diff --git a/README b/README
index 4b38774..61d7efb 100644
--- a/README
+++ b/README
@@ -11,7 +11,7 @@ Install
 LDAP assumptions
 - 'manager' field contains a dn pointing to manager's record
 - everyone has a 'manager' (not true for mitchell and lilly)
-- everyone's 'mail' field ends with "@mozilla.com"
+- *@mozilla* can be used to glob everyone's email address
 
 TODO
 - 
diff --git a/auth.php b/auth.php
index 34e5afc..4765717 100644
--- a/auth.php
+++ b/auth.php
@@ -16,8 +16,13 @@ if (!isset($_SERVER["PHP_AUTH_USER"])) {
   wail_and_bail();
 } else {
   // Check for validity of login
-  if (preg_match("/[a-z]+@mozilla\\.com/", $_SERVER["PHP_AUTH_USER"])) {
-    $dn = "mail=". $_SERVER["PHP_AUTH_USER"] .",o=com,dc=mozilla";
+  $user = $_SERVER["PHP_AUTH_USER"];
+  if (preg_match('/[a-z]+@(mozilla.*)\.(.{3})/', $user, $m)) {
+    if ($m[1] == "mozillamessaging" && $m[2] == "com") {
+      $m[1] = "mozilla";
+      $m[2] = "net";
+    }
+    $dn = "mail=$user,o={$m[2]},dc={$m[1]}";
     $password = $_SERVER["PHP_AUTH_PW"];
   } else {
     wail_and_bail();
diff --git a/export.php b/export.php
index 26aba2d..57569a0 100644
--- a/export.php
+++ b/export.php
@@ -16,7 +16,7 @@ $notifier_name = $data[0]["cn"][0];
 
 $manager_dn = $data[0]["manager"][0];
 // "OMG, not querying LDAP for the real email? That's cheating!"
-preg_match("/mail=([a-z]+@mozilla\\.com),/", $manager_dn, $matches);
+preg_match("/mail=([a-z]+@mozilla.*),o=/", $manager_dn, $matches);
 $manager_email = $matches[1];
 $is_hr = in_array($manager_email, $hr_managers);
 // Exclude details from non-HR personnel
@@ -48,7 +48,7 @@ if (function_exists($output_function)){
 require_once "./templates/header.php";
 ?>
   <h1>PTO Notifications</h1>
-  <p>Herro thar, <?= str_replace("@mozilla.com", '', $notifier_email) ?>.</p>
+  <p>Herro thar, <?= email_to_alias($notifier_email) ?>.</p>
   <ul id="views">
     <li><a id="view-all">All</a></li>
     <li><a id="view-today">Today</a></li>
@@ -143,7 +143,7 @@ require_once "./templates/header.php";
       
       var K = function(x) { return x; };
       var formatters = {
-        id: K, person: function(x) x.replace(/@mozilla\.com$/, ''), hours: K,
+        id: K, person: function(x) x.replace(/@mozilla.*$/, ''), hours: K,
         added: fdate, start: fdate, end: fdate, details: K
       };
 
diff --git a/filtering.inc b/filtering.inc
index be12eb5..ee8fe26 100644
--- a/filtering.inc
+++ b/filtering.inc
@@ -33,7 +33,7 @@ if ($from_time || $to_time) {
 
 // Person filtering / querying
 if (!empty($_GET["person"])) {
-  $conditions[] = 'person LIKE "%'. htmlspecialchars($_GET["person"], ENT_QUOTES) .'%mozilla.com"';
+  $conditions[] = 'person LIKE "%'. htmlspecialchars($_GET["person"], ENT_QUOTES) .'%mozilla%"';
 }
 
 // ID overrides everything else
diff --git a/index.php b/index.php
index 6b6b417..9945e47 100644
--- a/index.php
+++ b/index.php
@@ -12,7 +12,7 @@ $notifier_email = $_SERVER["PHP_AUTH_USER"];
 $notifier_name = $data[0]["cn"][0];
 
 $manager_dn = $data[0]["manager"][0];
-preg_match("/mail=([a-z]+@mozilla\\.com),/", $manager_dn, $matches);
+preg_match("/mail=([a-z]+@mozilla.*),o=/", $manager_dn, $matches);
 $manager_email = $matches[1];
 
 $data = ldap_find(
@@ -27,7 +27,7 @@ $notified_people[] = $manager_name ." <". $manager_email .'>';
 require_once "./templates/header.php";
 ?>
     <h1>PTO Notification</h1>
-    <p>O hai, <?= str_replace("@mozilla.com", '', $notifier_email) ?>. Submit your PTO notification here. <a href="https://intranet.mozilla.org/Paid_Time_Off_%28PTO%29">All your PTO are belong to us</a>.</p>
+    <p>O hai, <?= email_to_alias($notifier_email) ?>. Submit your PTO notification here. <a href="https://intranet.mozilla.org/Paid_Time_Off_%28PTO%29">All your PTO are belong to us</a>.</p>
     <form action="submit.php" method="post" name="pto-notify">
       <table><tbody>
       <tr>
diff --git a/output.inc b/output.inc
index 852fffe..3c5dbd3 100644
--- a/output.inc
+++ b/output.inc
@@ -58,7 +58,7 @@ function output_atom($data) {
   print "<author><name>Mozilla PTO</name></author>";
   foreach ($data as $pto) {
     $pto["email"] = $pto["person"];
-    $pto["person"] = str_replace("@mozilla.com", '', $pto["person"]);
+    $pto["person"] = email_to_alias($pto["person"]);
     $start = date("m/d/y", $pto["start"]);
     $end = date("m/d/y", $pto["end"]);
     $range = ($start == $end) ? "on $start" : "from $start to $end";
@@ -103,7 +103,7 @@ X-WR-CALNAME:PTOs
 
 EOD;
   foreach ($data as $pto) {
-    $pto["person"] = str_replace("@mozilla.com", '', $pto["person"]);
+    $pto["person"] = email_to_alias($pto["person"]);
     // Line breaks and commas must be escaped.
     $pto["details"] = str_replace(", ", '\, ', $pto["details"]);
     $pto["details"] = str_replace("\n", '\n', $pto["details"]);
diff --git a/pto.inc b/pto.inc
index 2aa7b02..576e7d8 100644
--- a/pto.inc
+++ b/pto.inc
@@ -4,7 +4,7 @@ require_once("FirePHPCore/fb.php");
 ob_start();
 
 function ldap_find($connection, $filter, $attributes) {
-  $search = ldap_search($connection, "o=com, dc=mozilla", $filter, $attributes);
+  $search = ldap_search($connection, "dc=mozilla", $filter, $attributes);
   return ldap_get_entries($connection, $search);
 }
 
@@ -19,3 +19,9 @@ function maketime($slashed_date) {
   }
   return $t;
 }
+
+function email_to_alias($email) {
+  $alias = explode('@', $email);
+  return $alias[0];
+}
+
diff --git a/submit.php b/submit.php
index e4711c7..8f935a1 100644
--- a/submit.php
+++ b/submit.php
@@ -3,15 +3,36 @@ require_once("config.php");
 require_once("pto.inc");
 require_once("auth.php");
 
+$validations = array(
+  "hours" => '/^\d+$/',
+  "start" => '/^[01]\d\/[0-3]\d\/\d{4}$/',
+  "end" => '/^[01]\d\/[0-3]\d\/\d{4}$/'
+);
+$failures = array();
+foreach ($validations as $field => $pattern) {
+  if (!preg_match($pattern, $_POST[$field])) {
+    $failures[] = $field;
+  }
+}
+if (!empty($failures)) {
+  require_once "./templates/header.php";
+  print "<h1>PTO Notifications</h1>";
+  print "<p>Oh noes! The following fields weren't in the right formats!</p>";
+  print "<pre>". implode(", ", $failures) ."</pre>";
+  require_once "./templates/footer.php";
+  die;
+}
+
+
 $notifier_email = $_SERVER["PHP_AUTH_USER"];
 $data = ldap_find(
-  $connection, "mail=". $notifier_email, array("givenName", "sn", "manager", "cn")
+  $connection, "mail=". $notifier_email, array("manager", "cn")
 );
 $notifier_name = $data[0]["cn"][0];
 
 $manager_dn = $data[0]["manager"][0];
 // "OMG, not querying LDAP for the real email? That's cheating!"
-preg_match("/mail=([a-z]+@mozilla\\.com),/", $manager_dn, $matches);
+preg_match("/mail=([a-z]+@mozilla.*),o=/", $manager_dn, $matches);
 $manager_email = $matches[1];
 
 $data = ldap_find(
@@ -37,10 +58,13 @@ if (isset($_POST["cc"]) && $_POST["cc"] == "1") {
 $banned = array();
 $allowed = array();
 while ($check = array_pop($notified_people)) {
-  $match = null;
-  preg_match("/<?(.+@mozilla\\.com)/", $check, $match);
-  $bracket = strpos($match[1], '<');
-  $address = $bracket === FALSE ? $match[1] : substr($match[1], $bracket + 1);
+  $check = trim($check);
+  if (in_string($check, '<') && in_string($check, '>')) {
+    $check = explode('>', $check);
+    $check = explode('<', $check[0]);
+    $check = $check[1];
+  }
+  $address = $check;
   if (in_array($address, $mail_blacklist)) {
     $banned[] = $check;
   } else {
diff --git a/templates/header.php b/templates/header.php
index 72bb099..1a9217a 100644
--- a/templates/header.php
+++ b/templates/header.php
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" dir="ltr">
   <head>
-    <title>PTO Submitted</title>
+    <title>Mozilla PTO</title>
     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
     <script src="./js/jquery-1.3.2.min.js" type="text/javascript"></script>
     <script src="./js/jquery-ui-1.7.2.custom.min.js" type="text/javascript"></script>