I'm unsure why the the Appveyor tests are failing. It doesn't seem to be related to the code changes.

I've just changed this to support the cases.

• example@example..com
• example@example.co..uk
• example@example..co.uk
• example@example..co..uk

I've pulled up a list of email addresses that my company has added to a custom email checker, which are not all caught by the non-strict Symfony checker. Not saying they must be added, but it would be nice to have even more checks, making the checker more complete.

array('a@a'),
array('a@a.'),
array('a@.nl'),
array('@a.nl'),
array('.email@with.a.domain'),
array('email.@with.a.domain'),
array('.email.@with.a.domain'),
array('em..ail@with.a.domain'),
array('a@a.nl;a@a.nl'),
array('a@'),
array('a@.'),
array(' a@a.nl'),
array('a@ '),
array(' a@a.nl '),
array(' a @a .nl '),
array('a@-invalid.hostname'),
array('email@with.averylongextensionbehindthedomain'),
array('email-with-dashes@a.a'),

I don't know if we can agree on adding this rule as bug fix: on one side, I really think rejecting such emails should have been the case. On the other side, this is a BC break that may make apps display new errors to end users, or break some cron job, isn't?

I would strongly suggest to move to HTML5 validation by default in Symfony 4.0:

/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/

(we should just change the last * by a + to enforce a least one dot in the domain part.)

We need to find a way to make this move and get rid of the current very loose validation in 4.0.
What about throwing, in 3.4, a deprecation notice when an email doesn't pass the HTML5 validation?
That HTML5 regexp wouldn't be enforced and we would still use the current one, but then, in 4.0, we could enforce it and devs would have a way to get some notices about the issue.
Yes that wouldn't fix broken emails, but they are broken anyway, so I think we can do it in a new major version.

WDYT @symfony/deciders?

@PurpleBooth would you be up to work on this in the next days/weeks?

Sounds like a good idea, I like it!

Sure, I'm totally open to doing that.

Just to be clear:

1. v4 - Use HTML5 Email Regex
2. v3.4 - Raise depreciation notice when HTML5 Pattern isn't met?

@PurpleBooth correct

Triggering a deprecation based on the input does not sound like a good idea to me. That's too fragile and likely to not be detected during development. What about instead introducing a mode option that could be something like html5 or rfc(in fact, we could allow several RFC types to support the different validation schemes supported by EmailValidator 2)? This option could default to a special loose value in 3.4 to use the old simple regex.

@xabbuh that's where we stopped at in previous discussions, by consideration for broken emails. That's why I'm proposing this simple plan. Yes, it's a pushy change. But I think it will just work and we could move forward faster and make apps better by default, instead of having to play with the deprecation policy to 1. add an option, 2. for setting it, 3. deprecate it, 4. remove it, etc.
Do you really think we should follow this path? I'm not sure. But if we want, we need to actually do it this time.
I still prefer the plan I proposed :)

@nicolas-grekas Well, deprecation based on user input is what looks flaky to me. I am afraid that this calls for bug reports in the future. And IIRC we already had some feature requests in the past to support more validation rules besides NoRFCWarningsValidation. So that would be the opportunity to make that happen as well.

@xabbuh would you be up to make that happen very soon (because feat freeze?)

Or @PurpleBooth of course?

I can try to come up with something tonight. But I can't promise anything. So if someone can create a PR before, that would be nice.

Would the mode option imply the need for EmailValidator, or would that always be required now?

I've put together what I understand as the "mode" option. It needs work, but for discussion purposes #24442

I've changed this to deprecate the loose pattern and raise a E_DEPRECATED as discussed. I don't really think this is a good solution as it doesn't offer people a intermediary fix path as has already been mentioned.

I much prefer the mode solution in #24442

Closing in favor of #24442 then. Thanks for raising the point.