Mark Pilgrim in his Dive Into HTML 5 recomends that you don't validate email address. http://diveintohtml5.org/forms.html "You'll get it wrong," he says "[it is] unbelievably complicated...really, really complicated." He provides some links to prove the point.

Simple things, like validating email addresses, are things are seem simple, but turn out to be hard. You are better off using someone elses library to handle email address, date pickers, anything dealing with prime numbers and crypto. Especially crypto. If you want to roll your own, expect to ship bugs. Of course, shipping crypto bugs is a Bad Thing (TM).

Keep an eye out for the deceptively simple showing up your applications. Make sure your budget time to try to kill the feature and then time to test it if you fail.