Seemingly valid email address marked invalid

[KarlBishop]

An end-user on our site complained that their legitimate email address was rejected as invalid.

They are using a custom domain with a ".org.uk" TLD.

The domain is currently registered by Key-Systems GmbH and does not expire until some time in 2023. However, I did notice when checking the domain on whois.com that it says:

 Data validation:
        Nominet was not able to match the registrant's name and/or address against a 3rd party source on 18-May-2020

Would that be reason enough to mark their email address as invalid?

[KarlBishop]

If you need more info, could I tell you the domain via email? (I'd prefer not to post it publicly)

[afair]

"Rejected as invalid" ... Is there a specific error it returns?

If it feels like a DNS issue, it could be either on your end or a bad domain configuration.
Does the following command return a MX server to send mail to?

dig -t MX xxxx.org.uk

I see no issue validating this (fictitious) address: [email protected]
You can email the domain to the address on my profile page.

[KarlBishop]

"Rejected as invalid" ... Is there a specific error it returns?

Ahh, yes: when I run EmailAddress.error I get "This domain is not configured to accept email".

Does the following command return a MX server to send mail to?

I think so. Output is as follows:

; <<>> DiG 9.16.1-Ubuntu <<>> -t MX xxxx.org.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27939
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xxxx.org.uk.                   IN      MX

;; AUTHORITY SECTION:
xxxx.org.uk.            3600    IN      SOA     ns1.loopia.se. registry.loopia.se. 1658966400 10800 3600 604800 86400

;; Query time: 48 msec
;; SERVER: 10.1.0.2#53(10.1.0.2)
;; WHEN: Tue Aug 02 23:06:16 UTC 2022
;; MSG SIZE  rcvd: 98

You can email the domain to the address on my profile page.

Cool, thanks - I sent you an email.

It's weird because the person managed to email us from that domain, so presumably they can receive emails there too. Is it possible for a domain to appear as if it's not configured to accept email when it actually can?

[afair]

I'm sorry, the output of dig is hard to interpret. That is a "not found", you would want to see a line like:

;; ANSWER SECTION:
github.com.		1515	IN	MX	1 aspmx.l.google.com.

If you have the host command, the response is easier to see:

$ host xxxx.org.mx
xxxx.org.uk has address 80.74.xxx.xxx
xxxx.org.uk has IPv6 address 2a00:1128:1:1::xxx:xxx
$ host -t MX xxxx.org.uk
xxxx.org.uk has no MX record

The domain in question does have an A (IPv4) and AAAA (IPv6) but no MX record. There should really be an MX record. Fortunately, most email systems will fallback to an A record. I confirmed that the A record address is listening on port 25 to receive mail.

$ telnet xxxx.org.uk 25
Trying 80.74.xxx.xxx...
Connected to xxxx.org.uk.
Escape character is '^]'.
220 jovinus.ch-meta.net ESMTP Postfix

In this case, you can use the host_validation: :a setting to accept any domain that has an A or AAAA record.

EmailAddress.error("[email protected]") #=> "This domain is not configured to accept email"
EmailAddress.valid?("[email protected]" , host_validation: :a) #=> true

The tradeoff is how lax you want the validation.

[KarlBishop]

This is fantastic - thank you for all of this information and for responding so quickly!

I feel like I understand the issue now. I'll continue validating against MX records unless we see many other cases of this happening. At that point I'll consider switching to accepting A or AAAA records. And in the meantime I've added the individual user's domain to a whitelist to let them bypass the check.