctext | $quoted_pair | $cNested )* $rPa };

# whitespace and comments may be scattered liberally
my $X = qq{ (?: [$space$tab] | $comment )* };

my $quoted_str = qq{ " (?: $qtext | $quoted_pair )* " };
my $word = qq{ (?: $atom | $quoted_str ) };
my $domain_ref = $atom;
my $domain_lit = qq{ $lBr (?: $dtext | $quoted_pair )* $rBr };
my $sub_domain = qq{ (?: $domain_ref | $domain_lit ) };
my $domain = qq{ $sub_domain (?: $X $period $X $sub_domain )* };
my $local_part = qq{ $word (?: $X $period $X $word )* };
my $addr_spec = qq{ $local_part $X \@ $X $domain };

# return a regular expression object
return qr{$addr_spec}ox;
}

my $spec = getRFC822AddressSpec();
if ($an_email_address =~ /$spec/) {print "ok: $an_email_address\n"}


--
Glenn Jackman
"You can only be young once. But you can always be immature." -- Dave Barry