PHP filter_var and RFC 5322

Question

Is the PHP function filter_var('[email protected]', FILTER_VALIDATE_EMAIL) validating the email using the standard RFC 5322?

Answer 1

There's a comment in the implementation code of that filter:

void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
    /*
     * The regex below is based on a regex by Michael Rushton.
     * However, it is not identical.  I changed it to only consider routeable
     * addresses as valid.  Michael's regex considers a@b a valid address
     * which conflicts with section 2.3.5 of RFC 5321 which states that:
     *
     *   Only resolvable, fully-qualified domain names (FQDNs) are permitted
     *   when domain names are used in SMTP.  In other words, names that can
     *   be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
     *   in Section 5) are permitted, as are CNAME RRs whose targets can be
     *   resolved, in turn, to MX or address RRs.  Local nicknames or
     *   unqualified names MUST NOT be used.
     *
     * This regex does not handle comments and folding whitespace.  While
     * this is technically valid in an email address, these parts aren't
     * actually part of the address itself.
     *
     * Michael's regex carries this copyright:
     *
     * Copyright © Michael Rushton 2009-10
     * http://squiloople.com/
     * Feel free to use and redistribute this code. But please keep this copyright notice.
     *
     */

and the "original" source is most likely: http://squiloople.com/2009/12/20/email-address-validation/

/**
   * Validate an email address using RFC 5322
   *
...

So, you have a claim and someone who fixed an alleged error and ...
...beyond that I have no clue ;-)

Answer 2

As the author of the regular expression being used by filter_var I can confirm that it doesn't comprehensively use RFC 5322 (specifically, it doesn't allow for comments and folding white space).

The article VolkerK links to contains updated validation -- including a more accurate implementation of RFC 5322 as well as an implementation of RFC 5321 (in my opinion the more appropriate standard) -- but filter_var hasn't been updated to incorporate the improvements.