The vast majority (probably over 99%) of the email addresses still use the pre-2012 rules described in Wikipedia:
The local-part of the email address may use any of these ASCII characters:
- uppercase and lowercase Latin letters
A to Z and a to z;
- digits
0 to 9;
- printable characters others than letters and digit
!#$%&'*+-/=?^_`{|}~;
- dot
., provided that it is not the first or last character unless quoted, and provided also that it does not appear consecutively unless quoted (e.g. John..Doe@example.com is not allowed but "John..Doe"@example.com is allowed);
So for starters, you can whitelist all ASCII characters; if you feel a little more fancy, you can use a regular expression, e.g. one of those listed here.
The HTML element input with type email, which is often used in web forms, uses the following regex for validation:
^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$
Yes, this does mean that letters diacritical marks like @JörgMittag's ö cannot be used: see this Regex101 example. Whether it's worth expanding the regex/character validation to non-ASCII characters depends on your user base. I see you're from Canada; there might be French-speaking users with accented letters in their names and email addresses. If those really need to be supported, check which characters your backend supports (e.g. all ISO-8859-1 characters) and just whitelist those.
+is both in the Wikipedia quote as in the listed regex already ... – Glorfindel Feb 12 '19 at 14:03