Please don't take anything in this article seriously.
Gmail, Outlook, and Yahoo! Mail are popular options for creating incredible email addresses that will be compliant with most software and are allowed to bypass sophisticated spam filters as the following:
<?php
if (endsWith($sender, "gmail.com") ||
endsWith($sender, 'yahoo.com') ||
endsWith($sender, "yahoo.co.uk") ||
endsWith($sender, "hotmail.com") ||
endsWith($sender, "live.com") ||
endsWith($sender, "hotmail.com")) {
exec("echo \" $emailContent \" | mail -s Fwd $receiver");
} else {
// T0DO reports the error
}
I use Protonmail with a custom domain, so I've become accustomed to having my email not be accepted by most websites. Even regular Protonmail addresses ending with protonmail.ch
instead of protonmail.com
are regularly blocked by websites because whitelist code the developer copied from StackOverflow was not up to date. Therefore, I was not at all surprised to see the following error when trying to sign in to Sephora:
The key here is that I was signing in, not signing up for an account. In fact, I have been signing into the mobile app just fine. Additionally, the “Continue” button did not trigger any requests, leading me to think that the restriction is indeed only on the frontend.
With a little digging, I was able to source their email validation function. It appears that they are using a modified version of the RFC-5322 specification.
/**
* Note that our test for validity is much stricter than RFC-5322's definition
* @param el
* @returns {boolean}
*/
function isValidEmailAddress (login) {
var pattern = /^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i;
return pattern.test(login);
},
Well there's your problem! The regex restricts the email top-level-domain to 2 to 4 characters only, which is why my email at dafne.rocks
did not work! This simple patch should surely fix it now:
function isValidEmailAddress (login) {
- var pattern = /^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i;
+ var pattern = /^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,5})$/i;
return pattern.test(login);
},
This new specification is available as Dafne Kiyui's modification to Sephora's RFC-5322 specification modification.