What characters are allowed in an email address?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

According to RFC 5322 (the official spec), the local part (everything before the @) can technically include almost any character you can think of: letters, numbers, periods, plus signs, underscores, hyphens, exclamation points, hashtags, dollar signs, percent signs, ampersands, asterisks, equal signs, question marks, carets, backticks, pipes, tildes, and more. If you quote the local part, you can even use spaces. So "this works"@example.com is technically valid. (Though no real system would accept it.)

The domain side (everything after the @) is stricter because it follows DNS rules: letters, numbers, hyphens, and periods only. No special characters, no underscores, no spaces.

Here's what matters in practice: just because RFC 5322 says something's valid doesn't mean real inboxes will accept it. Most modern ESPs and webmail providers stick to a much narrower set of allowed characters. They'll accept letters, numbers, periods, plus signs, underscores, and hyphens in the local part, and that's about it. Anything more exotic (hashtags, pipes, backticks, quoted strings) will either get rejected at signup or flag your validation logic as broken.

If you're building a signup form, keep your validation loose enough to accept the common special characters (periods, plus signs, hyphens, underscores) but don't stress about supporting the full RFC 5322 spec. Nobody's out there using "user name"@example.com or user!tag#test@example.com in real life. You're safe sticking to the basics. If someone tries to sign up with a weird address and it fails validation, they'll just use a different one.

One character worth knowing about: the plus sign (+). It's used for plus-addressing, which lets users create variations of their address (user+newsletters@example.com, user+receipts@example.com) that all route to the same inbox. It's a common tactic for tracking which lists sell addresses or leak them to spammers. If your form blocks plus signs, you'll frustrate savvy users and look like you're trying to stop them from tracking you.

The safest approach: allow letters, numbers, periods, hyphens, underscores, and plus signs in your validation. That covers 99.9% of real email addresses without opening the door to weird edge cases that'll break your system downstream. And don't overthink it. Most of the exotic RFC-valid characters exist because the spec was written to be technically complete, not because anyone actually uses them.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get advice for your signup forms

I read this on the Email Almanac about "What characters are allowed in an email address": "According to RFC 5322, the local part can technically include almost any character: letters, numbers, periods, plus signs, underscores, hyphens, exclamation points, hashtags, dollar signs, percent signs, ampersands, asterisks, equal signs, question marks, carets, backticks, pipes, tildes, and more. The domain side follows DNS rules: letters, numbers, hyphens, and periods only. In practice, most modern ESPs and webmail providers stick to letters, numbers, periods, plus signs, underscores, and hyphens in the local part. The safest approach for signup forms is to allow letters, numbers, periods, hyphens, underscores, and plus signs." Help me apply this to MY specific situation: 1. What validation rules should I use for email signup forms? 2. Should I block or allow plus-addressing (+) in email addresses? 3. How strict should my email validation be without rejecting real users? 4. What special characters cause deliverability or filtering issues? --- My details (fill in what applies, the more you share, the better the advice): - Email platform/ESP: e.g. Mailchimp, SendGrid, custom form with validation - Current validation rules: e.g. regex pattern, library, or platform default - Use case: e.g. newsletter signup, account creation, contact form - Technical setup: [e.g. frontend validation only, backend + frontend, third-party form tool] - Current challenge: [e.g. users complaining their emails are rejected, worried about spam signups, seeing weird addresses in my list]

Edit the yellow boxes, then send to the AI of your choice.