21

In theory emails are case sensitive. But using emails as system login I want them to be all lower case (i.e. john@smith.com and John@smith.com cannot be different users).

Can this be a problem for some users who use case sensitivity in their email address? Does somebody use it out there?

Edit: Because there are many "preserve case on save, ignore on login" answers: This system would break if I really had two different users john@smith and John@smith, wouldn't it?

Example: john@smith and John@smith have the password 123. How do I know which one just authenticated?

Jakob Stoeck
  • 624
  • 4
  • 12
  • 3
    I bet that *someone* uses it. But it's their problem – SilentGhost Oct 01 '09 at 11:30
  • 1
    @SilentGhost: Can't say I agree with you - it's our problem as developers, and a pretty simple one at that ;) – D'Arcy Rittich Oct 01 '09 at 14:12
  • Regarding the "john" example you mention and considering the answers, you should probably check during the registration of new accounts for the email using a case-insensitive comparison, and in case of matches you should not allow the new account – Zignd Sep 18 '20 at 18:47

8 Answers8

20

Don't throw away data. Store the email address or username exactly as you received it, with the exception of trimming both ends of the string.

When sending email, use the case that was supplied by the user. Just because case-sensitivity is rare is no reason to not handle it - otherwise that user gets no mail, and can possibly not even register.

When authenticating a user, you can optionally do a compare on lower case (or upper case) strings, so that the case is disregarded.

So, by preserving the user input data you have suddenly given yourself options: whether to do case-sensitive compares on authentication, and whether to use case-sensitive email addresses when sending mail. Even if you don't choose to avail yourself of them now, the purpose of preserving data is to allow you (or some other developer) to have those choices down the road.

D'Arcy Rittich
  • 167,292
  • 40
  • 290
  • 283
15

According to RFC 2821:

The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. Mailbox domains are not case sensitive. In particular, for some hosts the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged.

So, while you can treat emails addresses with case sensitivity, you are discouraged from doing so.

abraham
  • 46,583
  • 10
  • 100
  • 152
Pete OHanlon
  • 9,086
  • 2
  • 29
  • 28
  • I read that paragraph (linked to it in my question) but is this a yes or no? How applicable is this in real-world systems? – Jakob Stoeck Oct 01 '09 at 16:17
  • 1
    It's a yes, for most values of "safe". You will not likely encounter a problem and if you do, the work-around (using a different address) is easier than user-experience problems you'll cause by enforcing case. – Troy J. Farrell Oct 13 '09 at 16:00
9

I'd store and display the address the way the user entered it, not only because the RFP says you have to respect case, but because if the user has a preference, we should respect that preference. It's their email address. I'm not a fan of systems reformatting the personal details I provide to them. For example, you'd be surprised how many systems insist on calling me Tj — which is clearly wrong — rather than T.J. (kudos to SO for getting it right).

So if John Smith signs up as John.Smith@example.com, then that's how John Smith wants to see his email address (if he has a preference). I wouldn't let someone else sign up with john.smith@example.com, because the odds are overwhelming that it's the same as the other account's address, but I wouldn't muck about with the user's formatting of their address or other details. At most I might prompt them if they give me a lot of ALL CAPS SHOUTING, asking if they wouldn't prefer something more...gentle.

T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
6

Some systems are case sensitive.

I'd suggest it be preserved but ignored a la windows filesystems.

i.e. remember john signed up with John@smith.com but let him log in as JOHN@smith.com, john@smith.com or JohN@smith.com.

It's unlikely to cause conflicts and if anyone has a case-sensitive email I'm sure they'll be aware of it.

wefwfwefwe
  • 3,382
  • 1
  • 21
  • 24
  • 1
    Please see my edit. I think this would only work if I preserved cases but forbid any new registrations with the same letters but different cases, which contradicts the whole case sensitivity thing, no? – Jakob Stoeck Oct 01 '09 at 16:20
  • That's exactly what i'm suggesting – wefwfwefwe Oct 02 '09 at 07:13
  • I'm aware this thread's a bit old but I had an idea which may help some. You could always store both a preserved record and a lower-cased record. Use the lower-cased record for your checks, and the preserved record for your emails. – diggersworld Jun 09 '14 at 10:41
0

Yes, that is a problem. I just made a little test on Linux (running exim) and only the mail with correct case reached the mailbox...

I think that most commercial mail providers normalize all email addresses but in general you have to use the correct case!

Johannes Weiss
  • 52,533
  • 16
  • 102
  • 136
0

This link says that "hardly any email service or ISP does enforce case sensitive email addresses".

Wander Nauta
  • 18,832
  • 1
  • 45
  • 62
0

I don't know of any implementation that distincts between email-addresses having the same letters but in different case.

I've never heard of a message not being transmitted correctly only because the cases were wrong.

Atmocreations
  • 9,923
  • 15
  • 67
  • 102
0

If you're using it as a system login, no need. Usually (when talking about logins), admin and Admin are one and the same person ... so is JohnDoe and johndoe ... also , the number of people who use email providers that allow for case sensitivity is way, way too low.

aviraldg
  • 9,531
  • 6
  • 41
  • 56