pbhj's Journal: form email checking ... thought I did this already!

I use a many pronged approach: firstly there's a javascript check (for people who may have entered text wrongly).

2) there's removal of characters including ,;:\'"% ; removal of html tags and addition of character escaping

3) there's email pattern matching at the server for naive spam attempts

4) there's denial of service for mails with "content-type" or "mime-version" in them as these are used to create multipart (ie html) emails

5) there's a hidden field named so that spambots will auto-fill it; this is checked against the expected contents and mails are rejected if it's wrong

6) captcha would be my next line of defence but as yet it's not needed

I also sometimes enable the forwarding to me of details of mails that don't pass the test; then I can block the domain if it looks nasty (small Korean ISP visiting local UK site, etc.).

spambots will auto-fill it; this is checked against the expected contents and mails are rejected if it's wrong

6) captcha would be my next line of defence but as yet it's not needed

I also sometimes enable the forwarding to me of details of mails that don't pass the test; then I can block the domain if it looks nasty (small Korean ISP visiting local UK site, etc.).

My regex is '/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i'

that is:
a) multiple characters before @ that aren't whitespace or @
b) - OR a-z OR 0-9 followed by a dot, taken multiple times
c) ending in a sequence of 2 or more letters (eg to allow for .info domains and new primary domains in future). Many regex are wrong here and only allow 2/3 chars for last part of domain name.
d) it's all case insensitive

'/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i'

Try bridgehosting.net/email-form-regex