Blacklisted email addresses validation is badong.

Blacklisted email addresses validation is badong.

Due to the number of spam email that get through to users spam folders I decided to use the 'Control Panel' / 'Mail Administration' / 'Org Settings' / 'Anti-Spam' / 'Blacklisted Email' facility (available to the domain administrator).

I created a list of troublesome email addresses and then tried to upload them all in to the textarea blkContLst and my trouble started.

1) the messages telling you what the errors are not always helpful, which kind of negates the point of a failure message
2) the textarea is extremely constrained as to the number of addresses it will take in one go (I have a list of 50,000 addresses). [Would not a simple structured file upload be better?]
3) the validation of what 'it' (you) considers to be a valid email format does not allow me to blacklist all email addresses used by spammers in my culled list.  My research convinces me that it (you) is at fault.

I investigated this carefully and found that the system is not following the formatting of email guidelines in RFC6531 and RFC6532 .  The result is that addresses such as the below ( culled from here ):

"much.more unusual"@example.com,
" very.unusual.@.unusual.com"@example.com,
"very.(),:;<>[]\".VERY.\"very@\\ \"very\".unusual"@strange.example.com,
#!$%&'*+-/=?^_`{}|~@example.org,
"()<>[]:,;@\\\"!#$%&'*+-/=?^_`{}| ~.a"@example.org,
" "@example.org,
üñîçøðé@example.com,
üñîçøðé@üñîçøðé.com

can not be entered.  Spammers then have a simple job with Zoho users of creating addresses they are unable to block.  The most common example I have is where an address begins with a character outside of a>Z 0-9  I.e. it contains a valid "local-part" character  (of the email address) such as the + symbol.  The only such symbol that may not be the first character is '.' (a full stop) others like - _ ~ ! $ & ' ( ) * + , ; = : are valid.

I found this page is well documented, referenced and helpful: http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx/ . It too gives examples of valid address that do not parse that I / it believe should.

Whilst you are fixing 3) above (as I am sure you will want to - please advise date) perhaps you would also consider addressing my 1) and 2) above too.

For what its worth it would be far simpler if you also implemented a world class anti-spam system, by default, for all users.  I dread to think of the effect on your servers of many domains adding their own data like I'm intending to.