I like that, much more elegant! My only changes would be to make the middle .* into .+? as that way it requires at least one char, and the ? is for lazy repetition.

Just a top level domain after the @ is a valid email (e.g. foo@com). Things like this are why we end up with massive regular expressions for email validation. That said, if you are only warning the user, but not preventing them from submitting foo@com, then it is probably good enough.

Note that there are valid, probably in-use, e-mail addresses on TLDs, e.g. "username@cx". You may not care enough to support them though.

Yep, that's pretty much what I do too.