Email Address (RFC 5321 Practical) Regex for Python

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching email address (rfc 5321 practical), ported and verified for Python. Identity and credential patterns need both correctness and safety, since they're frequent targets for adversarial input. The snippet below is ready to drop into your Python project — whether you're validating in a Django view, a FastAPI endpoint, or a standalone data processing script.

Python Implementation

# Email Address (RFC 5321 Practical)
# ReDoS-safe | RegexVault — Identity & PII > Email Address

import re

email_address_rfc_5321_practical_pattern = re.compile(r'^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$')

def validate_email_address_rfc_5321_practical(value: str) -> bool:
    return bool(email_address_rfc_5321_practical_pattern.fullmatch(value))

# Example
print(validate_email_address_rfc_5321_practical("user@example.com"))  # True

Test Cases

When to use this pattern

This pattern is drawn from the Identity & PII > Email Address category and carries a ReDoS-safe certification. That matters for Python developers because particularly important in Python web servers where CPU-bound regex operations can stall concurrent request handling. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Technical Notes

Deliberately excludes quoted strings and IP address literals (RFC 5321 allows them but they are vanishingly rare in practice). The TLD must be at least 2 letters. Internationalized domain names (IDN) require Punycode encoding first.