NIP-05 isn't verification at all. It's an identity. If you read the spec, it doesn't mention verification at all, it only mentions identity. The issue here is that clients started using check marks and to users, check marks mean verified. Then, after a while, everyone started to treat NIP-05 as being verified. That's not the case though. All that is being verified is that a pubkey is tied to an identity on a specific domain. It's not a verification of anything beyond that. It's an identity, like an unique email address.
Discussion
#[2]
I think of it as ‘proof of $2’ and a deterrent for bots running rampant. Is this an unreasonable take?
I wouldn't agree there. NIP-05 identifying yourself is free if you have an existing domain. Spammers already utilize domains for spamming and phishing. It would just take 2 seconds to NIP-05 ID all of their bots.
That's correct, but it's also trivial for you to ban the whole domain, so it's a bit of an improvement over naked pubkeys.
ooof! is there a benefit to NIP-05 then?
It's a human readable format for your public key so that you can easily be found, identified, and not mistaken for Jorj@anotherdomain.com.
It's readable for users and a domain can decide to use it as verification.
Also, you can tie multiple NIP-5 to your pubkey and still be found in the search.
Some of the nostrpurple profiles show off their own domain as default in profile.