How to Validate Email with Regex: Patterns, Examples, and Best Practices

Why validate email addresses?

Email validation is one of the most common uses of regular expressions. Whether you are building a signup form, contact page, or newsletter subscription, ensuring users provide valid email addresses improves data quality and user experience.

However, email validation with regex is surprisingly complex. The official specification (RFC 5322) allows many unusual formats that most simple patterns reject. This guide covers practical patterns for real-world use cases.

Email address structure

Before diving into regex patterns, understand the structure of an email address. Every email has two parts separated by the @ symbol.

• Local part: The username before @ (e.g., john.doe)
• Domain part: The domain after @ (e.g., example.com)
• The local part can contain letters, numbers, dots, hyphens, underscores, and plus signs
• The domain part consists of labels separated by dots, ending with a TLD
• Maximum total length is 254 characters
• Local part maximum is 64 characters

Simple email regex pattern

For most applications, a simple pattern that catches obvious errors is sufficient. This pattern validates the basic structure without being overly strict.

^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$

This pattern requires: one or more valid characters in the local part, an @ symbol, a domain with at least one dot, and a TLD of at least two letters.

Breaking down the simple pattern

Let us examine each part of the simple email regex.

• ^ anchors to the start of the string
• [a-zA-Z0-9._%+-]+ matches the local part (letters, numbers, dots, underscores, percent, plus, hyphen)
• @ matches the literal @ symbol
• [a-zA-Z0-9.-]+ matches the domain name (letters, numbers, dots, hyphens)
• \. matches the literal dot before the TLD
• [a-zA-Z]{2,} matches the TLD (at least 2 letters)
• $ anchors to the end of the string

More robust email pattern

A more comprehensive pattern adds restrictions to prevent invalid formats like consecutive dots or leading/trailing special characters.

^[a-zA-Z0-9](?:[a-zA-Z0-9._%+-]{0,62}[a-zA-Z0-9])?@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z]{2,})+$

This pattern ensures the local part and domain do not start or end with special characters, and limits segment lengths.

JavaScript email validation

Here is how to implement email validation in JavaScript using the simple pattern.

• const emailRegex = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
• emailRegex.test("[email protected]") returns true
• emailRegex.test("invalid.email") returns false
• emailRegex.test("[email protected]") returns false
• emailRegex.test("@example.com") returns false

Common valid email formats

These are valid email formats that your pattern should accept.

• [email protected] (basic format)
• [email protected] (dots in local part)
• [email protected] (plus addressing for filtering)
• [email protected] (underscore in local part)
• [email protected] (hyphen in local part)
• [email protected] (subdomain)
• [email protected] (multi-part TLD)

Invalid formats to reject

Your pattern should reject these common invalid formats.

• user@example (missing TLD)
• @example.com (missing local part)
• user@ (missing domain)
• [email protected] (consecutive dots)
• [email protected] (leading dot)
• [email protected] (trailing dot before @)
• [email protected] (domain starting with hyphen)
• [email protected] (domain ending with hyphen)

HTML5 email validation

Modern browsers provide built-in email validation through the input type="email" attribute. This uses a pattern similar to our simple regex but handles edge cases automatically.

While convenient, browser validation varies slightly between implementations. For consistent behavior across all environments, combine HTML5 validation with server-side regex validation.

Internationalized email addresses

RFC 6531 allows non-ASCII characters in email addresses, supporting international domain names (IDN) and local parts with Unicode characters.

• user@例え.jp (Japanese domain)
• пользователь@example.com (Cyrillic local part)
• user@مثال.com (Arabic domain)
• Standard regex patterns do not support these formats
• Use the u flag in JavaScript for Unicode support
• Consider Punycode encoding for internationalized domains

Why not use RFC 5322 compliant regex?

The official email specification allows many formats that look unusual, such as "john doe"@example.com (quoted strings) or user(comment)@example.com (comments). A fully RFC-compliant regex is extremely complex and impractical.

For most applications, rejecting these edge cases is acceptable. Users with unusual email formats can be handled as exceptions rather than complicating your validation logic.

Best practices for email validation

Regex validation is just one part of a complete email validation strategy.

• Use a simple pattern that accepts most valid addresses
• Do not be overly strict, as this frustrates users with valid emails
• Always send a verification email for critical applications
• Validate on both client and server side
• Provide clear error messages explaining what is wrong
• Consider using established libraries for complex validation
• Check for common typos in popular domains (gmial.com, outlok.com)

Email validation in other languages

The same patterns work across programming languages with minor syntax differences.

• Python: re.match(r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$", email)
• PHP: preg_match("/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/", $email)
• Java: Pattern.matches("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$", email)
• C#: Regex.IsMatch(email, @"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$")
• Go: regexp.MatchString(`^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`, email)

Testing your email regex

Always test your email regex with a variety of inputs before deploying. Use our Regex Tester tool to experiment with patterns and verify matches against your test cases.

Create a test suite that includes valid formats, invalid formats, edge cases, and common typos to ensure your validation works as expected.