How to validate an email address syntax

Whether you are selling digital contents, services, or physical goods via your online store, in most cases, you may require users to sign up an user account with their email addresses. Although FraudLabs Pro will perform the email validation during fraud detection, this will only take place at the ordering process. If you want to implement the checking, i.e, during the account creation, below are some tips of how to validate an email format.

An email address comes with two parts separated by an at-sign (@), namely the local part and domain part. According to RFC5321, by the Internet Engineering Task Force (IETF) and the Internet Society (ISOC), the characters allowed in both parts are differ based on several conditions and restrictions. Below are the explanation to the email address syntax.

Local Part

As what defined in RFC standards, the local part can contain up to maximum 64 characters, and may contain the following special characters without any restrictions:

! # $ % & ‘ * + – / = ?  ^ _ ` . { | } ~

Any special characters that are not listed above should be used in the quotes, which are either double quote (“”) or backslash (\). Some examples of using those special characters are:

  • Abc\
  • Fred\
  • \\
  • “Abc@def”
  • “Fred Bloggs”

Be in mind that the period sign (.) can be used in local part with the following restrictions:

  • Not in the first or last of the local part, And
  • cannot be used consecutively.
Domain Part

The domain part has a length of maximum up to 255 characters according to RFC standards. The domain part must follow the requirement for hostname, and a list of dot-separated DNS labels with limitation of 63 characters length with the requirements of:

  • uppercase and lowercase Latin letters a to z;
  • Number digits 0-9, with the condition of top-level domains cannot be all numeric;
  • The hypen symbol(-), provided that it should not be the first or the last character.

Note: The dotless domain name(xxx@example) is prohibited by the Internet Corporation for Assigned Names and Numbers(ICANN) due to security and stability risks.

Sample regular expression for checking email address format

Below is the sample of regular expression that will validate the correct syntax of an email address:

/^([!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|"([\]!#-[^-~\ \t\@\\\\]|(\\[\t\ -~]))+")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$/i

This regular expression will first check the first character in email address if a double quote was presented in the first character. If the double quote found, it will make sure the character embraced inside the double quote is valid as according to the standard.

Next, this regular expression will check the domain part to make sure that the domain part contains only the valid characters as according to RFC standards. Lastly, this regular expression will make sure that the email address ended with the correct domain format.

Please note that the above syntax works for most email validation, however it’s not 100 compliant to the RFC standards, there are a few exception cases. For example, the following cases will not pass the regular expression checking although it’s correct as according to the RFC.

  • “test\”test”
  • “test”.”test”
  • “test”
  • “test”
  • “test”

Please also note that although RFC standards allows the use of IP address in domain part, but this is not cover in this regular expression checking.


Ready to start with FraudLabs Pro?

Get Micro plan for free, you can quickly explore and integrate with our fraud prevention solution in minutes.

Bonus Tip: If you need to validate a list of email addresses, you can take a look at MailboxValidator which has bulk validation plans to suit all budgets.

Was this article helpful?

Related Articles