Nah, NIP-05 works fine, but the user has to know what the NIP-05 SHOULD be before they can verify the correct account.
My NIP-05 is [email protected], but any rando could go out and register nostrrplebs.com and create their own NIP-05s to impersonate anyone currently registered with nostrplebs.com
Anyone who isn't paying attention and just sees the check mark might be duped.