Not a bug Invalid emails should be bounced instead of throwing errors

K a M a L

Well-known member
Affected version
2.2.10
I found this on error log
  • Swift_RfcComplianceException: Email to [unknown] failed setup: Address in mailbox given [xwz.a.b.cc.q2.@gmail.com] does not comply with RFC 2822, 3.6.2.
  • src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Mime/Headers/MailboxHeader.php:355
I think invalid email addresses should be bounced instead of throwing errors.
 
I found this on error log
  • Swift_RfcComplianceException: Email to [unknown] failed setup: Address in mailbox given [xwz.a.b.cc.q2.@gmail.com] does not comply with RFC 2822, 3.6.2.
  • src/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Mime/Headers/MailboxHeader.php:355
I think invalid email addresses should be bounced instead of throwing errors.

That's not within Xenforo's control. The receiving server determines the status code it responds with, not Xenforo.
 
That's not within Xenforo's control. The receiving server determines the status code it responds with, not Xenforo.
This is email validation by xenforo before email sending .. and even if it was from the receiving server, xenforo can still catch the exception and bounce the email instead of throwing error
 
I think invalid email addresses should be bounced instead of throwing errors.

From a mail sending reputation and deliverability perspective, this is probably a bad idea.

Imagine if someone creates a bot to register a bunch of user accounts on your site with invalid email addresses (but valid domains), then it's going to look like you are spamming that email domain and you'll probably get blocked.

Stopping invalid emails before they are sent is the correct approach.
 
From a mail sending reputation and deliverability perspective, this is probably a bad idea.

Imagine if someone creates a bot to register a bunch of user accounts on your site with invalid email addresses (but valid domains), then it's going to look like you are spamming that email domain and you'll probably get blocked.

Stopping invalid emails before they are sent is the correct approach.
I think you got my suggestion wrong or probably I misexplained it .. I suggest bouncing user accounts with invalid emails ( changing user state from valid to "email bounce" ) .. this will prevent sending more emails to the malformed address and force user to change it.
 
I think you got my suggestion wrong or probably I misexplained it .. I suggest bouncing user accounts with invalid emails ( changing user state from valid to "email bounce" ) .. this will prevent sending more emails to the malformed address and force user to change it.
That's different than your initial post... and IS not a bad suggestion. If XF can detect that it's out of RFC compliance, then it should change the user account to an email bounced status to prevent any further attempts of sending (if not just to preserve system resources).
So, maybe make this as a suggestion since it is not in reality a bug?
 
Probably I misworded my suggestion but "bouncing emails" within xenforo when regex validation fails can't mean something else because xenforo is not the receiving mail server
XF is not "bouncing" them, but simply rejecting them apparently because the email format is not RFC compliant... which is a good thing... in addition to rejecting (even with an error) they could have it coded to change those users that email triggers that to a bounced email status, stopping all delivery attempts.
 
XF is not "bouncing" them, but simply rejecting them apparently because the email format is not RFC compliant... which is a good thing... in addition to rejecting (even with an error) they could have it coded to change those users that email triggers that to a bounced email status, stopping all delivery attempts.
Yes, if user's email format is invalid .. xenforo should change user_state to email_bounce to prevent any further email sending attempts to this user account + Xenforo shouldn't allow using RFC incompliant emails when registering and editing account details
 
Xenforo shouldn't allow using RFC incompliant emails when registering and editing account details
We don't.

So the question changes to, how did you end up with non-conforming emails? It's theoretically possible the user was created in another software and imported across, in a pre-XF2 version where maybe the validation was lacking, or in a more recent version but changes were made to the RFC validator in the library that we use.

Either way, while potentially a reasonable suggestion, there's not likely really a bug here. Once you become aware of an issue via the server error log it is somewhat trivial to rectify the issue. You can set it to bounce status yourself or remove their email address entirely (email addresses can be set to empty when saved by an admin). Or make contact with the user and ask them to update their email address.
 
Top Bottom