3) Realize that undervalidation of input can create opportunities to introduce backdoors into your system.
4) Realize that the added benefit of supporting weird formats are not worth the time to verify that it actually works.
As someone who works on an email client, I can absolutely tell you that using IP address literals and quoted localparts are more trouble than its worth. Chances are, the libraries you use can't handle them anyways. And if you don't try to support quoted localparts, than normalization is a lot easier. (Although I was once locked out of a system because I signed up with an email address that used capitals and the login form changed to lowercase it without changing the database storage, which meant no form I could spell it would cause it to match).
4) Realize that the added benefit of supporting weird formats are not worth the time to verify that it actually works.
As someone who works on an email client, I can absolutely tell you that using IP address literals and quoted localparts are more trouble than its worth. Chances are, the libraries you use can't handle them anyways. And if you don't try to support quoted localparts, than normalization is a lot easier. (Although I was once locked out of a system because I signed up with an email address that used capitals and the login form changed to lowercase it without changing the database storage, which meant no form I could spell it would cause it to match).