I reverted my change here and instead introduced this new awesome default.
https://github.com/discourse/discourse/commit/cbceadf48b60b29fb710586e2b03bde4c5fe0883
This means that if evil.person+77@gmail.com
gets blocked we will go ahead and block evilperson@gmail.com
instead.
Then when e.v.i.l.person@gmail.com
tries to sneak in they will be blocked due to canonical matching.
This entirely solves the OP here, and is a very clean and safe change all Discourse instances can benefit from.
Going to close this off as complete in a week.