Using regex to validate email addresses is very difficult. The regular expression you presented does work in many cases but is very basic.
One example is that + is a valid character in an email name. You are going to make a lot of gmail users mad if you don't accept it before the @ sign. If someone's email address is sql@gmail.com, he can submit to your site sql+beyondrelational@gmail.com and it will still arrive in his email box, but now he knows where the sender acquired his email address.
Here is a bit more friendly one: \b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b.
But even that is not very complete. This will do a better job (please remove the line break):
[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+
[a-z0-9](?:[a-z0-9-]*[a-z0-9])?
Second, you can to do a DNS lookup to see if an MX record exists for the given domain. That is the only way to get an inkling, without sending an email, of whether the domain is valid. But frankly, you can only know if an email address is truly valid by sending an email to it and seeing if it works. That is honestly the best practice. Why would you validate that an email has the correct format in preference to validating that the email in fact reaches the intended user?
My final recommendation is to dispense with checking email addresses beyond the basic "it has an @ symbol and at least one dot afterward" and instead send an email-address-validation email to the darn thing. Then you know it's right, and at that point it doesn't even matter if it has Unicoded moon rocks in it. It works, so it's valid. If it wasn't right, the user will try again if he really wants to be part of your site. Do you have to have an email address anyway?
(Note: if you like, read more on email regular expressions.)
commented on Oct 21 2012 2:40AM