The email address in your example appears valid. The only character that is unusual is the quote "
-- rest others are valid.
Wikipedia suggests that the email address you specified is valid.
You need to ensure that arbitrary user input is sanitized before being rendered.
To begin with, you might want to refer to information about XSS and prevention available at OWASP.