427

I've read that by standard first part of e-mail is case sensitive, however I've tried to send e-mail to [email protected], [email protected] and [email protected] - it has arrived in each case.

How do mail servers handles usernames? Is it possible to miss with case and that message wouldn't be delivered? Is it really very important to use exactly same letter case, as was written while registering when giving your e-mail address?

2

5 Answers 5

Reset to default
486

From RFC 5321: Simple Mail Transfer Protocol, section 2.3.11:

The standard mailbox naming convention is defined to be "local-part@domain"; contemporary usage permits a much broader set of applications than simple "user names". Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address.

So yes, the part before the "@" could be case-sensitive, since it is entirely under the control of the host system. In practice though, no widely used mail systems distinguish different addresses based on case.

The part after the @ sign however is the domain and according to RFC 1035, section 3.1,

"Name servers and resolvers must compare [domains] in a case-insensitive manner"

In short, you are safe to treat email addresses as case-insensitive.

12
  • 114
    'In short, you are safe to treat email addresses as case-insensitive.' I'd phrase it stronger: "you're unsafe to treat email-addresses as case-sensitive manner" Especially when checking for duplicates in user-databases, etc.
    – Geert-Jan
    Commented Nov 16, 2013 at 23:00
  • 95
    I'd disagree with the conclusion. If you're looking for duplicates in a database - yes, a case insensitive match is probably the best way to go, but I've seen code where the email address is converted to lower case prior to sending. That's not a good idea, since there is a small chance it will not get delivered. So how you treat it depends on what the consequences of error are and what you're doing with the email addresses at that time (collating a list of unique addresses, sending an email, etc).
    – Peter Bagnall
    Commented Sep 12, 2014 at 9:32
  • 22
    Does anyone know of a list of mail products that will (a) reject a [email protected] when the user [email protected] is valid, or (b) will allow two distinct mailboxes to be created: [email protected] and [email protected]?
    – MSC
    Commented Mar 4, 2015 at 3:48
  • 99
    I work at a large company and there is another person with the same first and last name. I discovered today that his local-part differs from mine only in capitalization. This has been working properly, so I was surprised to see "no widely used mail systems distinguish different addresses based on case". We use MS Exchange which I would call "widely used".
    – Matthew James Briggs
    Commented Nov 24, 2015 at 20:14
  • 23
    RFC 5321 2.4. General Syntax Principles and Transaction Model - SMTP implementations MUST take care to preserve the case of mailbox local-parts. In particular, for some hosts, the user "smith" is different from the user "Smith". Mailbox domains follow normal DNS rules and are hence not case sensitive.
    – Adam111p
    Commented Apr 27, 2016 at 10:02
66

I know this is an old question but I just want to comment here: To any extent email addresses ARE case sensitive, most users would be "very unwise" to actively use an email address that requires capitals. They would soon stop using the address because they'd be missing a lot of their mail. (Unless they have a specific reason to make things difficult, and they expect mail only from specific senders they know.)

That's because imperfect humans as well as imperfect software exist, (Surprise!) which will assume all email is lowercase, and for this reason these humans and software will send messages using a "lower cased version" of the address regardless of how it was provided to them. If the recipient is unable to receive such messages, it won't be long before they notice they're missing a lot, and switch to a lowercase-only email address, or get their server set up to be case-insensitive.

5
  • 22
    This is insightful application of Postel's law en.wikipedia.org/wiki/Robustness_principle. It remains wrong to write software that assumes local parts of email addresses are case-insensitive, but yes, given that there is plenty of wrong software out there, it is also less than robust to require case sensitivity if you are the one accepting the mail.
    – Mattie
    Commented Oct 25, 2012 at 17:32
  • 2
    Personally, when I type my email somewhere I prefer to use mixed case just so it's more legible. For example: [email protected] (Not my real address.) I do this even though I get the email without capitals.
    – PaulOTron2000
    Commented May 10, 2020 at 21:10
  • 3
    As a software author, though, you would prefer your service to be one of those few that do things right for this person with case-sensitive email.
    – Klesun
    Commented Jun 19, 2020 at 8:08
  • On Thunderbird when I enter an email address it automatically turns it to lower case
    – sound wave
    Commented Jul 15, 2022 at 9:56
  • Thunderbird is an old behemoth though. I wouldn't be surprised if it had trouble with emails using non Latin scripts as well.
    – Shautieh
    Commented Oct 4, 2023 at 20:00
52

Way late to this post, but I've got something slightly different to say...

>> "Are email addresses case sensitive?"

Well, "It Depends..." (TM)

Some organizations actually think that's a good idea and their email servers enforce case sensitivity.

So, for those crazy places, "Yes, Emails are case sensitive."

Note: Just because a specification says you can do something does not mean it is a good idea to do so.

The principle of KISS suggests that our systems use case insensitive emails.

Whereas the Robustness principle suggests that we accept case sensitive emails.

Solution:

  • Store emails with case sensitivity
  • Send emails with case sensitivity
  • Perform internal searches with case insensitivity

This would mean that if this email already exists: [email protected]

... and another user comes along and wants to use this email: [email protected]

... that our case insensitive searching logic would return a "That email already exists" error message.

Now, you have a decision to make: Is that solution adequate in your case?

If not, you could charge a convenience fee to those clients that demand support for their case sensitive emails and implement custom logic that allows the [email protected] into your system, even if [email protected] already exists.

In which case your email search/validation logic might look like something this pseudocode:

if (user.paidEmailFee) {
   // case sensitive email
   query = "select * from users where email LIKE ?"
} else {
   // case insensitive email
   query = "select * from users where email ILIKE ?"
}

This way, you are mostly enforcing case insensitivity but allowing customers to pay for this support if they are using email systems that support such nonsense.

p.s. ILIKE is a PostgreSQL keyword: http://www.postgresql.org/docs/9.2/static/functions-matching.html

6
  • 11
    LIKE/ILIKE for an exact match is an awful idea. Imagine an email containing % or more likely _
    – ThiefMaster
    Commented May 20, 2016 at 12:02
  • 27
    Your points are great! But the sql injection in your example kind of ruins it :(
    – epelc
    Commented Sep 19, 2016 at 17:06
  • 9
    @epelc THIS. Cannot agree more. That kind of query building shouldn't be written anywhere even if it's only an example.
    – xDaizu
    Commented Dec 20, 2016 at 14:32
  • 3
    @l3x, while I'm not as strongly against the above example code as the others, specifically because you did call it out as pseudocode and it is for illustrative purposes only, perhaps all of the above comments could be addressed by replacing your query = ... lines with simple query = // Insert case-sensitive/insensitive search here comments as that keeps the conversation away from the SQL injection topic and focuses on what you're trying to show. In other words, keep it on the logic, not the implementation. It will silence the critics.
    – Mark A. Donohoe
    Commented May 3, 2020 at 20:28
  • 2
    I'm against using the term "email" for email addresses.
    – AmigoJack
    Commented Feb 15, 2021 at 20:04
20

IETF Open Standards RFC 5321 2.4. General Syntax Principles and Transaction Model

SMTP implementations MUST take care to preserve the case of mailbox local-parts. In particular, for some hosts, the user "smith" is different from the user "Smith".

Mailbox domains follow normal DNS rules and are hence not case sensitive

14

Per @l3x, it depends.

There are clearly two sets of general situations where the correct answer can be different, along with a third which is not as general:

a) You are a user sending private mails:

Very few modern email systems implement case sensitivity, so you are probably fine to ignore case and choose whatever case you feel like using. There is no guarantee that all your mails will be delivered - but so few mails would be negatively affected that you should not worry about it.

b) You are developing mail software:

See RFC5321 2.4 excerpt at the bottom.

When you are developing mail software, you want to be RFC-compliant. You can make your own users' email addresses case insensitive if you want to (and you probably should). But in order to be RFC compliant, you MUST treat outside addresses as case sensitive.

c) Managing business-owned lists of email addresses as an employee:

It is possible that the same email recipient is added to a list more than once - but using different case. In this situation though the addresses are technically different, it might result in a recipient receiving duplicate emails. How you treat this situation is similar to situation a) in that you are probably fine to treat them as duplicates and to remove a duplicate entry. It is better to treat these as special cases however, by sending a "reminder" mail to both addresses to ask them if the case of the email address is accurate.

From a legal standpoint, if you remove a duplicate without acknowledgement/permission from both addresses, you can be held responsible for leaking private information/authentication to an unauthorised address simply because two actually-separate recipients have otherwise-identical addresses but with different cases.

Excerpt from RFC5321 2.4:

The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. In particular, for some hosts, the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged.

3
  • 4
    For completeness, also from RFC5321, but §4.1.2: “While the above definition for Local-part is relatively permissive, for maximum interoperability, a host that expects to receive mail SHOULD avoid defining mailboxes where the Local-part requires (or uses) the Quoted-string form or where the Local-part is case- sensitive. For any purposes that require generating or comparing Local-parts (e.g., to specific mailbox names), all quoted forms MUST be treated as equivalent, and the sending system SHOULD transmit the form that uses the minimum quoting possible.”
    – Jim Ratliff
    Commented Oct 31, 2022 at 0:09
  • 1
    That's interesting. The implication is that quoting and capitalisation have similar SHOULD/SHOULD NOT/MUST requirements.
    – zaTricky
    Commented Oct 31, 2022 at 14:23
  • The exception being "postmaster" of course.
    – Nemo
    Commented Mar 9 at 0:31

Not the answer you're looking for? Browse other questions tagged or ask your own question.