Many websites attempt to validate email addresses based on formatting rules alone. Often, they use regular expressions which may turn out to be wrong, which is difficult to notice due to their complexity. Attempting to do very much validation of email addresses is usually a mistake and should be avoided.
The most common problem I've seen personally, from the perspective of a website user, is that email addresses containing a plus-sign (+) are considered invalid. For example, an email address like [email protected] is often rejected as invalid. However, that conclusion is incorrect.
- According to RFC 3696 from the IETF,
+is a valid character for the "local part" (the part before the@sign). - According to RFC 5233, the
[email protected]address is valid and the receiving mail server will deliver messages for that address to the user with the address[email protected]. - Also see the "Local-part" section of the "Email address" article in Wikipedia
As a concrete example, Gmail allows their users to receive email addressed that way. It's helpful to the user, because it allows them to create email sorting rules or filters based on the part of the email address that comes after the +.