One valid character that people always miss is the '%' character. It performs an internal routing direction. See email addresses section 17.3.3.
Note that this is regarded as legacy. However it shows that you're looking to do something quite complicated. I'd perhaps just check for a @ character and a suitable-looking domain suffix.
EDIT: I forgot. You can now get Unicode domain names e.g. http://☃.net/ (Stackoverflow's HTML editor gets a bit mixed up by this)
