The regex for e-mail sanity checking is flawed and assumes that TLDs will be between 2 and 4 characters. This breaks addresses in longer TLDs. At the moment the only one affected as far as I know is .museum, but it's something to consider should new TLDs become available.

I have not checked if this is the behavior in vB3 though I have no reason to believe it wouldn't be the same.

Best wishes,
Paul

Closer inspection of the code reveals that this only is a problem when registering a new account and when parsing e-mail addresses in posts, etc. Updating the e-mail address does not attempt to verify a sane TLD, only that one is supplied.

A separate e-mail regex is used for member.php.

I'm not sure what the best implementation would be. On one hand ensuring that the TLD is at least 2 characters and at most 6 reduces the amount of garbage, but on the other limiting TLD would cause problems should new TLDs be introduced. I'm not sure if there is an RFC that limits the character length of any future TLDs.

I am altering the code on my end to check for a 2-6 character TLD, simply because I hope to be off the 2.x codebase in the near future and don't see any new ones about to be introduced that would fall outside of that restriction.