How to validate an email address syntax

Whether you are selling digital contents, services, or physical goods via your online store, in most cases, you may require users to sign up an user account with their email addresses. Although FraudLabs Pro will perform the email validation during fraud detection, this will only take place at the ordering process. If you want to implement the checking, i.e, during the account creation, below are some tips of how to validate an email format.

An email address comes with two parts separated by an at-sign (@), namely the local part and domain part. According to RFC5321, by the Internet Engineering Task Force (IETF) and the Internet Society (ISOC), the characters allowed in both parts are differ based on several conditions and restrictions. Below are the explanation to the email address syntax.

Local Part

As what defined in RFC standards, the local part can contain up to maximum 64 characters, and may contain the following special characters without any restrictions:

! # $ % & ‘ * + – / = ?  ^ _ ` . { | } ~

Any special characters that are not listed above should be used in the quotes, and need to be preceded by a backslash (\). Some examples of using those special characters are:

  • “Abc\@def”@example.com
  • “Fred\ Bloggs”@example.com
  • “\\Blow”@example.com
  • “Abc@def”@example.com
  • “Fred Bloggs”@example.com

Be in mind that the period sign (.) can be used in local part with the following restrictions:

  • Not in the first or last of the local part, And
  • cannot be used consecutively.
Domain Part

The domain part has a length of maximum up to 255 characters according to RFC standards. The domain part must follow the requirement for hostname, and a list of dot-separated DNS labels with limitation of 63 characters length with the requirements of:

  • uppercase and lowercase Latin letters a to z;
  • Number digits 0-9, with the condition of top-level domains cannot be all numeric;
  • The hypen symbol(-), provided that it should not be the first or the last character.

Note: The dotless domain name(xxx@example) is prohibited by the Internet Corporation for Assigned Names and Numbers(ICANN) due to security and stability risks.

Sample regular expression for checking email address format

Below is the sample of regular expression that will validate the correct syntax of an email address:

/^(["!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|"(["\]!#-[^-~\ \t\@\\\\]|(\\[\t\ -~]))+")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$/i

This regular expression will first check the first character in email address if a double quote was presented in the first character. If the double quote found, it will make sure the character embraced inside the double quote is valid as according to the standard.

Next, this regular expression will check the domain part to make sure that the domain part contains only the valid characters as according to RFC standards. Lastly, this regular expression will make sure that the email address ended with the correct domain format.

Please note that the above syntax works for most email validation. Please also note that although RFC standards allows the use of IP address in domain part, but this is not cover in this regular expression checking.

Validating email address syntax using regular expression in PHP

In PHP, you can validate email address syntax using regular expression like this:

<?php
$re = '/^(["!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|"(["\]!#-[^-~\ t\@\\\\]|(\\[\t\ -~]))+")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$/i';
$str = 'user@example.com';

preg_match($re, $str, $matches, PREG_OFFSET_CAPTURE, 0);

if (count($matches) > 0) {
    echo 'Email address matched with the syntax.';
}
?>

You can also use the filter_var function to validate the email address syntax, for example:

<?php
$email = 'user@example.com';
if( filter_var( $email ,FILTER_VALIDATE_EMAIL ) )
{
    echo 'Email address matched with the syntax.';
}
?>

Validating email address syntax using regular expression in Java

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class Example {
    public static void main(String[] args) {
        final String regex = "^(["!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\\.[!#-\'*+\/-9=?A-Z^-~\\-]{1,64})*|\"([\"\]!#-[^-~\ \t\@\\\\]|(\\[\t\ -~]))+\")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$";
        final String string = "user@example.com";
        final Pattern pattern = Pattern.compile(regex, Pattern.CASE_INSENSITIVE);
        final Matcher matcher = pattern.matcher(string);
        if (matcher.find()) {
            System.out.println('Email address matched with the syntax.');
        }
    }
}

Validating email address syntax using regular expression in Go

package main

import (
    "regexp"
    "fmt"
)

func main() {
    var re = regexp.MustCompile(`(?i)^(["!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|"(["\]!#-[^-~\ t\@\\\\]|(\\[\t\ -~]))+")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$`)
    var str = `user@example.com`
    
    if len(re.FindStringIndex(str)) > 0 {
        fmt.Println('Email address matched with the syntax.')
    }
}

Validating email address syntax using regular expression in C#

using System;
using System.Text.RegularExpressions;

public class Example
{
    public static void Main()
    {
        string pattern = /
^([!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|""([\]!#-[^-~\ \t\@\\\\]|(\\[\t\ -~]))+"")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$
/;
        string input = @"user@example.com";
        RegexOptions options = RegexOptions.IgnoreCase;

        Match m = Regex.Match(input, pattern, options);
        if (match.Success) {
            Console.WriteLine('Email address matched with the syntax.');
        }
    }
}

Validating email address syntax using regular expression in Python

import re

regex = r"/^([\"!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|"([\"\]!#-[^-~\ \t\@\\\\]|(\\[\t\ -~]))+")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$/i"

test_str = "user@example.com"
matches = re.search(regex, test_str, re.IGNORECASE)
if matches:

    # Print message to indicate match, or do something here
    print('Email address matched with the syntax.')

Validating email address syntax using regular expression in Javascript

const regex = /^(["!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|"(["\]!#-[^-~\ \t\@\\\\]|(\\[\t\ -~]))+")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$/i;

const str = `user@example.com`;
let m;

if ((m = regex.exec(str)) !== null) {

    // Print message to indicate match, or do something here
    console.log('Email address matched with the syntax.');
}

Validating email address syntax using regular expression in Ruby

re = /^(["!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64}(\.[!#-\'*+\/-9=?A-Z^-~\\\\-]{1,64})*|"(\["\]!#-[^-~\ \t\@\\\\]|(\\[\t\ -~]))+")@([0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Z]([0-9A-Z-]{0,61}[0-9A-Za-z])?))+$/i
str = 'user@example.com'

# Print the match result
str.match(re) do |match|
puts 'Email address matched with the syntax.'
end

Ready to start with FraudLabs Pro?

Get Micro plan for free, you can quickly explore and integrate with our fraud prevention solution in minutes.

Bonus Tip: If you need to validate a list of email addresses, you can take a look at MailboxValidator which has bulk validation plans to suit all budgets.

Was this article helpful?

Related Articles