Skip to content

format: email rejects RFC 5321 Mailbox values when the TLD is not recognized #28

Description

@TheXplore

Summary

format: email validation currently appears to reject email addresses whose domain has a syntactically valid top-level label but is not in the validator's recognized/IANA TLD list.

That seems stricter than the OpenAPI email format definition, which says that email is an email address as defined by the RFC 5321 Mailbox rule.

Example

Schema:

type: object
properties:
  email:
    type: string
    format: email
required:
  - email

Request body:

{
  "email": "alice@example.notarealtld"
}

Actual result: validation fails.

Expected result: this should pass format: email syntax validation, because the domain part is syntactically valid under RFC 5321:

Mailbox = Local-part "@" ( Domain / address-literal )
Domain  = sub-domain *("." sub-domain)

RFC 5321 does not require the final label to be present in the IANA root zone or in an implementation-maintained TLD list for the address to match the Mailbox grammar.

Relevant code path

This seems to come from the Java validation stack rather than from OpenAPI itself:

  • openapi-request-validator-core/pom.xml depends on com.networknt:json-schema-validator.

  • NetworkNT’s com.networknt.schema.format.EmailFormat constructs:

    new IPv6AwareEmailValidator(true, true)
  • IPv6AwareEmailValidator extends Apache Commons Validator’s EmailValidator.

  • Apache Commons EmailValidator.isValidDomain(...) delegates to DomainValidator.

  • DomainValidator.isValid(...) checks that the domain has a recognized top-level domain via isValidTld(...).

  • DomainValidator documents this as validation of TLDs “as defined and maintained by the Internet Assigned Numbers Authority (IANA).”

Why this matters

This makes format: email unsuitable for some valid API inputs, including internal/test/private domains (with local DNS resolution).

Suggested fix

Please consider to configure the underlying email validator so format: email checks RFC 5321 Mailbox syntax without requiring a recognized/IANA TLD.

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions