Guides

Last updated

July 25, 2025

5 Ways to Validate Emails with Apache Commons Validator

Nicolas Rios

Table of Contents:

ON THIS PAGE

Heading

Get your free

email validation

API key now

4.8 from 1,863 votes

See why the best developers build on Abstract

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

No credit card required

The Apache Email Validator is a common tool for checking email addresses in Java. We'll explore five implementation methods with code examples, examine their common pitfalls, and see how Abstract API provides a more robust solution to these challenges, ensuring higher data quality for your applications.

How to Implement the Apache Email Validator

This validator offers several implementation methods. Each provides a different level of control over the validation logic, from simple checks to highly customized domain rule enforcement.

Stateless Default Singleton

The simplest approach uses the “getInstance()” method to return a library-wide singleton, which hides all constructor details. The “isValid(String)” method then executes a fast character and length scan, plus a minimal domain structure check.

EmailValidator v = EmailValidator.getInstance();
boolean ok = v.isValid("alice@example.com");

Flag-Configured Singleton for Local Parts and Bare TLDs

You can configure the singleton with boolean flags. The first flag, “allowLocal,” enables host-less addresses for test traffic. The second, “allowTld,” treats addresses like “admin@apache” as legal, which is useful behind corporate SMTP relays. This method uses the same singleton mechanism, so there is no allocation cost.

EmailValidator v = EmailValidator.getInstance(true, true);   // allowLocal, allowTld
boolean ok = v.isValid("svc@localhost");

Injection of a Custom DomainValidator

For more control, the three-argument EmailValidator constructor lets you override the domain-checking strategy completely. You can build a custom DomainValidator to perform specific actions.

Whitelist private zones, such as “.corp” or “.internal,” for non-IANA domains.
Ship an offline Top-Level Domain (TLD) snapshot with your application.
Block newly delegated IANA strings until they pass internal compliance checks.

DomainValidator dv = DomainValidator.builder()
        .addCustomTld("corp")               // private TLD
        .addCustomTld("internal")           // non-IANA zone
        .allowLocal(true)                   // accept host-only names
        .build();
EmailValidator v = new EmailValidator(true, false, dv);
boolean ok = v.isValid("bob@payments.corp");

A Pure Regular Expression Validator via RegexValidator

The `RegexValidator` class is part of the same commons-validator module and exposes helper methods like “isValid,” “validate,” and “match.” This approach lets you embed the RFC-5322 core without the domain logic or IANA data from `EmailValidator`.

This makes it an attractive option for small applications or environments where the full Apache commons package is already shaded for size.

RegexValidator rx = new RegexValidator(
        "^[A-Za-z0-9.!#$%&'*+/=?^_`{|}~-]+" +
        "@([A-Za-z0-9-]+\\.)+[A-Za-z]{2,}$");
boolean ok = rx.isValid("carol@sub.example.net");

Challenges of Implementing the Apache Email Validator

Despite its widespread use, the validator has several long-standing issues. These problems range from an outdated core regular expression to unpredictable behavior that can compromise data quality in production environments.

The core regex is an outdated blacklist that fails to implement the full RFC grammar. This flaw means the `isValid` method incorrectly validates broken addresses while rejecting some legal edge cases, which creates inconsistent results as standards evolve.
The validator accidentally permits non-ASCII characters because its pattern lacks positive rules. This makes it impossible to enforce specific ASCII-only or internationalization policies without custom code, a limitation present in the default `getInstance` implementation.
The poorly documented `allowLocal` and `allowTld` flags create unpredictable behavior. A single parameter change in the `getInstance` method can alter validation logic globally, which allows invalid domains and catches development teams by surprise in production.
The library carries significant technical debt, with open Jira tickets from 2022 that recommend a complete rewrite. These unresolved issues force developers to patch or wrap the `EmailValidator` class themselves to achieve predictable RFC compliance.

Validate Emails with Abstract API

Use the Commons Email Validator library to ensure only valid email addresses enter your system.

Get started for free

How Abstract API Handles Apache Email Validation

Abstract API addresses the core weaknesses of traditional Apache email validation through real-time checks and detailed deliverability insights.

Performs real-time DNS and SMTP probes, which removes the need for local network code and firewall exceptions.
Returns a detailed JSON response with a deliverability status, a quality score, and flags for syntax, MX records, and SMTP handshakes.
Identifies disposable, role-based, catch-all, and free domains to detect potential abuse.
Suggests corrections for common typos, which allows you to fix user input instead of a rejection.

How to Bring Abstract API to Your Dev Environment

Once you know Abstract’s capabilities, you can add its apache email validator API to your project with ease.

Sign up at Abstract API, enable “Email Verification & Validation,” and copy the API key.
Add an HTTP client library to your project.
Store the key in an environment variable named "ABSTRACT_EMAIL_KEY".
Construct the request URL with your key and the target email address.
Call the endpoint from your application and parse the JSON response.
Control user flows based on the "deliverability" and "quality_score" fields in the response.

String apiKey = 
System.getenv("ABSTRACT_EMAIL_KEY");String email  = URLEncoder.encode(userEmail, 
StandardCharsets.UTF_8);HttpGet req   = new HttpGet("https://emailvalidation.abstractapi.com/v1/?api_key=" + apiKey + "&email=" + email);try (CloseableHttpClient c = 
HttpClients.createDefault(); CloseableHttpResponse r = c.execute(req)) {    String json = EntityUtils.toString(r.getEntity());    JSONObject o = new JSONObject(json);    if ("DELIVERABLE".equals(o.getString("deliverability"))) { … }}

Sample Apache Email Validator Implementation with Abstract API

The sample response below shows a validation for "dev@apache.org". The address passes all syntax, MX, and SMTP checks. It is not a disposable, free, role-based, or catch-all account. The 0.97 quality score and "DELIVERABLE" flag show high confidence that messages will reach an inbox, a level of detail Apache Commons EmailValidator cannot provide.

{"email":"[email protected]","autocorrect":"","deliverability":"DELIVERABLE","quality_score":0.97,"is_valid_format":
{"value":true,"text":"TRUE"},"is_free_email":{"value":false,"text":"FALSE"},"is_disposable_email":
{"value":false,"text":"FALSE"},"is_role_email":{"value":false,"text":"FALSE"},"is_catchall_email":
{"value":false,"text":"FALSE"},"is_mx_found":{"value":true,"text":"TRUE"},"is_smtp_valid":
{"value":true,"text":"TRUE"}}

Final Thoughts

Traditional regex-based validation often accepts undeliverable addresses and fails to detect abuse from disposable or temporary domains. Abstract API overcomes these limits with real-time checks for deliverability, domain reputation, and syntax. For reliable email validation, consider an account on Abstract API to get your free API key.

Validate Emails with Abstract API

Implement the Apache email validator to ensure only valid email addresses can enter your system.

Get started for free

Phone Validation

key now