A brutal email to HSC Hub:

I attempted to sign up to the HSC Hub service, and am so far mildly unimpressed. For starters, and perhaps most annoyingly, I am not able to put in place my usual security measures against my email address, purely because of what appears to be an incompetently designed regular expression in the JavaScript email address validator:

/^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/

This is invalid for several reasons.

1. In the local portion of an email address, RFC 822/2822/5322 requires that the local part cannot begin with a period. This regular expression allows this, allowing invalid addresses.
2. The set of all valid characters in an email address (see §3.2.3 of RFC 5322) is not matched by this regular expression, excluding, for instance, the character +.
3. The hostname section of the email address is permitted to match, for instance, user@..........example..........com, which is clearly invalid; DNS hostnames are not permitted to contain two or more consecutive periods.
4. DNS hostnames are also not permitted to commence with a hyphen, which this regular expression permits.
5. It is not valid to restrict the TLD in the manner that this regular expression does: there are valid (albeit rare) TLDs that are >4 characters.
6. This will not permit any IPv6 addresses.

Recommended reading: http://stackoverflow.com/questions/201323

Less critically, secondly, the terms and conditions document (as well as others) is, probably unnecessarily, a PDF document (which, I note, has an out-of-date copyright notice, is not complete, and has Microsoft Office ‘Word’ change tracking flags intact). Thirdly, the font and colour scheme selection is distinctly unpleasant; and fourthly, I dislike email forms.

I do not expect to have to change my usage habits on the grounds of one website. Sadly, this sort of poor design is incredibly prevalent, and as a website catering to a large audience, I highly recommend you pick up your act.