How To Validate An Email Address With Regular Expressions (Regex)

Validate Email Address With Regular Expression Regex

Virtually every programming language supports regular expressions nowadays. While some developers don’t like them, they truly are a best practice as they typically perform functions like validation extremely fast with fewer server resources. Email addresses are a perfect example… where they can be easily checked to ensure they’re properly formatted.

Keep in mind that validation is not verification. Validation simply means that the data passed follows a standard format that is properly constructed. Some interesting things about email addresses that could be missed upon validation.

How Long Can An Email Address Be?

I had to do some digging today to find it, but did you know what the valid length of an email address is? It’s actually broken into parts… Name@Domain.com. This is according to RFC2822.

  1. Name can be 1 to 64 characters.
  2. Domain can be 1 to 255 characters.

That means that this could be a valid email address:

loremaipsumadolorasitaametbaconsectetueraadipiscin
gaelitanullamc@loremaipsumadolorasitaametbaconsect
etueraadipiscingaelitcaSedaidametusautanisiavehicu
laaluctuscaPellentesqueatinciduntbadiamaidacondimn
tumarutrumbaturpisamassaaconsectetueraarcubaeuatin
ciduntaliberoaaugueavestibulumaeratcaPhasellusatin
ciduntaturpisaduis.com

Try fitting that on a business card! Ironically, most email address fields are limited to 100 characters on the web… which is technically incorrect. Some of the other regular expressions used to validate email addresses also look for a 3-digit top-level domain, like .com; however, there’s no limitation to the length of top-level domains (eg. Martech Zone has 4 digits – .zone).

Email address standardization is far more complex than you realize. When written to the standard, here’s the true regular expression for an email address, credit to Regexr:

[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?

HTML5 Doesn’t Even Need Validation

The easiest means to ensure an email is valid according to the standard is by using an HTML5 email input field:

<input type='email' name='email' placeholder='name@domain.com' />

There are times, though, that your web application will still want to validate the email address both in the browser when entered and when submitted to your server.

Regex For A Proper Email Address in PHP

Few people realize it, but PHP now has the RFC standard built into its filter validation function.

if(filter_var("name@domain.com", FILTER_VALIDATE_EMAIL)) {
    // Valid
}
else {
    // Not Valid
}

Regex For A Proper Email Address in Javascript

You don’t have to have an overly complex standard for checking an email address structure. Here’s a simple means using JavaScript.

function validateEmail(email) 
{
    var re = /\\S+@\\S+/;
    return re.test(email);
}

Of course, that’s not to the RFC standard, so you may wish to validate each section of the data to ensure it’s valid. This regular expression will comply with about 99.9% of email addresses out there. It’s not fully to standard, but it’s useful for virtually any project.

function validateEmail(email) 
{
  var re = /^(?:[a-z0-9!#$%&amp;'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&amp;'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$/;

  return re.test(email);
}

Credit for these examples goes to HTML.form.guide.

41 Comments

  1. 1

    For forms with multiple email addresses, it would be good to do class=”emailaddress”. If you have the prototype.js library (http://www.prototypejs.org) included on the page you can do something like this:

    var valid = true;
    var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
    $$(‘.emailaddress’).each( function(email) {
    if (!filter.test(email.value)) {
    alert(?Please provide a valid email address?);
    email.focus;
    valid = false;
    }
    });
    return valid;

  2. 5
  3. 7

    I like the idea, but I would be hesitant to adopt this particular regular expression without description of which legal email addresses it does not accept and which illegal addresses it permits.

    For an example of a regular expression that does a decent job alongside an explanation of which cases it does not cover, see this:

    http://www.regular-expressions.info/email.html

    My personal preference is to cover most of the simple cases and issue a warning for everything else rather than rejecting it. If Bob really want sto submit bob@com.museum rather than bob@museum.com, why not let him?

    • 8

      Hi Reg,

      You can test out the Regex utilizing an Online Regex Tester.

      Also, there’s definitely much more that can be done if you want to ensure an email address is valid in accordance with the RFC.

      There are a few reasons not to allow someone to enter an invalid email address:
      1. They will get annoyed at you when the email they expected doesn’t get through – regardless of whether or not it was your fault the address was entered incorrectly.
      2. If com.museum was a valid domain and, let’s say, Yahoo! operated it – any email address that bounced would have a negative impact on your company’s reputation for email delivery. This could lead to all of your company’s email being blocked.
      3. If your email service provider allowed you to enter bob@com.museum, you’d also pay for each email sent to that email address until they unsubscribed that address due to bounces. I would steer clear of any ESP that would allow an invalid email address like that – they’re just taking your money!

      Thanks for stopping by!
      Doug

  4. 9
  5. 10

    There’s much simpler way to write the expression:
    var regex = /^[a-z0-9\._-]+@([a-z0-9_-]+\.)+[a-z]{2,6}$/i;
    – With the final modifier /i there’s no need to indicate the upper case range.
    – I don’t know of any TLD with numbers in it.
    On a side note, I do allow TLD with up to 6 chars; new ones arrive regularly and you never know (well, somme future ones may even have numbers in it, I know).

  6. 11

    Hi there,

    I am tring to use this in an existing form in real-time, but this doesnt appear to be validating in realtime like your password strength checker…

    Or, am i just that clueless, and it aint workin for me?

  7. 12

    btw, I really like what you have going on here, your tutorials are very simple, I will definately be bookmarking this one….

  8. 13
  9. 16
  10. 17

    Just a small correction: The regular expression has an extra ()+ at the end. It should read:

    ^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+[a-zA-Z0-9]{2,4}$

    With the first one any length TLDs would be accepted (which is not intrinsecally wrong as others have pointed out, but if that was the intention the expression could be shortened).

  11. 18

    Can you please explain the regular expression of this code and how its working? Also about .test – Is .test a default statement in javascript to check things like you did in the code above?

  12. 19

    This is a short code for email expression-

    function validateEmail(id)
    {
    var emailPattern = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,4}$/;
    return emailPattern.test(id);

    }
    Deepak Rai
    varanasi

  13. 20

    This is a short code for email expression-

    function validateEmail(id)
    {
    var emailPattern = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,4}$/;
    return emailPattern.test(id);

    }
    Deepak Rai
    varanasi

  14. 21
  15. 22
  16. 23

    Thanks, but there is an error in this regex. I'm not a regex expert, but I tried email:

    test@test

    and it passed the regex… I noticed it's lacking escaping the "." so it should be:

    /^([a-zA-Z0-9_.-])+@(([a-zA-Z0-9-])+.)+([a-zA-Z0-9]{2,4})+$/

  17. 24
  18. 27

    Well, this is just a rough check but not 100% accurate, for example this would be okay with john_doe.@gmail.com which is actually not a valid e-mail address (dot is not allowed as a last character in local part of e-mail).
    Also it would accept john…doe@gmail.com which is also invalid since there cannot be more than one dot in a sequence.

    These are just some flaws I noticed at the first sight.
    My intention is not bashing just to point this out in case someone is planning to use this as a security check – not secure enough.

    For info about valid e-mail addresses check this out: http://en.wikipedia.org/wiki/E-mail_address

  19. 28

    Deepak,

    Actually, I think you need to apply a escape for the dot (“.”). So , your function should be, instead:

    function validateEmail(id)
    {
    var emailPattern = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,4}$/;
    return emailPattern.test(id);

    }

    Otherwise, the dot would mean “any character”. I believe such special characters need to be escaped.

    Regards,

    Federico

  20. 29

    function validateEmail(fld) {
    var error=””;
    var tfld = trim(fld.value); // value of field with whitespace trimmed off
    var emailFilter = /^[^@]+@[^@.]+.[^@]*ww$/ ;
    var illegalChars= /[(),;:\”[]]/ ;

    if (fld.value == “Enter your email Address”) {

    error = “Please enter your Email address.n”;
    } else if (!emailFilter.test(tfld)) { //test email for illegal characters

    error = “Please enter a valid email address.n”;
    } else if (fld.value.match(illegalChars)) {

    error = “Please enter a valid email address.n”;
    }
    return error;
    }

  21. 30

    function validateEmail(fld) {
    var error=””;
    var tfld = trim(fld.value); // value of field with whitespace trimmed off
    var emailFilter = /^[^@]+@[^@.]+.[^@]*ww$/ ;
    var illegalChars= /[(),;:\”[]]/ ;

    if (fld.value == “Enter your email Address”) {

    error = “Please enter your Email address.n”;
    } else if (!emailFilter.test(tfld)) { //test email for illegal characters

    error = “Please enter a valid email address.n”;
    } else if (fld.value.match(illegalChars)) {

    error = “Please enter a valid email address.n”;
    }
    return error;
    }

  22. 31

    function validateEmail(fld) {
    var error=””;
    var tfld = trim(fld.value); // value of field with whitespace trimmed off
    var emailFilter = /^[^@]+@[^@.]+.[^@]*ww$/ ;
    var illegalChars= /[(),;:\”[]]/ ;

    if (fld.value == “Enter your email Address”) {

    error = “Please enter your Email address.n”;
    } else if (!emailFilter.test(tfld)) { //test email for illegal characters

    error = “Please enter a valid email address.n”;
    } else if (fld.value.match(illegalChars)) {

    error = “Please enter a valid email address.n”;
    }
    return error;
    }

  23. 32

    function validateEmail(fld) {
    var error=””;
    var tfld = trim(fld.value); // value of field with whitespace trimmed off
    var emailFilter = /^[^@]+@[^@.]+.[^@]*ww$/ ;
    var illegalChars= /[(),;:\”[]]/ ;

    if (fld.value == “Enter your email Address”) {

    error = “Please enter your Email address.n”;
    } else if (!emailFilter.test(tfld)) { //test email for illegal characters

    error = “Please enter a valid email address.n”;
    } else if (fld.value.match(illegalChars)) {

    error = “Please enter a valid email address.n”;
    }
    return error;
    }

  24. 33
  25. 34
  26. 35
  27. 36
  28. 37
  29. 38
  30. 39
  31. 40

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.