diff --git a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionService.java b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionService.java
index 416801bcb1dff152916ba976915b91767b782738..35dd7c9f23d09e97c2c78fc5f250d81ae6172b28 100644
--- a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionService.java
+++ b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionService.java
@@ -24,6 +24,8 @@
 package de.ozgcloud.operator.keycloak.user;
 
 import java.util.Optional;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import org.springframework.stereotype.Component;
 
@@ -55,7 +57,7 @@ class KeycloakUserPreconditionService {
 			return groupError;
 		}
 
-		if (!userEmailExists(user)) {
+		if (!userEmailExistsAndIsValidEmail(user)) {
 			return Optional.of(String.format("User Email does not yet exist"));
 		}
 
@@ -83,7 +85,16 @@ class KeycloakUserPreconditionService {
 				.findAny();
 	}
 
-	boolean userEmailExists(OzgCloudKeycloakUser user) {
-		return !Optional.ofNullable(user.getSpec().getKeycloakUser().getEmail()).orElse("").isEmpty();
+	boolean userEmailExistsAndIsValidEmail(OzgCloudKeycloakUser user) {
+		String email = user.getSpec().getKeycloakUser().getEmail();
+		return !Optional.ofNullable(email).orElse("").isEmpty() && isValidEmail(email);
+	}
+
+	boolean isValidEmail(String email) {
+		String EMAIL_REGEX = "^[A-Za-z0-9+_.-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}$";
+		Pattern EMAIL_PATTERN = Pattern.compile(EMAIL_REGEX);
+
+		Matcher matcher = EMAIL_PATTERN.matcher(email);
+		return matcher.matches();
 	}
 }
diff --git a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionServiceTest.java b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionServiceTest.java
index 6a2bdf6232d41a80c5bd153d810553223ca46ae6..ea5d23425c36ec9be77f4e95dacd66cc1b161f01 100644
--- a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionServiceTest.java
+++ b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/user/KeycloakUserPreconditionServiceTest.java
@@ -104,7 +104,7 @@ class KeycloakUserPreconditionServiceTest {
 		@Test
 		void shouldReturnEmptyIfRealmExists() {
 			var user = OzgCloudKeycloakUserTestFactory.create();
-			doReturn(true).when(service).userEmailExists(user);
+			doReturn(true).when(service).userEmailExistsAndIsValidEmail(user);
 			doReturn(true).when(keycloakGenericRemoteService).realmExists(anyString());
 			doReturn(Optional.empty()).when(service).clientsExists(any(), any());
 			doReturn(Optional.empty()).when(service).groupsExists(any(), any());
@@ -115,9 +115,9 @@ class KeycloakUserPreconditionServiceTest {
 		}
 
 		@Test
-		void shouldReturnEmptyIfUserEmailExists() {
+		void shouldReturnEmptyIfuserEmailExistsAndIsValidEmail() {
 			var user = OzgCloudKeycloakUserTestFactory.create();
-			doReturn(true).when(service).userEmailExists(user);
+			doReturn(true).when(service).userEmailExistsAndIsValidEmail(user);
 			doReturn(true).when(keycloakGenericRemoteService).realmExists(anyString());
 			doReturn(Optional.empty()).when(service).clientsExists(any(), any());
 			doReturn(Optional.empty()).when(service).groupsExists(any(), any());
@@ -128,7 +128,7 @@ class KeycloakUserPreconditionServiceTest {
 		}
 
 		@Test
-		void shouldCheckUserEmailExists() {
+		void shouldCheckuserEmailExistsAndIsValidEmail() {
 			var user = OzgCloudKeycloakUserTestFactory.create();
 			doReturn(true).when(keycloakGenericRemoteService).realmExists(anyString());
 			doReturn(Optional.empty()).when(service).clientsExists(any(), any());
@@ -136,7 +136,7 @@ class KeycloakUserPreconditionServiceTest {
 
 			service.getPreconditionErrors(user);
 
-			verify(service).userEmailExists(user);
+			verify(service).userEmailExistsAndIsValidEmail(user);
 		}
 
 		@Test
@@ -183,12 +183,12 @@ class KeycloakUserPreconditionServiceTest {
 	}
 
 	@Nested
-	class TestUserEmailExists {
+	class TestuserEmailExistsAndIsValidEmail {
 
 		@Test
-		void shouldRespondUserEmailExists() {
+		void shouldResponduserEmailExistsAndIsValidEmail() {
 
-			var response = service.userEmailExists(OzgCloudKeycloakUserTestFactory.create());
+			var response = service.userEmailExistsAndIsValidEmail(OzgCloudKeycloakUserTestFactory.create());
 
 			assertThat(response).isTrue();
 		}
@@ -197,7 +197,7 @@ class KeycloakUserPreconditionServiceTest {
 		void shouldRespondWhenUserEmailIsEmpty() {
 			var user = OzgCloudKeycloakUserTestFactory.create();
 			user.getSpec().getKeycloakUser().setEmail("");
-			var response = service.userEmailExists(user);
+			var response = service.userEmailExistsAndIsValidEmail(user);
 
 			assertThat(response).isFalse();
 		}
@@ -206,65 +206,95 @@ class KeycloakUserPreconditionServiceTest {
 		void shouldRespondWhenUserEmailIsNull() {
 			var user = OzgCloudKeycloakUserTestFactory.create();
 			user.getSpec().getKeycloakUser().setEmail(null);
-			var response = service.userEmailExists(user);
+			var response = service.userEmailExistsAndIsValidEmail(user);
 
 			assertThat(response).isFalse();
 		}
-	}
-
-	@Nested
-	class TestClientExists {
 
 		@Test
-		void shouldRespondMissingRealm() {
-			when(keycloakGenericRemoteService.getByClientId(any(), any())).thenReturn(Optional.empty());
-
-			var rsp = service.clientsExists(OzgCloudKeycloakUserTestFactory.create(), null);
+		void shouldCallIsValidEmail() {
+			var user = OzgCloudKeycloakUserTestFactory.create();
+			service.userEmailExistsAndIsValidEmail(user);
 
-			assertThat(rsp).isPresent();
+			verify(service).isValidEmail(user.getSpec().getKeycloakUser().getEmail());
 		}
 
-		@Test
-		void shouldReturnClientExists() {
-			when(keycloakGenericRemoteService.getByClientId(any(), any())).thenReturn(Optional.of(mock(ClientRepresentation.class)));
+		@Nested
+		class TestIsValidEmail {
+			@Test
+			void shouldRespondWhenUserEmailIsInvalid() {
+				var user = OzgCloudKeycloakUserTestFactory.create();
+				user.getSpec().getKeycloakUser().setEmail("@domain.com");
+				var response = service.userEmailExistsAndIsValidEmail(user);
 
-			var rsp = service.clientsExists(OzgCloudKeycloakUserTestFactory.create(), null);
+				assertThat(response).isFalse();
+			}
+
+			@Test
+			void shouldRespondWhenUserEmailIsValid() {
+				var user = OzgCloudKeycloakUserTestFactory.create();
+				user.getSpec().getKeycloakUser().setEmail("test@domain.com");
+				var response = service.userEmailExistsAndIsValidEmail(user);
+
+				assertThat(response).isTrue();
+			}
 
-			assertThat(rsp).isEmpty();
 		}
-	}
 
-	@Nested
-	class TestGroupsExists {
+		@Nested
+		class TestClientExists {
 
-		private static final OzgCloudKeycloakUser user = OzgCloudKeycloakUserTestFactory.create();
+			@Test
+			void shouldRespondMissingRealm() {
+				when(keycloakGenericRemoteService.getByClientId(any(), any())).thenReturn(Optional.empty());
 
-		@BeforeEach
-		void init() {
-			doReturn(true).when(keycloakGenericRemoteService).realmExists(anyString());
-			doReturn(Optional.empty()).when(service).clientsExists(any(), any());
-		}
+				var rsp = service.clientsExists(OzgCloudKeycloakUserTestFactory.create(), null);
 
-		@Test
-		void shouldReturnMissingGroup() {
-			when(keycloakGenericRemoteService.groupExists(KeycloakUserSpecUserTestFactory.GROUP_NAME_1,
-					OzgCloudKeycloakUserTestFactory.METADATA_NAMESPACE)).thenReturn(false);
+				assertThat(rsp).isPresent();
+			}
 
-			var rsp = service.getPreconditionErrors(user);
+			@Test
+			void shouldReturnClientExists() {
+				when(keycloakGenericRemoteService.getByClientId(any(), any())).thenReturn(Optional.of(mock(ClientRepresentation.class)));
 
-			assertThat(rsp).isPresent();
+				var rsp = service.clientsExists(OzgCloudKeycloakUserTestFactory.create(), null);
+
+				assertThat(rsp).isEmpty();
+			}
 		}
 
-		@Test
-		void shouldReturnGroupExists() {
-			when(keycloakGenericRemoteService.groupExists(KeycloakUserSpecUserTestFactory.GROUP_NAME_1,
-					OzgCloudKeycloakUserTestFactory.METADATA_NAMESPACE)).thenReturn(true);
-			when(keycloakGenericRemoteService.groupExists(KeycloakUserSpecUserTestFactory.GROUP_NAME_2,
-					OzgCloudKeycloakUserTestFactory.METADATA_NAMESPACE)).thenReturn(true);
+		@Nested
+		class TestGroupsExists {
+
+			private static final OzgCloudKeycloakUser user = OzgCloudKeycloakUserTestFactory.create();
+
+			@BeforeEach
+			void init() {
+				doReturn(true).when(keycloakGenericRemoteService).realmExists(anyString());
+				doReturn(Optional.empty()).when(service).clientsExists(any(), any());
+			}
+
+			@Test
+			void shouldReturnMissingGroup() {
+				when(keycloakGenericRemoteService.groupExists(KeycloakUserSpecUserTestFactory.GROUP_NAME_1,
+						OzgCloudKeycloakUserTestFactory.METADATA_NAMESPACE)).thenReturn(false);
+
+				var rsp = service.getPreconditionErrors(user);
+
+				assertThat(rsp).isPresent();
+			}
+
+			@Test
+			void shouldReturnGroupExists() {
+				when(keycloakGenericRemoteService.groupExists(KeycloakUserSpecUserTestFactory.GROUP_NAME_1,
+						OzgCloudKeycloakUserTestFactory.METADATA_NAMESPACE)).thenReturn(true);
+				when(keycloakGenericRemoteService.groupExists(KeycloakUserSpecUserTestFactory.GROUP_NAME_2,
+						OzgCloudKeycloakUserTestFactory.METADATA_NAMESPACE)).thenReturn(true);
 
-			var rsp = service.getPreconditionErrors(user);
+				var rsp = service.getPreconditionErrors(user);
 
-			assertThat(rsp).isEmpty();
+				assertThat(rsp).isEmpty();
+			}
 		}
 	}
 }