Email Regex Validation — What You Need to Know
Email validation with regex is deceptively complex. The RFC 5321 specification allows characters like +, -, _, and . in the local part, IP addresses as domains, and quoted strings. A regex that rejects valid emails is worse than one that's slightly too permissive — it blocks real users.
The practical sweet spot is a regex that validates the basic structure — at least one character before the @, a domain, and a TLD — without trying to enumerate every valid character. Something like /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/ blocks obvious non-emails while accepting [email protected], [email protected], and other valid formats.
For production use, combine regex with an actual SMTP verification step or email confirmation flow. Regex can check the format, but only sending a confirmation email verifies the address is real and the user controls it.
Tips
- Always confirm email addresses via a verification link — regex only validates format, not deliverability.
[email protected]is a valid email — the+alias syntax is widely supported.- HTML's
type="email"input does basic email validation automatically — no custom regex needed for form fields. - Test with edge cases: subdomains (
[email protected]), new TLDs ([email protected]), and plus signs.