https://github.com/nostr-protocol/nips/blob/master/05.md explains a lot of things.

Apart from the fact that the specific case is formally invalid, since it is not an address (user@domain.com), to check whether a NIP-05 is valid, it is necessary to retrieve some data from an endpoint and check whether the npub matches.

Nostr applications do not suffer in any way from an invalid NIP-05; it should be considered by the user as a red flag since it is often (but not always) related to impersonation.