Email Validation Strategies

This document explains the email validation system in the hypervel/validation package, including built-in strategies, the custom FilterEmailValidation implementation, and how to create and combine multiple validation strategies.

For general information about validation rules, see Built-in Validation Rules. For information about creating custom rules, see Custom Validation Rules.

Purpose and Scope

The email validation system provides flexible, standards-compliant email address validation through multiple strategies. The system integrates the egulias/email-validator library with custom implementations to support various validation approaches ranging from basic format checking to strict RFC compliance, DNS verification, and spoofing detection.

Email Validation Architecture

The email validation system uses a strategy pattern where multiple validation strategies can be applied to a single email address. All strategies must pass for the email to be considered valid.

Sources:

• src/Concerns/ValidatesAttributes.php754-781

Validation Strategy Flow

The email validation process follows this sequence:

Sources:

• src/Concerns/ValidatesAttributes.php754-781

Built-in Validation Strategies

The email validation rule accepts multiple strategy parameters that determine which validations to apply. Each parameter maps to a specific validation implementation.

Strategy Mapping Table

Parameter	Strategy Class	Description	RFC Compliance
(none/default)	RFCValidation	Basic RFC 5322 validation	Standard
strict	NoRFCWarningsValidation	RFC 5322 without warnings	Strict
dns	DNSCheckValidation	Validates DNS MX/A records	Standard + DNS
spoof	SpoofCheckValidation	Detects spoofed characters	Security
filter	FilterEmailValidation	PHP filter_var validation	PHP Standard
filter_unicode	FilterEmailValidation::unicode()	PHP filter_var with unicode	PHP Unicode
Custom class	User-provided class	Custom validation logic	User-defined

Default Strategy (RFCValidation)

When no parameters are provided, the system uses RFCValidation from the egulias library, which validates emails according to RFC 5322.

Implementation: src/Concerns/ValidatesAttributes.php776

Strict Strategy (NoRFCWarningsValidation)

The strict parameter enables NoRFCWarningsValidation, which enforces RFC 5322 compliance without allowing any warnings. This rejects technically valid but uncommon email formats.

Examples of emails rejected by strict but allowed by default:

• Comments in email addresses
• Quoted strings in local part
• Deprecated syntaxes

Implementation: src/Concerns/ValidatesAttributes.php767

DNS Check Strategy (DNSCheckValidation)

The dns parameter validates that the domain has valid MX or A records, ensuring the domain can potentially receive email.

Note: DNS checks involve network requests and can increase validation time. Consider caching or background validation for production use.

Implementation: src/Concerns/ValidatesAttributes.php768

Spoof Check Strategy (SpoofCheckValidation)

The spoof parameter detects spoofed or visually similar characters that could be used for phishing attacks.

Examples of patterns detected:

• Mixed character sets (Latin + Cyrillic)
• Visually similar characters (0 vs O)
• Homograph attacks

Implementation: src/Concerns/ValidatesAttributes.php769

Filter Strategy (FilterEmailValidation)

The filter parameter uses PHP's built-in filter_var() function with FILTER_VALIDATE_EMAIL. This provides a lightweight, fast validation approach.

Characteristics:

• Fast performance (no external library)
• Less strict than RFC validation
• Does not allow unicode characters in local part

Implementation: src/Concerns/ValidatesAttributes.php770 src/Concerns/FilterEmailValidation.php34-39

Filter Unicode Strategy (FilterEmailValidation::unicode)

The filter_unicode parameter uses PHP's filter_var() with the FILTER_FLAG_EMAIL_UNICODE flag, allowing unicode characters in the local part of the email address.

Examples of allowed emails:

• 用户@example.com
• üser@example.com
• señor@example.com

Implementation: src/Concerns/ValidatesAttributes.php771 src/Concerns/FilterEmailValidation.php26-29

FilterEmailValidation Implementation

The FilterEmailValidation class is a custom implementation of the egulias/email-validator EmailValidation interface that wraps PHP's native filter_var() function.

Class Structure

Sources:

• src/Concerns/FilterEmailValidation.php1-59

Key Methods

Constructor

The constructor accepts optional flags to pass to filter_var():

src/Concerns/FilterEmailValidation.php18-21

Unicode Static Factory

Creates an instance configured for unicode validation:

src/Concerns/FilterEmailValidation.php26-29

Validation Logic

The core validation uses PHP's filter_var():

src/Concerns/FilterEmailValidation.php34-39

Error and Warning Methods

These methods satisfy the EmailValidation interface but return empty results since filter_var() doesn't provide detailed error information:

src/Concerns/FilterEmailValidation.php44-57

Custom Validation Strategies

You can use any custom class that implements the Egulias\EmailValidator\Validation\EmailValidation interface by passing the fully-qualified class name as a parameter.

Creating a Custom Strategy

Using Custom Strategies

Pass the fully-qualified class name as a parameter:

The validator will resolve the class from the DI container, allowing constructor dependency injection:

src/Concerns/ValidatesAttributes.php772

Combining Multiple Strategies

Multiple strategies can be combined by separating them with commas. All strategies must pass for validation to succeed.

Strategy Combination Logic

The MultipleValidationWithAnd class from egulias/email-validator combines all strategies with logical AND:

src/Concerns/ValidatesAttributes.php780

Strategy Order and Performance

Strategies are executed in the order they appear in the collection after mapping. For optimal performance, order strategies from fastest to slowest:

1. filter or filter_unicode (fastest - native PHP)
2. strict or default RFC (fast - regex-based)
3. spoof (moderate - character analysis)
4. dns (slowest - network request)

Integration with egulias/email-validator

The validation system depends on the egulias/email-validator library, which provides the core validation infrastructure.

Dependency Configuration

Sources:

• composer.json30
• composer.json33

EmailValidator Resolution

The EmailValidator instance is resolved from the application container:

src/Concerns/ValidatesAttributes.php778

This allows the validator to be configured or decorated through the dependency injection container.

Strategy Interface Compatibility

All strategies must implement the Egulias\EmailValidator\Validation\EmailValidation interface:

Method	Return Type	Description
isValid(string $email, EmailLexer $emailLexer)	bool	Performs validation
getError()	?InvalidEmail	Returns error details
getWarnings()	array	Returns warning list

Sources:

• src/Concerns/FilterEmailValidation.php11

Usage Examples

Basic Validation

Strict Production Validation

Security-Focused Validation

International Email Support

Performance-Optimized Validation

Comprehensive Validation

Performance Considerations

Strategy Performance Comparison

Strategy	Speed	Network I/O	RFC Compliance
filter	Fastest	No	Moderate
filter_unicode	Fastest	No	Moderate
Default (RFC)	Fast	No	High
strict	Fast	No	Very High
spoof	Moderate	No	N/A (Security)
dns	Slow	Yes	N/A (Availability)

Optimization Strategies

1. Order strategies by speed: Place fast strategies first to fail quickly on invalid emails
2. Avoid DNS checks for high-volume: DNS validation adds 100-1000ms per validation
3. Cache DNS results: Implement domain-level DNS result caching if using dns strategy
4. Use filter for performance: The filter strategy is 2-3x faster than RFC validation
5. Profile in production: Monitor validation times and adjust strategy combination

Sources:

• src/Concerns/ValidatesAttributes.php754-781
• src/Concerns/FilterEmailValidation.php1-59