Email validation is one of the most common uses of regular expressions. But finding the right regex pattern is tricky — too simple and you miss valid emails, too complex and you reject legitimate addresses. This guide provides three levels of email regex patterns with test cases, plus implementation examples in JavaScript, Python, and C#.
Level 1: Simple Pattern (Most Common)
This pattern covers 99% of real-world email addresses and is the best balance of accuracy and readability:
^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$RegexWhat it matches:
✅ [email protected]
✅ [email protected]
✅ [email protected]
✅ [email protected]
✅ [email protected]
❌ @example.com (no local part)
❌ user@ (no domain)
❌ [email protected] (dot at domain start)
❌ user [email protected] (spaces not allowed)Test CasesLevel 2: Stricter Pattern
Adds length restrictions and prevents consecutive dots:
^[a-zA-Z0-9](?:[a-zA-Z0-9._%+-]{0,62}[a-zA-Z0-9])?@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z]{2,})+$RegexLevel 3: RFC 5322 (Complete but Complex)
The full RFC 5322 email regex is incredibly complex and rarely needed in practice:
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])RFC 5322 RegexThe full RFC regex is nearly impossible to maintain and debug. It technically allows quoted strings, IP addresses, and special characters that most email providers don't support. Use Level 1 for forms and combine with server-side email verification for production.
Implementation Examples
JavaScript
const emailRegex = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
function validateEmail(email) {
return emailRegex.test(email);
}
// HTML5 built-in validation (easier approach):
// <input type="email" required>JavaScriptPython
import re
EMAIL_PATTERN = re.compile(
r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
)
def validate_email(email: str) -> bool:
return bool(EMAIL_PATTERN.match(email))
# Better approach for production:
# pip install email-validator
from email_validator import validate_email, EmailNotValidErrorPythonC#
using System.Text.RegularExpressions;
public static partial class EmailValidator
{
[GeneratedRegex(@"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$")]
private static partial Regex EmailRegex();
public static bool IsValid(string email)
=> EmailRegex().IsMatch(email);
}
// .NET built-in (recommended):
// System.Net.Mail.MailAddress.TryCreate(email, out _)C#Production Best Practices
- Regex is not enough — use it only for basic format validation on the frontend
- Always send a verification email — the only way to confirm an email exists
- Don't be too strict — you'll reject valid emails from new TLDs like
.museumor.company - Use platform validators —
MailAddress.TryCreate()in .NET,email-validatorin Python, HTML5<input type="email">in browsers - Consider internationalized emails — RFC 6531 allows Unicode in local parts (e.g.,
用户@example.com)
Test Your Regex Pattern
Paste your email regex and test text to see matches instantly. Free online regex tester.
Open Regex Tester →Conclusion
For email validation, the simple pattern ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ is the
best choice for most applications. Combine it with server-side verification for production use. Test your
patterns using Polymorpher's Regex Tester, and check out our 10 Regex Patterns Every Developer Should Know for more
patterns.
