The regular expression doesn't have the start and end of line anchors (^ and $). So it will still mask emails within a string. Just not necessarily the whole email:
grant create session, unlimited tablespace to u identified by u;
create table u.t (
email varchar2(320)
);
insert into u.t values ('hello_world@gmail.com');
insert into u.t values ('#$hello_world@gmail.com');
insert into u.t values ('fabio@disapproved.solutions');
commit;
BEGIN
DBMS_REDACT.add_policy(
object_schema => 'U',
object_name => 'T',
column_name => 'EMAIL',
policy_name => 'redact_email',
function_type => dbms_redact.regexp,
regexp_pattern => dbms_redact.re_pattern_email_address,
regexp_replace_string => dbms_redact.RE_REDACT_EMAIL_ENTIRE,
regexp_position => dbms_redact.re_beginning,
regexp_occurrence => dbms_redact.re_all,
expression => '1=1'
);
END;
/
conn u/u
select * from t;
EMAIL
xxxx@xxxxx.com
#$xxxx@xxxxx.com
xxxx@xxxxx.comtions
The problem comes if you're trying to use this to validate that a string only contains an email address. Which it doesn't do.