Angular has built in email validator, but it is very benevolent one. It allows for single letter domains, therefore email a@b is considered valid. Their motivation is that when used in intranet it can be perfectly valid email, because you can have custom domain names. But it does not make much sense in the broader internet. I would prefer if the built in validator would be stricter, or that there would be two validators, something like emailValidator and intranetEmailValidator.

Here is my solution, hope it will help someone

import {FormControl} from '@angular/forms';

// copied from http://emailregex.com/
export const emailRegexp = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;

/**
 *
 * @param controlName
 * @returns {(control:FormControl)=>({validateEmail: boolean}|null)}
 */
export function validateEmail(controlName: string) {
  return (control: FormControl) => {
    const value = control.value;

    if (value != "" && (value.length <= 5 || !emailRegexp.test(value))) {
      return { "incorrectMailFormat": true };
    }

    return null;
  };
}

Example usage in component

ngOnInit() {
    this.model.email = this.currentEmail;

    this.changeEmailForm = this.formBuilder.group({
      email: [this.model.email, [
        Validators.required,
        validateEmail('email')
      ]]
    });
  }