Email app icon on a smartphone screen.
Photo: Torsten Dettlaff / Pexels
← THE PAPERWORK/ARTICLE

How to Validate Email Addresses Online (Format, Syntax, and More)

Email validation explained: what makes an address valid, why regex isn't enough, and how to check email addresses quickly online for free.

BY ALI HASSAN·

How to Validate Email Addresses Online

Not every string that looks like an email address is a valid one. Catching bad emails at the point of entry — sign-up forms, import jobs, marketing lists — saves you from bounced messages, failed deliveries, and dirty data.

Mizakii's Email Validator checks email addresses for format validity instantly, free, in your browser.

What Makes an Email Address Valid?

An email address has two parts: the local part (before the @) and the domain (after the @).

localpart@domain.tld

Local part rules (RFC 5321)

  • Allowed characters: A-Z, a-z, 0-9, and !#$%&'*+/=?^_{|}~-
  • Dots (.) are allowed but not at the start, end, or consecutively: a..b@example.com is invalid
  • The local part can be up to 64 characters
  • Quoted strings allow almost anything: "ali hassan"@example.com is technically valid

Domain rules

  • Must have at least one dot
  • Each label (segment between dots) is 1–63 characters
  • Total domain length up to 255 characters
  • Valid TLDs: .com, .net, .io, .co.uk, .museum, etc.
  • IP addresses are valid but unusual: user@[192.168.1.1]

Common invalid patterns

| Address | Why it's invalid | |---------|----------------| | user@ | No domain | | @example.com | No local part | | user@.com | Domain starts with dot | | user..name@example.com | Consecutive dots | | user@example | No TLD | | user name@example.com | Space not allowed (unquoted) | | user@exam_ple.com | Underscore in domain (invalid) |

Format Validation vs Deliverability

These are two different things that are often confused:

Format validation checks whether the string follows the email address syntax rules. It catches typos like user@gmial.com (wrong domain spelling) and structural errors like missing @.

Deliverability validation checks whether the email address actually exists and can receive mail. This requires an MX record lookup (does the domain have mail servers?) and optionally an SMTP handshake. It can't be done entirely client-side and always carries some risk of triggering spam filters.

| | Format check | Deliverability check | |---|---|---| | Works offline/client-side | ✅ | ❌ | | Catches typos in domain | Partial | ✅ | | Confirms inbox exists | ❌ | Sometimes | | Risk of false positives | Low | Medium | | Speed | Instant | Seconds |

For most use cases — sign-up forms, CSV imports — format validation is sufficient.

Why a Simple Regex Isn't Enough for Production

The naive regex most developers reach for:

/^[^\s@]+@[^\s@]+\.[^\s@]+$/

This is too permissive — it accepts a@b.c and user@.com. Too strict — it rejects valid addresses with unusual characters. And it doesn't handle international domain names (IDNs) at all.

The RFC 5321/5322-compliant regex is several hundred characters long and still doesn't cover every edge case. A purpose-built validator handles:

  • Unicode in domain names (IDN)
  • Consecutive dots
  • Max length limits (64 chars local, 255 chars domain)
  • Special character rules
  • Quoted local parts

For server-side validation in Node.js, libraries like validator.js (isEmail()) or email-validator are the standard approach. For a quick one-off check, an online tool is faster.

Use Cases for Email Validation

Sign-up forms — catch typos before the user submits and has to start over. Client-side format validation gives instant feedback.

Bulk list cleaning — before importing a CSV of email addresses into a marketing tool (Mailchimp, Klaviyo), remove all syntactically invalid addresses. Invalid addresses inflate your bounce rate and hurt sender reputation.

API input validation — any API endpoint that accepts an email field should validate format on the server side, even if the client already validated it.

Data migrations — when migrating user data between systems, validate all email fields to catch rows that have been corrupted or incorrectly populated.

Developer testing — quickly check whether a test email address you've written follows valid syntax before putting it in a fixture or seed file.

Common Email Typos and How to Catch Them

Most invalid email addresses in real-world data aren't malicious — they're typos. The most common:

| Typo | Likely intended | Type | |------|----------------|------| | gmail.con | gmail.com | TLD typo | | gmial.com | gmail.com | Transposition | | gmai.com | gmail.com | Missing letter | | user@@example.com | user@example.com | Double @ | | user@example..com | user@example.com | Double dot | | user @example.com | user@example.com | Space in local part | | hotmail.co | hotmail.com | Truncated TLD |

A format validator catches the structural ones (double @, spaces, double dots) instantly. The domain-name typos (gmail.con) require either a known-domains list or an MX record check.

Some sign-up forms implement a "did you mean?" suggestion — if the domain looks close to a known provider, suggest the correction. For example, flagging gmial.com and suggesting gmail.com. This is separate from validation and requires a fuzzy-match implementation.

Email Validation in Code

HTML5 (client-side, basic)

<input type="email" required />

The browser's built-in type="email" validation catches obvious structural errors. It's not RFC-compliant and accepts some invalid addresses, but it's a useful first layer with zero code.

JavaScript (client-side, tighter)

function isValidEmail(email) {
  // Handles the vast majority of real addresses
  return /^[^\s@]+@[^\s@]{1,}\.[^\s@]{2,}$/.test(email)
    && email.length <= 254
    && email.split('@')[0].length <= 64;
}

Still not perfectly RFC-compliant, but catches the common failure cases and is far better than the typical naive regex.

Node.js (server-side)

npm install validator

const validator = require('validator');

validator.isEmail('ali@example.com');     // true
validator.isEmail('ali@exam_ple.com');    // false
validator.isEmail('ali..hassan@test.com'); // false

validator.js is the standard choice — actively maintained, handles IDN, quoted local parts, and edge cases.

Python

import re

def is_valid_email(email):
    pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    return bool(re.match(pattern, email)) and len(email) <= 254

# Or use the email-validator library for full RFC compliance:
# pip install email-validator
from email_validator import validate_email, EmailNotValidError

try:
    valid = validate_email("ali@example.com")
    print(valid.email)
except EmailNotValidError as e:
    print(str(e))

Validate Email Addresses Now

Open Mizakii Email Validator →

Paste a single address or a list and get instant format validation. Free, no signup, runs entirely in your browser — your data is never sent to a server.