/(?![[:alnum:]]|@|-|_|\.)./

现在，如果你使用带有type=email的HTML5表单，那么你已经有80%的安全性了，因为浏览器引擎有它们自己的验证器。为了补充它，将这个正则表达式添加到你的preg_match_all()并对其求反:

if (!preg_match_all("/(?![[:alnum:]]|@|-|_|\.)./",$email)) { .. }

找到HTML5表单使用的正则表达式进行验证 https://regex101.com/r/mPEKmy/1

如果你只是在寻找一个实际的正则表达式，允许各种点，下划线和破折号，它如下:[a-zA-z0-9.-]+\@[a-zA-z0-9.-]+.[a-zA-Z]+。这将允许像tom_anderson.1-neo@my-mail_matrix.com这样看起来相当愚蠢的电子邮件被验证。

在关于电子邮件验证的“顶级问题”中回答了这个问题https://stackoverflow.com/a/41129750/1848217

For me the right way for checking emails is: Check that symbol @ exists, and before and after it there are some non-@ symbols: /^[^@]+@[^@]+$/ Try to send an email to this address with some "activation code". When the user "activated" his email address, we will see that all is right. Of course, you can show some warning or tooltip in front-end when user typed "strange" email to help him to avoid common mistakes, like no dot in domain part or spaces in name without quoting and so on. But you must accept the address "hello@world" if user really want it. Also, you must remember that email address standard was and can evolute, so you can't just type some "standard-valid" regexp once and for all times. And you must remember that some concrete internet servers can fail some details of common standard and in fact work with own "modified standard".

所以，只要检查@，提示用户在前端和发送验证电子邮件在给定的地址。

看完这里的答案后，我得出了以下结论:

public static function isValidEmail(string $email) : bool
{
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        return false;
    }

    //Get host name from email and check if it is valid
    $email_host = array_slice(explode("@", $email), -1)[0];

    // Check if valid IP (v4 or v6). If it is we can't do a DNS lookup
    if (!filter_var($email_host,FILTER_VALIDATE_IP, [
        'flags' => FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE,
    ])) {
        //Add a dot to the end of the host name to make a fully qualified domain name
        // and get last array element because an escaped @ is allowed in the local part (RFC 5322)
        // Then convert to ascii (http://us.php.net/manual/en/function.idn-to-ascii.php)
        $email_host = idn_to_ascii($email_host.'.');

        //Check for MX pointers in DNS (if there are no MX pointers the domain cannot receive emails)
        if (!checkdnsrr($email_host, "MX")) {
            return false;
        }
    }

    return true;
}

/(?![[:alnum:]]|@|-|_|\.)./

现在，如果你使用带有type=email的HTML5表单，那么你已经有80%的安全性了，因为浏览器引擎有它们自己的验证器。为了补充它，将这个正则表达式添加到你的preg_match_all()并对其求反:

if (!preg_match_all("/(?![[:alnum:]]|@|-|_|\.)./",$email)) { .. }

找到HTML5表单使用的正则表达式进行验证 https://regex101.com/r/mPEKmy/1

如果你想检查电子邮件地址提供的域名是否有效，可以使用如下方法:

/*
* Check for valid MX record for given email domain
*/
if(!function_exists('check_email_domain')){
    function check_email_domain($email) {
        //Get host name from email and check if it is valid
        $email_host = explode("@", $email);     
        //Add a dot to the end of the host name to make a fully qualified domain name and get last array element because an escaped @ is allowed in the local part (RFC 5322)
        $host = end($email_host) . "."; 
        //Convert to ascii (http://us.php.net/manual/en/function.idn-to-ascii.php)
        return checkdnsrr(idn_to_ascii($host), "MX"); //(bool)       
    }
}

这是一种方便的方式来过滤大量无效的电子邮件地址，以及标准的电子邮件验证，因为有效的电子邮件格式并不意味着有效的电子邮件。

请注意，idn_to_ascii()(或它的姐妹函数idn_to_utf8())函数在PHP安装中可能不可用，它需要扩展PECL intl >= 1.0.2和PECL idn >= 0.1。

还要记住，IPv4或IPv6作为电子邮件中的域部分(例如user@[IPv6:2001:db8::1])不能被验证，只有命名主机可以。

点击这里查看更多信息。