diff --git a/routers/secure/user.go b/routers/secure/user.go
index 808761d06..fd9a773c3 100755
--- a/routers/secure/user.go
+++ b/routers/secure/user.go
@@ -7,6 +7,7 @@ package secure
 
 import (
 	"net/http"
+	"strings"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
@@ -75,6 +76,14 @@ func CreateUser(ctx *context.Context, form api.CreateUserOption) {
 		u.MustChangePassword = *form.MustChangePassword
 	}
 
+	if strings.Contains(form.Email, " ") {
+		log.Error("CreateUser failed: email(%s) contains blank space", form.Email, ctx.Data["MsgID"])
+		ctx.JSON(http.StatusBadRequest, map[string]string{
+			"error_msg": "Email contains blank space",
+		})
+		return
+	}
+
 	parseLoginSource(ctx, u, form.SourceID, form.LoginName)
 	if ctx.Written() {
 		return