diff --git a/lib/sanitize.js b/lib/sanitize.js
index 78d905bb284d379db14d3b1a50bc095c20c3b3b4..00fa582f1710aa3a47939040394c4335345b3b7b 100644
--- a/lib/sanitize.js
+++ b/lib/sanitize.js
@@ -18,21 +18,21 @@ var logger = require('./logging.js').logger;
 
 module.exports = function (value) {
   var isEmail = function() {
-    
-    if (!value.toLowerCase().match(/^[\w.!#$%&'*+\-/=?\^`{|}~]+@[a-z\d-]+(\.[a-z\d-]+)+$/i))
+
+    if (!value.toLowerCase().match(/^[\w.!#$%&'*+\-/=?\^`{|}~]+@[a-z\d-_]+(\.[a-z\d-_]+)+$/i))
       throw "not a valid email";
   };
 
   var isDomain = function() {
-    if (!value.match(/^[a-z\d-]+(\.[a-z\d-]+)+$/i)) {
-      throw "not a valid domain";      
+    if (!value.match(/^[a-z\d-_]+(\.[a-z\d-]+)+$/i)) {
+      throw "not a valid domain";
     }
   };
 
   var isOrigin = function() {
     // allow single hostnames, e.g. localhost
-    if (!value.match(/^https?:\/\/[a-z\d-]+(\.[a-z\d-]+)*(:\d+)?$/i)) {
-      throw "not a valid origin";      
+    if (!value.match(/^https?:\/\/[a-z\d-_]+(\.[a-z\d-_]+)*(:\d+)?$/i)) {
+      throw "not a valid origin";
     }
   };