· Heybounce · Guides · 2 min read
Building an Email Regex Test Suite with 200+ RFC Edge Cases
Craft a rock-solid email regex by stress-testing it against hundreds of quirky but legal addresses.
Why You Need a Brutal Email Edge-Case Suite
Email addresses look deceptively simple—until a user pastes "very.(),:;<>[]\"very@\"very\\\".unusual"@example.com into your signup form. A solid validator must accept every string the RFCs allow and reject pathological inputs that will bounce at the SMTP stage. The only reliable way to know whether your pattern hits the mark is to unleash an audacious collection of edge cases.
This guide focuses exclusively on curating that collection. We will not cover CI pipelines or repository wiring—only the test data itself.
The Anatomy of an Edge Case
Each entry is a JSON object with three fields:
{
"address": "\"very.(),:;<>[]\\\"very@\\\"very\\\\\\\".unusual\"@example.com",
"valid": true,
"comment": "quoted-local + specials"
}
address— the literal string, exactly as it should be fed to your regex.valid—trueif it must match,falseotherwise.comment— a concise human-friendly note so future readers grasp why the case exists.
The Eight Golden Categories
| # | Category | Why It Matters | Valid Sample | Invalid Sample |
|---|---|---|---|---|
| 1 | Standard | Baseline sanity check | [email protected] | [email protected] |
| 2 | Quoted Local | Spaces & specials inside quotes | "John Doe"@example.io | "John [email protected] |
| 3 | IP-Literal Domains | Rare but RFC-legal routing | root@[192.168.0.1] | root@[300.300.300.300] |
| 4 | Length Extremes | 1↔64 char local, 254 char total | [email protected] | "this-local-part-is-65-characters-long................................"@x.com |
| 5 | Unicode (SMTPUTF8) | Internationalised names & TLDs | 用户@例子.广告 | 用户@例子.通用顶级域 |
| 6 | Dot & Whitespace Traps | Leading/trailing dots or spaces | " spaced"@x.io | [email protected] |
| 7 | Homoglyphs & Confusables | Anti-spoofing checks | рау[email protected] | рау[email protected] |
| 8 | Disposable / Policy | Business-level vetoes | [email protected] | N/A |
Aim for 10–15 cases per category, split evenly between valid and invalid.
Harvesting Edge Cases
- IETF Reference Lists – The RFC authors publish test addresses; start there.
- Real-World Logs – Sanitise bounce logs; they surface bizarre but legal patterns.
- Fuzz Generators – Programmatically permute dots, quotes, and Unicode blocks.
Tip: Run fresh candidates through a reference parser (e.g.
email-addressesin JS) to weed out obvious typos before manual review.
Document Policy Deviations
If your business forbids comments (like this)@example.com, set valid: false and add a short note—policy-blocked—to the comment field.
Maintaining the Suite
- Guard Against Overfitting – Periodically inject unseen addresses from production.
- Version the JSON – Treat
edge_cases.jsonlike code; pull requests must justify every change. - Measure Coverage – Track the ratio of passes to total cases; refuse merges under 99 %.
Ready for Real-World Validation?
Syntax tests catch mistakes, but they can’t guarantee deliverability. Pair your shiny regex with Heybounce’s API to verify MX records, mailbox existence, and disposable domains in real time—no infrastructure required.
Happy edge-case hunting! 🚀
