As all experienced developers know, it is essential to test and validate the information users can enter into a web form. This is even more important when it comes to email addresses, as when someone asks for information, you have to make sure that their email address is correct so they can receive the answer to their requests.
Unfortunately, correctly verifying an email address is not an easy task.
PHP natively provides a series of functions for validating and filtering, most notably the filter_var() function, which can validate email address format.
The filter_var() function accepts 3 parameters:
To use filter_var() to perform email format validation, the second parameter must be set to FILTER_VALIDATE_EMAIL. If you know that the email address to validate contains Unicode characters, you must also specify the FILTER_FLAG_EMAIL_UNICODE option as the third parameter. Here are two examples:
However, a look at the source code of the filter_var() function on GitHub makes it immediately clear that checking the email address format will not work in all cases. Here is the developer's comment:
This regex does not handle comments and folding whitespace.
Indeed, even if rare, whitespaces are allowed in an email address as long as they are enquoted, and the function could, in this case, like other similar cases, provide a false negative (indicating that the email address is not valid, while it is).
However, validating the address format is not enough. For a form data validation script to be effective, it must check if the email address actually exists.
For example, the email address john.doe@donteventrytofindthis.server, or even simpler john.doe@mgail.com, although having a valid format, would not exist. A validation solely based on the filter_var() function would not detect the error.
To implement such a verification script, it would be necessary to write complex logic to test the domain name's existence, then query its records to determine if the MX fields are correctly filled in, and finally test if the SMTP server responds correctly. As one can easily imagine, this is a heavy task.
When it is too difficult to develop an effective solution, one must turn to the services available on the Internet.
Abstract provides a free API that allows verification of email addresses, validating their format, and checking if the domain name is routable (in other words: it checks if the server exists). The API also indicates whether the email address is from a disposable email service that does not need identification to be used.
To use the Abstract API, create an account and get your private API key. Then using the API is as simple as a call via curl, like this: