ColdFusion 10.0  -  Bug 3231157

Created on Friday, July 6, 2012

Login for more options


isValid("email") is poorly implemented, in that it rejects a bunch of stuff that's legit


Problem Description:
isValid("email") is poorly implemented, in that it rejects a bunch of stuff that's legit.

Steps to Reproduce:
a = ["adam!", "", "adam$", "", "adam&", "adam'", "adam*", "", "", "adam/", "", "adam?", "adam^", "", "adam`", "adam{", "adam|", "adam}", ""];
for (s in a){
writeOutput("#s#: #isValid('email', s)#<br />");

Actual Result:
adam! NO NO
adam$ NO NO
adam& NO
adam' YES
adam* NO YES YES
adam/ NO NO
adam? NO
adam^ NO YES
adam` NO
adam{ NO
adam| NO
adam} NO YES

Expected Result:
ALL should be "YES" as they're all valid email addresses.

Any Workarounds:
Don't care: we shouldn't be working around it, it should work.

Test Configuration

App Language(s) English
OS Language(s) English
Platform(s) Windows 7

Notes (10)

  • Aaron Neff

    1:35:21 AM GMT+00:00 Feb 28, 2014

    Hi Adam,

    FWIW, I also confirmed that your example returns * "YES" in Splendor Public Beta.


  • Aaron Neff

    1:31:58 AM GMT+00:00 Feb 28, 2014

    Hi Tom,

    I just confirmed that Splendor Public Beta still returns "NO" for this:

    isValid("email", "")


  • Tom Chiverton

    7:23:51 AM GMT+00:00 Oct 9, 2013

    Echo Adam's congrats to Anuj. Did you try with IDN domains as well e.g. ?

  • Adam Cameron

    7:18:42 AM GMT+00:00 Oct 9, 2013

    VERY GOOD WORK, based on Anuj's comment below.



  • Anuj Nawani

    7:10:43 AM GMT+00:00 Oct 9, 2013

    Fixed: Here are some more email ID's tested with their result using isValid() :

    "()<>[]:,;@\\\"!#$%&'*+-/=?^_`{}| ~.a" YES
    " " YES
    admin@mailserver1: YES
    user@[IPv6:2001:db8:1ff::a0b:dbd0]: YES
    "very.(),:;<>[]\".VERY.\"very@\\ \"very\".unusual" YES
    "" YES YES NO NO
    a"b(c)d,e:f;gi[j\k] NO
    just"not" NO
    this is"not\ NO
    this\ still\"not\\ NO

  • James Moberg

    12:24:47 PM GMT+00:00 Aug 6, 2012

    I just realized that there is also a java version available. In addition to regex parsing, it can perform an optional DNS check to ensure that the domain is valid and/or connect via SMTP. (Maybe this type of verification will also cut down on spam from obviously fake domains.)

  • James Moberg

    12:13:14 PM GMT+00:00 Aug 6, 2012

    Here's a PHP script that validates email addresses & has a lot of sample email addresses are valid that fail when validated using isValid(). Any chance that these valid email address will work with ColdFusion & CFMail? (I haven't tested them.)

  • Aaron Neff

    10:29:16 AM GMT+00:00 Jul 6, 2012

    Copying over the votes from 83327:

    Vote From Adam Cameron on Thu Jun 10 2010

    +1. There's no point offering the functionality if it doesn't work. as soon as the email addresses get a bit "tricky". -- Adam

    Vote From Henry Ho on Sat Jun 12 2010

    Vote From Julian Halliwell on Mon Jun 20 2011

    IDN validation also fails with the CFMAIL tag to/from attributes More detail and a workaround using Java is available at:
    Vote From Aaron Neff on Sun Jun 13 2010

    +1, isValid should not return false for validly formatted email addresses

    Since Tom Chiverton took care of logging 83327, his vote is implied.

  • Aaron Neff

    10:26:56 AM GMT+00:00 Jul 6, 2012

    Related thread:

    Copying over the description from 83327:

    isValid email fails on twitter, IDN domainsA twitter email with the format of :""will fail due to the = sign in the email. adam! NO NO adam$ NO NO adam& NO adam’ YES adam* NO YES YES adam/ NO NO adam? NO adam^ NO YES adam` NO adam{ NO adam| NO adam} NO YESAll of those should be "YES"."Adam Bhjkasd" which is completely valid, but - somewhat predictably - it also failed.I tried an IDN domain name such astest@test.[stupid bug tracker wont letter me past the russian IDN here. It's like a p then an o with a vertical line through]and that comes back NO though obviously it should be fine.

  • Adam Cameron

    1:58:13 AM GMT+00:00 Jul 6, 2012

    BTW, this is to replace the initial bug that was logged on my behalf, which was 83327 (, which you didn't migrate to the new system.

Duplicate ID
Reported By Adam Cameron


State Closed
Status Fixed


Priority 1-Low
Frequency Some users will encounter
Failure Type Enhancement Request
Product Area Language


Found In Build 9.0.1
Fixed In Build 286391

Attachments (0)

No Files Attached

Votes (3)

  • Tom Chiverton

    7:42:40 AM GMT+00:00 Sep 3, 2012

    My vote from the prerelease appears to have been dropped. Not supporting IDN is fail. Not using the underlying Java code that actually works is fail. Not doing this for years is fail.

  • Dave DuPlantis

    10:32:43 AM GMT+00:00 Jul 18, 2012

    There's no point in having built-in email validation unless it's complex; we can already write a basic regex to do incomplete validation. The point of having named validation should be to provide the accurate and complete validation when we need it.

  • Aaron Neff

    10:21:21 AM GMT+00:00 Jul 6, 2012

    +1. Incorrect results shouldn't be supported. Isn't fair to request tickets to be raised, and then not migrate them to the new tracker. It was a public ticket, so it should've been migrated.

Your session has expired! Click to login
Current form data will be preserved