Validation of an email address in Laravel

Stefan Izdrail

Founder & Senior Architect · 2026-06-29

Laravel Company
Title: Enhancing Laravel Email Address Validation for Better Security Body:

Validating email addresses in your Laravel application is crucial to ensure that users enter legitimate and secure information. While server-side validation catches clearly invalid emails like 'xxxxxx', there can be instances where an address might seem valid but does not contain a proper domain or dot. In this blog post, we'll dive deeper into the validation process and provide best practices to enhance Laravel email address security.

Basic Validation in Laravel

Laravel provides built-in support for form request validation that can be applied to any user input. This includes an email field, which is validated using the required(), email(), and max:100 validation rules in your controller method. Here is a basic example:

public function update(Request $request, $id) {
    // Validate the request data
    $validatedData = $request->validate([
        'email' => 'required|email:dns|max:100',
    ]);

    // Update or create a record in your database
}

This code block will validate the email address based on the rules given, including requiring the field to be filled and checking if it is an actual email. Additionally, it uses email:dns to perform DNS checks for the domain present in the email address.

DNS Checks

The Laravel core provides a built-in validation rule called email:dns which ensures that your email addresses are valid based on DNS verification. This means that Laravel will check whether the DNS records exist for the domains present in the email address provided. For instance, if you provide an email like 'someone@gmail.com', Laravel will verify Gmail's MX (mail exchange) record to validate its existence. However, this method does not guarantee that the domain is active or valid.

$validatedData = $request->validate([
    'email' => 'required|email:dns|max:100',
]);

Improving Validation with Custom Logic

If you want to ensure that your email addresses are both valid and based on real domains, you can create a custom validation rule. This will allow you to perform additional checks on the email address before accepting it as valid. Here's an example of how to define a new validation rule in Laravel:


In this example, we've created a custom rule called CustomEmailValidationRule. The passes() method will be called every time the validation fails. This is where you can perform your own logic to verify that the provided email address adheres to specific criteria you deem necessary for a valid email address.

Conclusion

As a Laravel senior developer, ensuring proper email address validation in your application is essential. While Laravel's built-in validation offers a solid foundation, creating custom validation rules and logic can make your applications more secure and user-friendly.

By leveraging the email:dns rule combined with custom validation logic, you'll be able to catch invalid email addresses with no dots or proper domains. This will help maintain a safer environment for both users and your application while delivering an enhanced user experience.

Summary of Best Practices

- Use Laravel's built-in validation rules for required, email format, and length checks. - Include the email:dns rule to ensure proper DNS verification for domains in provided email addresses. - Create custom validation logic within a class that extends Laravel's FormRequestValidator and implements ValidatorInterface. - Perform additional checks on the email address, such as presence of dots or valid domain structure.