Hackers deliberately create strange circumstances, it's the primary way to find exploits. Any code that relies on a lack of strange circumstances is a time-bomb.
There aren't too many strange circumstances for a properly written split/test routine. Described more precisely:—
1. Split on @
2. Get last string from array
3. Convert to lowercase
4. Perform exact string compare against target domain
It's possible that there's some window for obscure unicode hijinks, but I'd posit that a regexp parser or a "proper" email parsing library is just as at-risk. Possibly more so as those would be significantly more complicated and involve significantly more code.
