Summary
format: email validation currently appears to reject email addresses whose domain has a syntactically valid top-level label but is not in the validator's recognized/IANA TLD list.
That seems stricter than the OpenAPI email format definition, which says that email is an email address as defined by the RFC 5321 Mailbox rule.
Example
Schema:
type: object
properties:
email:
type: string
format: email
required:
- email
Request body:
{
"email": "alice@example.notarealtld"
}
Actual result: validation fails.
Expected result: this should pass format: email syntax validation, because the domain part is syntactically valid under RFC 5321:
Mailbox = Local-part "@" ( Domain / address-literal )
Domain = sub-domain *("." sub-domain)
RFC 5321 does not require the final label to be present in the IANA root zone or in an implementation-maintained TLD list for the address to match the Mailbox grammar.
Relevant code path
This seems to come from the Java validation stack rather than from OpenAPI itself:
-
openapi-request-validator-core/pom.xml depends on com.networknt:json-schema-validator.
-
NetworkNT’s com.networknt.schema.format.EmailFormat constructs:
new IPv6AwareEmailValidator(true, true)
-
IPv6AwareEmailValidator extends Apache Commons Validator’s EmailValidator.
-
Apache Commons EmailValidator.isValidDomain(...) delegates to DomainValidator.
-
DomainValidator.isValid(...) checks that the domain has a recognized top-level domain via isValidTld(...).
-
DomainValidator documents this as validation of TLDs “as defined and maintained by the Internet Assigned Numbers Authority (IANA).”
Why this matters
This makes format: email unsuitable for some valid API inputs, including internal/test/private domains (with local DNS resolution).
Suggested fix
Please consider to configure the underlying email validator so format: email checks RFC 5321 Mailbox syntax without requiring a recognized/IANA TLD.
Thanks!
Summary
format: emailvalidation currently appears to reject email addresses whose domain has a syntactically valid top-level label but is not in the validator's recognized/IANA TLD list.That seems stricter than the OpenAPI
emailformat definition, which says thatemailis an email address as defined by the RFC 5321Mailboxrule.Example
Schema:
Request body:
{ "email": "alice@example.notarealtld" }Actual result: validation fails.
Expected result: this should pass
format: emailsyntax validation, because the domain part is syntactically valid under RFC 5321:RFC 5321 does not require the final label to be present in the IANA root zone or in an implementation-maintained TLD list for the address to match the
Mailboxgrammar.Relevant code path
This seems to come from the Java validation stack rather than from OpenAPI itself:
openapi-request-validator-core/pom.xmldepends oncom.networknt:json-schema-validator.NetworkNT’s
com.networknt.schema.format.EmailFormatconstructs:IPv6AwareEmailValidatorextends Apache Commons Validator’sEmailValidator.Apache Commons
EmailValidator.isValidDomain(...)delegates toDomainValidator.DomainValidator.isValid(...)checks that the domain has a recognized top-level domain viaisValidTld(...).DomainValidatordocuments this as validation of TLDs “as defined and maintained by the Internet Assigned Numbers Authority (IANA).”Why this matters
This makes
format: emailunsuitable for some valid API inputs, including internal/test/private domains (with local DNS resolution).Suggested fix
Please consider to configure the underlying email validator so
format: emailchecks RFC 5321Mailboxsyntax without requiring a recognized/IANA TLD.Thanks!