#What is the best practice for email validation?

so i created a project that only focuses on security side like authentication and authorization only, the issue is i still do not know which approach to take for email validations, i looked up some resources including the doc, and found out django has a built-in validate_email instance from django.core.validators but i think it only checks for the email format, i also looked up something called DNS and MX records checks, which i think it looks for email accuracy through some libraries which also can be slow and more error causing , i don't know which one to take or should i just combine both for accuracy and syntax checking in addition of sending a confirm verification emails ?

Imho, the only sensible way to do email verification is 1. do some light/basic client-side checks to protect the users form obvious typos, 2. send an account activation link to the email address. It is the only actually way of checking if an email is valid, correct & actually working.

so like provide rules the email must follow to form a correct one (like containing @ symbol...etc), then send an activation link to the address ? i think this can be only by only using the validate_email instance provided by the django without further complexity ? thanks in advance

It will do step 1. yes, but not step 2.

appreciate your help, thanks

In my humble opinion(imho), Django's validate_email method should be renamed looks_like_an_email_address (since it does not really "validate" (for some definitions of "validate"))

i searched for the method and didn't find a result, but i think you meant define this method that contains the syntax checking logic, right? also may i ask what 'lmho' stands for ? lol

"In My Humble Opinion"

Rephrased the answer to be more clear

thanks for clarificatins , also yea i just noticed the edit, so it must be renamed like this ? or it can be any name just for referencing the validate_email behavior ? (which is validating the email syntax, not the email itself), also i made something like this:

class RegisterForm(UserCreationForm):
    email = forms.EmailField(required=True)

    class Meta:
        model = CustomUser
        fields = ['email', 'username', 'password1', 'password2']

    def looks_like_an_email(self, email):
        try:
            validate_email(email)
            return True
        except ValidationError:
            return False

    def clean_email(self):
        email = self.cleaned_data.get('email')

        # Check if email is already registered
        if CustomUser.objects.filter(email=email).exists():
            raise ValidationError("This email is already registered.")
        
        # Check if it looks like an email
        if not self.looks_like_an_email(email):
            raise ValidationError("This email is invalid.")

        return email

validate_email_syntax would be a better name for the official Django function, yes 🙂 And no, these are just my thoughts on that i think the official Django method is badly named, not suggestions for what you should call your methods.

Are you sure that the subclassed user model will not both verify email syntax and uniqueness for you already? Then you should just have to set the default is_active for the user to False, and trigger the logic that sends a validation email, preferably from a background worker.

This finished app appears to do much of the work for you? https://github.com/LeoneBacciu/django-email-verification