Stephen Thorne was most scathing, and has very good points to say.
For a start, ' is valid in email addresses, but not at the beginning or the end, O'Brian@example.com. That's just a simple real-world case and ignores the perfectly valid email@example.com, email addresses with doublequotes and spaces, the myriad ways of escaping, etc. RFC821 has a full grammar for email addresses.
Otherwise, your best bet is to check that it contains an @ and is more than 4 characters. Anything in between will reject valid email addresses.
I suppose what this results in is that you want 1 or more characters left of the @, then three or more characters to the right, with at least one period. The right-hand side you can constrain a bit more, since the acceptable characters for domains are easily defined.
And yes, firstname.lastname@example.org is a valid SMTP addressee, but I'm not sure I'd call it an email address in the modern sense any more than I'd expect bang paths.
I'll work up a regex implementing what I outlined above shortly, though I've got a higher-priority project for today so it'll probably be tomorrow. Thanks for the feedback!
PS: RFC2821 supersedes 821.
PPS: Both Skud and Stephen wanted a way to comment on my blog. I don't have the time nor energy to spend 45 minutes de-spamming my blog, which is why I put a "contact me" link on it, which points to my mail form.
Be sure to see this followup.