diff --git a/.env.example b/.env.example
index d514802084..9cd0edae74 100644
--- a/.env.example
+++ b/.env.example
@@ -34,9 +34,9 @@ DEPLOY_REGISTRY_HOST=localhost:5000
 
 # OPTIONAL VARIABLES
 # This is used for validating emails that are allowed to log in. Every email that do not match this regex will be rejected.
-# WHITELISTED_EMAILS="authorized@yahoo\.com|authorized@gmail\.com"
+# WHITELISTED_EMAILS="^(authorized@yahoo\.com|authorized@gmail\.com)$"
 # Accounts with these emails will get global admin rights. This grants access to the admin UI.
-# ADMIN_EMAILS="admin@example\.com|another-admin@example\.com"
+# ADMIN_EMAILS="^(admin@example\.com|another-admin@example\.com)$"
 # This is used for logging in via GitHub. You can leave these commented out if you don't want to use GitHub for authentication.
 # AUTH_GITHUB_CLIENT_ID=
 # AUTH_GITHUB_CLIENT_SECRET=
diff --git a/docs/open-source-self-hosting.mdx b/docs/open-source-self-hosting.mdx
index bbdbc910fa..ba5fc49870 100644
--- a/docs/open-source-self-hosting.mdx
+++ b/docs/open-source-self-hosting.mdx
@@ -313,7 +313,7 @@ All email addresses can sign up and log in this way. If you would like to restri
 
 ```bash
 # every email that does not match this regex will be rejected
-WHITELISTED_EMAILS="authorized@yahoo\.com|authorized@gmail\.com"
+WHITELISTED_EMAILS="^(authorized@yahoo\.com|authorized@gmail\.com)$"
 ```
 
 It's currently impossible to restrict GitHub OAuth logins by account name or email like above, so this method is _not recommended_ for self-hosted instances. It's also very easy to lock yourself out of your own instance.
diff --git a/docs/self-hosting/docker.mdx b/docs/self-hosting/docker.mdx
index afce5893c4..b0834d35ff 100644
--- a/docs/self-hosting/docker.mdx
+++ b/docs/self-hosting/docker.mdx
@@ -299,7 +299,7 @@ All email addresses can sign up and log in this way. If you would like to restri
 
 ```bash
 # every email that does not match this regex will be rejected
-WHITELISTED_EMAILS="authorized@yahoo\.com|authorized@gmail\.com"
+WHITELISTED_EMAILS="^(authorized@yahoo\.com|authorized@gmail\.com)$"
 ```
 
 This will apply to all auth methods including magic link and GitHub OAuth.
diff --git a/docs/self-hosting/kubernetes.mdx b/docs/self-hosting/kubernetes.mdx
index dd49cde9ae..f3a827701d 100644
--- a/docs/self-hosting/kubernetes.mdx
+++ b/docs/self-hosting/kubernetes.mdx
@@ -476,7 +476,7 @@ webapp:
 webapp:
   extraEnvVars:
     - name: WHITELISTED_EMAILS
-      value: "user1@company\\.com|user2@company\\.com"
+      value: "^(user1@company\\.com|user2@company\\.com)$"
 ```
 
 ## Version locking