Obviously there is a bit of nuance here, but the best rule of thumb is use a regex and then warn the user that it doesn't look valid but still accept it if it doesn't pass, and then send an email to verify it.