5 Ways to Validate Emails in JavaScript Without Regular Expressions

Properly validating emails in JavaScript without regular expressions is an important step for ensuring data integrity. We explore four distinct methods to achieve this, complete with working code snippets. We also discuss the pitfalls of these techniques and show how Abstract API overcomes them.

How to Validate Emails in JavaScript Without Regular Expressions

This section explores four different methods to validate email addresses in JavaScript without the use of regular expressions. Each approach has a unique mechanism for structural and format checks.

Browser Built-in Validator

The HTML5 specification includes an algorithm for email inputs that already conforms to RFC 5322 rules. This method creates an input element that does not appear on the page. The email address candidate is then assigned to its value.

The browser is then asked if the value is valid via the "checkValidity" function. This check is synchronous and does not use regex in the user's code. It relies on the browser's native validator, which also supports IDN domains because the engine normalizes the value internally, as noted by a Formspree blog post.

const test = document.createElement('input')
  test.type = 'email'
  test.value = candidate
  const ok = test.checkValidity()

Manual Character Analysis with String and Array APIs

This pragmatic algorithm performs validation through a series of manual checks. It does not use regular expressions. The process involves several steps:

• First, split the string once on the "@" symbol. The function rejects the email if there are not exactly two parts or if the local part is empty.
• Next, it rejects the address if the local or domain block contains spaces, control characters, or two consecutive dots.
• The domain part must contain at least one dot. The final label, or the part after the last dot, must have a length of two or more characters.
• Finally, it iterates over every character. It allows ASCII letters, digits, and eight special characters in the local part. It also allows hyphens in the domain but disallows them at the start or end.

This approach is similar to a method found in a GeeksforGeeks tutorial but expands the ASCII rule set.

function isValidEmail(str) {
    if (str.includes(' ')) return false
    const [local, domain] = str.split('@')
    if (!local || !domain || str.split('@').length !== 2) return false
    if (local.startsWith('.') || local.endsWith('.') || local.includes('..')) return false
    if (!domain.includes('.') || domain.endsWith('.')) return false
    const labels = domain.split('.')
    if (labels.some(l => !l.length || l.startsWith('-') || l.endsWith('-'))) return false
    const okChars = ch => {
      const cp = ch.codePointAt(0)
      return (cp>=48&&cp<=57)||(cp>=65&&cp<=90)||(cp>=97&&cp<=122)||"-._!#$%&'*+/=?^`{|}~".includes(ch)
    }
    return [...local].every(okChars) && [...domain].every(c=>okChars(c)&&c!=='_')
  }

URL Parser with the mailto: Scheme

Both web browsers and Node.js (version 10 and later) include a URL parser that understands the "mailto:" scheme. To use this method, you construct a URL from the email string with "mailto:" at the start.

You then use a "try...catch" block to handle any failures during URL creation. If it succeeds, you confirm the resultant object's "pathname" property is identical to the original email string and that its "protocol" is "mailto:". The URL constructor rejects invalid characters, multiple "@" signs, and other structural errors without regex.

function viaURL(email) {
    try {
      const u = new URL('mailto:' + email)
      return u.pathname === email && u.protocol === 'mailto:'
    } catch {
      return false
    }
  }

MX Record Verification in Node.js

This technique shifts the focus from complex format validation to real-world deliverability. Format validation can be a simple structural check, like the confirmation of exactly one "@" symbol.

The core of this method is a DNS MX lookup to confirm the domain can receive mail. The function first extracts the domain from the email address and attempts to resolve its MX records. The presence of one or more records suggests the domain is valid for email. An npm package called node-email-verifier wraps this pattern.

import {resolveMx} from 'node:dns/promises'
  async function hasMx(email) {
    const [_, domain] = email.split('@')
    if (!domain) return false
    try {
      const records = await resolveMx(domain)
      return records.length > 0
    } catch {
      return false
    }
  }

Challenges of Email Validation Without Regex

These methods avoid regex but introduce their own complexities and limitations. They often struggle with RFC 5322 edge cases, evolving standards, and the inability to confirm actual email deliverability.

• Manual character analysis struggles with complex RFC 5322 rules like quoted local parts. Without regex, you must hand-code a state machine that is difficult to write correctly and painful to maintain over time.
• The URL parser method only validates byte legality. It does not check for consecutive dots, label length, or other subtle rules. This approach invites off-by-one errors and complex branching logic that is easy to get wrong.
• Browser built-in validation rules vary between engines, which creates inconsistencies. The validator also fails to handle modern standards like emoji local parts or custom TLDs natively, as JavaScript lacks built-in Unicode normalization and public-suffix lists.
• An MX record lookup confirms a domain accepts mail but not if the mailbox exists. This network-bound check adds latency and can fail behind firewalls. Furthermore, any client-side check can be easily disabled or spoofed.