Require email in form to be in standard email format

It sounds like your email field is set to a Text Field rather than a Email Field. Are you using Forms 1.0 or 2.0?

What is the link to your forms? For the lead in your first screenshot, in the lead activity section, does the lead source indicate a form or list upload?

Jennifer, the default client-side email validation is very primitive and will allow through emails that are indeed valid, but not publicly emailable (for example, myname@localhost is a valid email address, but from the public Internet perspective appears invalid).

To get deeper validation without ponying up for actual real-time mail testing, you can look up to see if the person is using a currently extant registered domain + TLD, as in the example here: CodePen - nation.marketo.com/thread/28956

In my database the issue you highlighted usually comes from internal list uploads rather than robots. Marketo has no validation checks on static list uploads so errors like the above can easily happen due to human error when adding large csv's and bad data could be in the middle somewhere. Also email is the primary key so when Marketo can't match the email, they will upload anyway as in the background everything has an ID. Sanfords suggestion excellent too of course.

Yeah, can you give an example of the junk leads that are getting created?

As Sanford said, our forms validation is the same as the one specified in the HTML 5 specification. So, if they are entering something valid we will allow it.

Well, I think here you have 3 explanations:

1. As Frank said, this came in via malformed list import, not the form.
2. The form was submitted without JS validation (i.e. JS was simply disabled in the browser, or a malicious person posted the data directly to the forms endpoint).
3. The email was updated/broken by an internal person using the UI.

This sure doesn't look like a form validation issue.