What about the security implications? You should validate input to check it isn't malicious.
Also, no one has mentioned using DNS. For example, extract stuff before and after the @. Check the ___domain looks like one and does it have an MX record? Is the local name malicious? Send activation email. Large services should use some machine learning for common mistakes and warn the user. (grandma@aol may be one common error.)
Also, no one has mentioned using DNS. For example, extract stuff before and after the @. Check the ___domain looks like one and does it have an MX record? Is the local name malicious? Send activation email. Large services should use some machine learning for common mistakes and warn the user. (grandma@aol may be one common error.)