[wp-trac] [WordPress Trac] #31992: Unicode Email Addresses

Wed Feb 11 16:08:33 UTC 2026

#31992: Unicode Email Addresses
-------------------------------------------------+-------------------------
 Reporter:  ysalame                              |       Owner:
                                                 |  SergeyBiryukov
     Type:  defect (bug)                         |      Status:  accepted
 Priority:  normal                               |   Milestone:  7.0
Component:  Formatting                           |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-test-info has-patch has-         |     Focuses:
  screenshots has-unit-tests dev-feedback        |
-------------------------------------------------+-------------------------

Comment (by dmsnell):

 In the linked PR I left more extensive updates, but in short I do not
 think it’s feasible that this is ready for 7.0, as much as I want it to
 be. I’ve asked @agulbra to draft a post for Make to discuss the high-level
 status and impact of this change, independent from the code itself.

 My guess is that there’s a lot more at stake here than it seems from the
 code itself, as third-party vendors will not necessarily know to expect
 non-ASCII emails, and some of that plus UX questions plus database
 questions make it a prime candidate for gathering more broad input.

 //This is an important and valid change for WordPress// but I want to make
 sure we don’t rush it too fast — it’s only been open for a decade 🙃

 ----

 What I think is most likely is turning this into a series of smaller
 related changes. I could see it going one of two ways: make a bunch of
 tactical updates which permit non-ASCII email in the existing places in
 Core that would break; or go all out and try to cover all of the UX
 considerations.

 == Known needs

 - We have to open up the email validator to allow non-ASCII bytes.
 Presumably this should require //at a minimum// that the bytes form valid
 UTF-8.
    - There is room for discussion //beyond this// as to how best to
 further restrict the allowable email addresses, but that seems secondary
 to me to this issue.
    - It’s worth discussing Unicode normalization and capitalization rules.
 A survey of how existing major email providers handle this would be great
 to see.
  - Site owners may not be aware of the changes to allowable email
 addresses. It’s probably the wrong option, but these could be opt-in by
 default, giving admins an opportunity to read and understand the
 implications of the change and a health-check before turning them on with
 their potential consequences.
  - Core should be audited for assumptions about ASCII email addresses;
 same goes for the database, particularly when tables are stored as
 `latin1` for pseudo-UTF-80support. We don’t want errant collation settings
 to open up vulnerabilities because an email address was queried in a
 different form than it was stored.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/31992#comment:78>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform