Is /@/ really going to catch significantly less invalid emails than whatever other almost but not quite validation you can apply?

What's more common, someone accidentally typing "foo:ar@gmail.com" or "foonar@gmail.com"? Both would bounce and cause mails server issues.

If someone was being malicious, they can do it with an unregistered address that passes any validation you throw at it.