Guides

Last updated

July 25, 2025

5 Ways to Validate Emails with Apache Commons Validator

Nicolas Rios

Table of Contents:

ON THIS PAGE

Heading

Get your free

email validation

API key now

4.8 from 1,863 votes

See why the best developers build on Abstract

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

No credit card required

The Apache Email Validator is a common tool for checking email addresses in Java. We'll explore five implementation methods with code examples, examine their common pitfalls, and see how Abstract API provides a more robust solution to these challenges, ensuring higher data quality for your applications.

How to Implement the Apache Email Validator

This validator offers several implementation methods. Each provides a different level of control over the validation logic, from simple checks to highly customized domain rule enforcement.

Stateless Default Singleton

The simplest approach uses the “getInstance()” method to return a library-wide singleton, which hides all constructor details. The “isValid(String)” method then executes a fast character and length scan, plus a minimal domain structure check.

EmailValidator v = EmailValidator.getInstance();
boolean ok = v.isValid("alice@example.com");

Flag-Configured Singleton for Local Parts and Bare TLDs

You can configure the singleton with boolean flags. The first flag, “allowLocal,” enables host-less addresses for test traffic. The second, “allowTld,” treats addresses like “admin@apache” as legal, which is useful behind corporate SMTP relays. This method uses the same singleton mechanism, so there is no allocation cost.

EmailValidator v = EmailValidator.getInstance(true, true);   // allowLocal, allowTld
boolean ok = v.isValid("svc@localhost");

Injection of a Custom DomainValidator

For more control, the three-argument EmailValidator constructor lets you override the domain-checking strategy completely. You can build a custom DomainValidator to perform specific actions.

Whitelist private zones, such as “.corp” or “.internal,” for non-IANA domains.
Ship an offline Top-Level Domain (TLD) snapshot with your application.
Block newly delegated IANA strings until they pass internal compliance checks.

DomainValidator dv = DomainValidator.builder()
        .addCustomTld("corp")               // private TLD
        .addCustomTld("internal")           // non-IANA zone
        .allowLocal(true)                   // accept host-only names
        .build();
EmailValidator v = new EmailValidator(true, false, dv);
boolean ok = v.isValid("bob@payments.corp");

A Pure Regular Expression Validator via RegexValidator

The `RegexValidator` class is part of the same commons-validator module and exposes helper methods like “isValid,” “validate,” and “match.” This approach lets you embed the RFC-5322 core without the domain logic or IANA data from `EmailValidator`.

This makes it an attractive option for small applications or environments where the full Apache commons package is already shaded for size.

RegexValidator rx = new RegexValidator(
        "^[A-Za-z0-9.!#$%&'*+/=?^_`{|}~-]+" +
        "@([A-Za-z0-9-]+\\.)+[A-Za-z]{2,}$");
boolean ok = rx.isValid("carol@sub.example.net");

Challenges of Implementing the Apache Email Validator

Despite its widespread use, the validator has several long-standing issues. These problems range from an outdated core regular expression to unpredictable behavior that can compromise data quality in production environments.

The core regex is an outdated blacklist that fails to implement the full RFC grammar. This flaw means the `isValid` method incorrectly validates broken addresses while rejecting some legal edge cases, which creates inconsistent results as standards evolve.
The validator accidentally permits non-ASCII characters because its pattern lacks positive rules. This makes it impossible to enforce specific ASCII-only or internationalization policies without custom code, a limitation present in the default `getInstance` implementation.
The poorly documented `allowLocal` and `allowTld` flags create unpredictable behavior. A single parameter change in the `getInstance` method can alter validation logic globally, which allows invalid domains and catches development teams by surprise in production.
The library carries significant technical debt, with open Jira tickets from 2022 that recommend a complete rewrite. These unresolved issues force developers to patch or wrap the `EmailValidator` class themselves to achieve predictable RFC compliance.

Validate Emails with Abstract API

Use the Commons Email Validator library to ensure only valid email addresses enter your system.

Get started for free

How Abstract API Handles Apache Email Validation

Abstract API addresses the core weaknesses of traditional Apache email validation through real-time checks and detailed deliverability insights.

Performs real-time DNS and SMTP probes, which removes the need for local network code and firewall exceptions.
Returns a detailed JSON response with a deliverability status, a quality score, and flags for syntax, MX records, and SMTP handshakes.
Identifies disposable, role-based, catch-all, and free domains to detect potential abuse.
Suggests corrections for common typos, which allows you to fix user input instead of a rejection.

How to Bring Abstract API to Your Dev Environment

Once you know Abstract's capabilities, you can add its apache email validator API to your project with ease.

Sign up at Abstract API, enable "Email Verification & Validation," and copy the API key.
Add an HTTP client library to your project.
Store the key in an environment variable named "ABSTRACT_EMAIL_KEY".
Construct the request URL with your key and the target email address.
Call the endpoint from your application and parse the JSON response.
Control user flows based on the "deliverability" and "quality_score" fields in the response.

Sample Apache Email Validator Implementation with Abstract API

The sample response below shows a validation for "dev@apache.org". The address passes all syntax, MX, and SMTP checks. It is not a disposable, free, role-based, or catch-all account. The 0.97 quality score and "DELIVERABLE" flag show high confidence that messages will reach an inbox, a level of detail Apache Commons EmailValidator cannot provide.

Final Thoughts

Traditional regex-based validation often accepts undeliverable addresses and fails to detect abuse from disposable or temporary domains. Abstract API overcomes these limits with real-time checks for deliverability, domain reputation, and syntax. For reliable email validation, consider an account on Abstract API to get your free API key.

Frequently Asked Questions

What is Apache Commons Validator and what does it check for email addresses?

Apache Commons Validator is a Java library that provides reusable validation routines, including an EmailValidator class for checking email addresses. Its default singleton performs a fast character and length scan plus a minimal domain structure check, making it suitable for quick syntax filtering but not deep deliverability verification.

How do you allow local and TLD-only addresses with Apache Commons EmailValidator?

You pass boolean flags to the getInstance(allowLocal, allowTld) overload. Setting allowLocal to true permits host-less addresses such as svc@localhost, which is useful in test environments, while allowTld to true accepts bare domains like admin@apache for corporate SMTP relays. Be aware that these flags alter validation logic globally and their behavior is not thoroughly documented.

How can you validate private or custom TLDs like .corp or .internal with Apache Commons Validator?

Use the three-argument EmailValidator constructor with a custom DomainValidator instance. Build the DomainValidator with addCustomTld("corp") or addCustomTld("internal") to whitelist private zones, ship offline TLD snapshots, or block newly delegated IANA domains until your team has verified compliance.

What are the main limitations of Apache Commons Validator for email validation?

The library has four well-known weaknesses: its core regex does not implement the full RFC 5322 grammar, so it can accept malformed addresses and reject valid ones; it handles non-ASCII characters inconsistently; the allowLocal and allowTld flags produce unpredictable global side-effects; and open Jira tickets from 2022 recommend a complete rewrite that has not yet landed, leaving developers to patch or wrap the validator themselves.

When should you use an API like Abstract Email Validation instead of Apache Commons Validator?

Apache Commons Validator only checks syntax and domain structure; it cannot confirm whether a mailbox actually exists or is deliverable. Abstract Email Validation performs real-time DNS and SMTP probes and returns a detailed JSON response with a deliverability status, quality score, and flags for disposable, role-based, and catch-all domains. Use the API whenever you need to reduce bounces or block fake sign-ups, not just filter obviously malformed strings.

How do you integrate Abstract's Email Validation into a Java application already using Apache Commons?

Store your API key in an environment variable (for example ABSTRACT_EMAIL_KEY), then use any HTTP client to call the Abstract Email Validation endpoint with the address as a query parameter. Parse the JSON response and gate your user flow on the deliverability field: a value of DELIVERABLE and a high quality_score (the library returns 0.97 for a real address like dev@apache.org) indicate the address is safe to accept.