I don't know how many "rows" will be in each string that you get. If it's more than a couple hundred, Adi's good code is going to get real slow. If it's more than that, it will eventually fail because you can only have a certain number of SELECTs per query. Adi's code is also subject to SQL Injection attacks.

You can make his code a little faster and a lot safer if you make the small changes that I've included below to the one section of code that it represents.

select @MyString = 'SELECT ''' +replace(replace(@MyString,'|',''','''),'

',''' union ALL select

''') + ''''

WHERE @MyString NOT LIKE '%[^-a-zA-Z0-9@|.'+CHAR(10)+CHAR(13)+']%'

I agree with Adi... this is a job better done by BULK INSERT or BCP. BCP won't have the same server-to-server trust problems as BULK INSERT so that may be the way to go here.

If even that is not allowed, then a well written CLR would serve you better than any manifestation of the DelimitedSplit8K function or Adi's good code.