I posted this as a comment on his blog, but thought it was interesting enought that others might want to know what is going on.
The IsValid() function uses the following regular expression to determine if the email is valid:
"^[a-zA-Z_0-9-'\+~]+(\.[a-zA-Z_0-9-'\+~]+)*@([a-zA-Z_0-9-]+\.)+[a-zA-Z]{2,7}$"
The CFMail tag uses the Sun Java class
javax.mail.internet.InternetAddress
parse() function. Since the implementation uses JavaMail, this is how we generate the InternetAddress objects that we pass in for the addresses (to, from, cc, etc).The "strict" attribute is turned on. The JavaDoc says of this:
"Parse the given sequence of addresses into InternetAddress objects. If strict is false, simple email addresses separated by spaces are also allowed. If strict is true, many (but not all) of the RFC822 syntax rules are enforced. In particular, even if strict is true, addresses composed of simple names (with no "@domain" part) are allowed. Such "illegal" addresses are not uncommon in real messages.
Non-strict parsing is typically used when parsing a list of mail addresses entered by a human. Strict parsing is typically used when parsing address headers in mail messages"
See the InternetAddress JavaDoc at http://java.sun.com/products/javamail/javadocs/javax/mail/internet/InternetAddress.html
In general I think that the more strict IsValid() behavior is a good thing, and importantly it matches the client side validators used for forms in the browser. This is what it is intended to do (match client and server behavior).