This regular expression provides a balance between RFC compliance and security-best-practices. It is designed to prevent injection vectors in legacy systems by using a restricted "safe" character subset recommended by the OWASP Validation Regex Repository.

Pattern:

^[A-Za-z0-9][A-Za-z0-9_+&*-]*(?:\.[A-Za-z0-9_+&*-]+)*@(?:[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?\.)+[A-Za-z]{2,63}$

Key Features:

• Forced Alphanumeric Start: Prevents leading hyphens to avoid command injection vulnerabilities.
• Security Subset: Restricts special characters to _+&*- to prevent exotic character injections (e.g., pipes or backticks).
• No Quoted Strings: Forbids quoted strings to eliminate dangerous payloads containing spaces or backslashes.
• DNS Compliance: Enforces label lengths (1–63 characters) and prevents labels from starting or ending with hyphens.
• Whole String Anchoring: Uses ^ and $ to ensure the entire input is validated.