diff --git a/package-lock.json b/package-lock.json
index 95e7c45e6..d9c8a358b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,6 +15,7 @@
         "bcryptjs": "^2.4.3",
         "body-parser": "^1.20.2",
         "cors": "^2.8.5",
+        "email-validator": "^2.0.4",
         "express": "~4.18.1",
         "express-jwt": "^8.4.1",
         "jsonwebtoken": "^9.0.2",
@@ -5541,6 +5542,14 @@
       "integrity": "sha512-/bKPPcgZVUziECqDc+0HkT87+0zhaWSZHNXqF8FLd2lQcptpmUFwoCSWjCdOng9Gdq+afKArPdEg/0ZW461Eng==",
       "dev": true
     },
+    "node_modules/email-validator": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/email-validator/-/email-validator-2.0.4.tgz",
+      "integrity": "sha512-gYCwo7kh5S3IDyZPLZf6hSS0MnZT8QmJFqYvbqlDZSbwdZlY6QZWxJ4i/6UhITOJ4XzyI647Bm2MXKCLqnJ4nQ==",
+      "engines": {
+        "node": ">4.0"
+      }
+    },
     "node_modules/emittery": {
       "version": "0.13.1",
       "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz",
diff --git a/package.json b/package.json
index 2e3b26cb0..d9dc95f1f 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,7 @@
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.20.2",
     "cors": "^2.8.5",
+    "email-validator": "^2.0.4",
     "express": "~4.18.1",
     "express-jwt": "^8.4.1",
     "jsonwebtoken": "^9.0.2",
diff --git a/src/app/routes/auth/auth.service.ts b/src/app/routes/auth/auth.service.ts
index d09a28d3d..41521c727 100644
--- a/src/app/routes/auth/auth.service.ts
+++ b/src/app/routes/auth/auth.service.ts
@@ -1,4 +1,5 @@
 import * as bcrypt from 'bcryptjs';
+import { validate } from 'email-validator';
 import { RegisterInput } from './register-input.model';
 import prisma from '../../../prisma/prisma-client';
 import HttpException from '../../models/http-exception.model';
@@ -53,6 +54,10 @@ export const createUser = async (input: RegisterInput): Promise<RegisteredUser>
     throw new HttpException(422, { errors: { password: ["can't be blank"] } });
   }
 
+  if (!validate(email)) {
+    throw new HttpException(422, { errors: { email: ["is invalid"] } });
+  }
+
   await checkUserUniqueness(email, username);
 
   const hashedPassword = await bcrypt.hash(password, 10);
@@ -93,6 +98,10 @@ export const login = async (userPayload: any) => {
     throw new HttpException(422, { errors: { password: ["can't be blank"] } });
   }
 
+  if (!validate(email)) {
+    throw new HttpException(422, { errors: { email: ["is invalid"] } });
+  }
+
   const user = await prisma.user.findUnique({
     where: {
       email,
@@ -150,8 +159,12 @@ export const getCurrentUser = async (id: number) => {
 
 export const updateUser = async (userPayload: any, id: number) => {
   const { email, username, password, image, bio } = userPayload;
-  let hashedPassword;
 
+  if (email && !validate(email)) {
+    throw new HttpException(422, { errors: { email: ["is invalid"] } });
+  }
+
+  let hashedPassword;
   if (password) {
     hashedPassword = await bcrypt.hash(password, 10);
   }