Email address validation is a quixotic affair that's sure to end with you sporting a false sense of achievement and your users in tears. Many "better mousetrap" regular-expression-based validation system on the web today are overly strict and reject perfectly valid email addresses.

Beyond regular expressions and other string-based techniques, your options are to check the DNS server (but DNS lookups can fail on occasion) and vrfy the SMTP server (but many SMTP servers turn this off to stop email harvesters). Ultimately, you can actually send an email to the address and see if there are any bounces.

Or, we could just not bother.

That, at least, is the approach that the Google App Engine SDK currently takes.

Both the google.appengine.ext.db.EmailPropery() and the google.appengine.api.mail.is_email_valid() functions only check that a non-empty string instance is passed.

The problem with that is that you really don't want your good friends asdfhdsjkj and asdfghdsj to make regular camio appearances in your lovely database.

It feels to me that the best approach is to accept that we can't truly validate email addresses and instead perform some light validation that doesn't provide false positives while blocking the most obviously non-validating addresses. This seems to be the approach taken by the validation regular expression in Django ( email_re in django.core.validators ).

Phil Haack has a good article about all this from last year this titled I Knew How To Validate An Email Address Until I Read The RFC in which he quotes several unlikely-looking yet valid email addresses from RFC 3696 (Application Techniques for Checking and Transformation of Names) including such gems like !def!xyz%abc@example.com . I ran the whole list through Django's validator and they all passed.

All this to say that I'm using the Django email validator in my Google App Engine apps and it appears to be working well.