diff --git a/apps/web/pages/api/auth/forgot-password.ts b/apps/web/pages/api/auth/forgot-password.ts
index 1c77c6df6..80aefe5a7 100644
--- a/apps/web/pages/api/auth/forgot-password.ts
+++ b/apps/web/pages/api/auth/forgot-password.ts
@@ -8,7 +8,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {
   const { email } = req.body;
   const cleanEmail = email.toLowerCase();
 
-  if (!cleanEmail || !cleanEmail.includes("@")) {
+  if (!cleanEmail || !/.+@.+/.test(cleanEmail)) {
     res.status(422).json({ message: "Invalid email" });
     return;
   }
diff --git a/apps/web/pages/api/auth/signup.ts b/apps/web/pages/api/auth/signup.ts
index b82bf5ea2..d8032ed95 100644
--- a/apps/web/pages/api/auth/signup.ts
+++ b/apps/web/pages/api/auth/signup.ts
@@ -8,7 +8,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {
   const { email, password, source } = req.body;
   const cleanEmail = email.toLowerCase();
 
-  if (!cleanEmail || !cleanEmail.includes("@")) {
+  if (!cleanEmail || !/.+@.+/.test(cleanEmail)) {
     res.status(422).json({ message: "Invalid email" });
     return;
   }