diff --git a/internal/handler/auth_handler.go b/internal/handler/auth_handler.go
index ec9cb03..7cf3878 100644
--- a/internal/handler/auth_handler.go
+++ b/internal/handler/auth_handler.go
@@ -117,6 +117,16 @@ func (h *AuthHandler) SendVerificationCode(c *gin.Context) {
 		return
 	}
 
+	// 验证邮箱格式
+	if !isValidEmail(req.Email) {
+		h.logger.Warn("发送验证码失败：邮箱格式错误",
+			zap.String("email", req.Email),
+		)
+		RespondBadRequest(c, "邮箱格式错误", nil)
+		return
+	}
+
+	// 调用服务发送验证码
 	if err := h.container.VerificationService.SendCode(c.Request.Context(), req.Email, req.Type); err != nil {
 		h.logger.Error("发送验证码失败",
 			zap.String("email", req.Email),
diff --git a/internal/handler/helpers.go b/internal/handler/helpers.go
index 8d32149..19a6c60 100644
--- a/internal/handler/helpers.go
+++ b/internal/handler/helpers.go
@@ -5,6 +5,7 @@ import (
 	"carrotskin/internal/model"
 	"carrotskin/internal/types"
 	"net/http"
+	"regexp"
 	"strconv"
 
 	"github.com/gin-gonic/gin"
@@ -227,3 +228,14 @@ func RespondWithError(c *gin.Context, err error) {
 	// 默认返回500错误
 	RespondServerError(c, err.Error(), err)
 }
+
+// isValidEmail 验证邮箱格式
+func isValidEmail(email string) bool {
+	if email == "" {
+		return false
+	}
+	// 更严格的邮箱格式验证
+	emailRegex := `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`
+	matched, _ := regexp.MatchString(emailRegex, email)
+	return matched
+}