"We can't catch all typos, so we won't catch any" is a silly approach to form validation.

I can't check that 123-45-6789 is a valid Social Security Number, but I can still reject "FARTS".

The same is true for "foo@gmailcom" for a public-internet facing contact us form.

Why not reject invalid top level domains then? This is going to catch a vastly larger amount of typos (including foo@gmailcom) without eliminating any valid emails.

Now you're maintaining an ever-changing external list for which there's no official API.

Yes, but at least it provides some actual value to the user. Alternatively I guess you could look up the mx record?