Erica Member
September 11, 2014

How does Shopify validate email addresses? This post is outdated

I have a registration form on my main website that is linked to shopify, so that when a user registers for a paid membership, they pay for it through shopify. In testing I discovered that I can enter a fake email address that is accepted on my site, but then returns an "Invalid Email" error on shopify. 

This is my email validation code: 

    validateEmail: function (sEmail) {
            var filter = /^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/;
            if (filter.test(sEmail)) {
                return true;
            else {
                return false;

My code accepts anything in the format of {xxx}@{xxx}.{xxxx}

For example, it accepts Fake@fake.fake, but shopify does not. 

I'd like to know specifically what Shopify accepts so that I can tailor my validation code to match the shopify validation. 

Massaad Shopify Employee www.alexthegreat.ca
September 12, 2014

Hello Erica,

Shopify validates emails in two ways, first with valid form, so an @ symbol and a domain at the end basically. Next we validate that the domain has a valid MX record.

This last step doesn't verify that the email is valid, but verifies that the domain has a valid mail sever configured - it may not be working or set up or course.

Hope this helps you set your validation code to match ours

Alex Massaad support@shopify.com
Jason Shopify Expert freakdesign.com.au
December 01, 2014

What's wrong with the dollar symbol? It might be weird looking and many hosts won't let you use them, but they're not invalid. If you check the spec for RFC 6531 you'll see it supports a whole bunch of characters for the local-part. In theory you could include any of the below:

! # $ % & ' * + - / = ? ^ _ ` { | } ~

This has some base info:

★ Winning Partner of the Build a Business competition. ★ http://freakdesign.com.au
Massaad Shopify Employee www.alexthegreat.ca
December 02, 2014

Jason gets 100 forum points! The points don't matter but the answer is spot on.

We do the only validation we are in a position to know about. Some servers accept the special characters and handle that based on their own rules. There isn't a way for us to know if Test@example.com or test+tag@example.com are valid users or the same account (on Google for example they would both go to test@example.com)

We do know if the domain has email servers set up.  Without an MX record there would be a certain failure, so this is the one main area we are checking for email.

Alex Massaad support@shopify.com