“Validate an email with a regex” is a bad idea if you mean RFC 5322. The real grammar includes quoted local parts, IP-literal domains, and comments, and the full regex is over 6000 characters. But for “reject obvious typos in a signup form,” a short regex plus a round-trip email confirmation is the right balance.

This is the one I keep:

^[^\s@]+@[^\s@]+\.[^\s@]+$

In a few common flavors:

// JavaScript
const EMAIL = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;

// Python
EMAIL = re.compile(r"^[^\s@]+@[^\s@]+\.[^\s@]+$")

// Go
var emailRE = regexp.MustCompile(`^[^\s@]+@[^\s@]+\.[^\s@]+$`)

What it gets right: anything with three parts separated by @ and ., no whitespace, no leading or trailing junk. Catches the vast majority of foo@bar and foo@.com typos at the form level.

What it ignores on purpose:

  • quoted local parts like "a b"@example.com (valid by RFC, almost never used)
  • internationalized domains before punycoding (user@exämple.com)
  • plus-addressing is fine (user+tag@example.com matches, no special handling needed)
  • IP literals (user@[192.0.2.1]) do not match, which is fine for signup forms

Always follow up with an actual confirmation email. A regex cannot tell you if an inbox exists. See also /snippets/awk-sum-column/.