Email validation is perhaps the single most "Googled" regex topic. It's also a trap. New developers often try to write a pattern that matches the RFC 5322 specification perfectly, resulting in a 6,000-character monster that crashes their browser.

The Pragmatic Approach

For 99% of web applications, you don't need to support IP addresses in brackets or quoted local parts. You need to verify that the user didn't accidentally type a comma instead of a dot.

^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$

Breakdown

• ^[\w-\.]+: Starts with one or more alphanumeric characters, underscores, dashes, or dots.
• @: The mandatory literal "at" symbol.
• ([\w-]+\.)+: One or more domain sections (e.g., "gmail." or "co.uk.").
• [\w-]{2,4}$: Ends with a top-level domain (TLD) between 2 and 4 characters long.