Email validation is the most common regex task in web development, and also one of the most misunderstood. The RFC 5322 specification for email addresses is surprisingly permissive — technically, `"very.(),:;<>[]".VERY."very@\ "very".unusual"@strange.example.com` is a valid email address. Trying to write a regex that accepts every valid address and rejects every invalid one is a fool’s errand. The practical goal is to catch common typos without rejecting real users.

The Practical Pattern

For most web applications, `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$` is sufficient. It checks for a local part with common characters, an @ symbol, a domain with dots, and a TLD of at least two characters. This rejects obvious non-emails while accepting virtually every address a real user would type.

Common Mistakes

The most common mistake is being too strict. Rejecting `+` in the local part blocks Gmail users who use plus-addressing for filtering. Requiring a maximum TLD length rejects newer TLDs like `.technology` or `.international`. Limiting the domain to known TLDs creates a maintenance burden as new TLDs are regularly added.

The RFC Rabbit Hole

The full RFC 5322 email regex is thousands of characters long and accounts for quoted strings, nested comments, and IP address domains. No production system needs this level of validation. A better approach is basic format checking with regex followed by a verification email — the only way to truly confirm an address is to send a message to it.

International Email Addresses

Internationalized email addresses can contain Unicode characters in both the local part and the domain. If your application serves an international audience, your regex must account for this. The pattern `^[^\s@]+@[^\s@]+\.[^\s@]+$` is the most permissive practical option — it checks for the basic structure without restricting character sets.

Frontend vs. Backend Validation

Use a lenient regex on the frontend to catch obvious typos (missing @, missing domain). Perform stricter validation on the backend, including DNS MX record checking if deliverability matters. Never rely solely on regex for email validation — it is one layer in a multi-step process.

Testing Your Patterns

RegExpress for iOS lets you test email validation patterns against a variety of addresses, including edge cases with plus signs, dots, hyphens, and new TLDs. Building and testing your pattern interactively is faster and more reliable than guessing at the right regex in your source code.