diff --git a/app/builders/messages/message_builder.rb b/app/builders/messages/message_builder.rb
index 69ed786ce..d7a712e6b 100644
--- a/app/builders/messages/message_builder.rb
+++ b/app/builders/messages/message_builder.rb
@@ -51,10 +51,19 @@ class Messages::MessageBuilder
     cc_emails = @params[:cc_emails].split(',') if @params[:cc_emails]
     bcc_emails = @params[:bcc_emails].split(',') if @params[:bcc_emails]
 
+    all_email_addresses = cc_emails + bcc_emails
+    validate_email_addresses(all_email_addresses)
+
     @message.content_attributes[:cc_emails] = cc_emails
     @message.content_attributes[:bcc_emails] = bcc_emails
   end
 
+  def validate_email_addresses(all_emails)
+    all_emails&.each do |email|
+      raise StandardError, 'Invalid email address' unless email.match?(URI::MailTo::EMAIL_REGEXP)
+    end
+  end
+
   def message_type
     if @conversation.inbox.channel_type != 'Channel::Api' && @message_type == 'incoming'
       raise StandardError, 'Incoming messages are only allowed in Api inboxes'