Just came across this (RFC2821) and in section 4.5.3.1 (Size limits and minimums) it states (emphasis added):

There are several objects that have required minimum/maximum sizes[...]
**local-part**
   *The maximum total length of a user name or other local-part is 64 characters.*

**domain**
   *The maximum total length of a domain name or number is 255 characters.*

This would indicate an email address could be up to 319 characters, not including the @ symbol for a total size of 320.

I've never seen an email address that long, but since it would techincally be acceptable to have one that long, should databases that store email addresses have a field size of 320? I've always used 255 and never had an issue.

Any thoughts?

Although you wouldn't be following the spec I think 255 would be fine. I have never allowed email addresses longer than 80 characters in any of my databases and I have never had an issue. I'm guessing but I imagine 95% of emails are less than 30 characters.

I have a rule of thumb for this cruft that I have found to result in much fewer buffer overflow issues - provide double the theoretical maximum (plus a terminating null character). So, in this case I'd simply use a buffer size of 1024 and be done with it. There are other techniques that can be applied if there is a possibility that something could pass a string longer than that to you (a hacker, for example).

rubberman:
Double? That seems excessive to me. The RFC has stated that email addresses can be only 390 characters (inclusive of the @ symbol). Why on earth would I need more than 390 since it would be impossible (unless some rogue server developer ignored the RFC) for an email to exceed that length?

My concern is that Murphy's law hates me, and as soon as I say 255 is pleanty, I'll get a yell down from tech support saying some user can't enter his email address in the field because its too long.

I mean there really is a website at http://thelongestlistofthelongeststuffatthelongestdomainnameatlonglast.com/ and I'm sure someone there has an email address.

I think I'll stick with 390, I just wish there was a standard somewhere for database design that says something like "if you are storing x, you should use y at z length in s situations" but alas...I know of none.

Maybe we should start one!

If somebody entered 300 spaces before and after the email address, I quess it would be legitimated. You are stripping spaces from ends, aren't you?

Of course. The data in the fields is used elsewhere to actually send email. The textbox for entry doesn't accept the spacebar and strips pasted spaces.

This article has been dead for over six months. Start a new discussion instead.