it will hard reject just based nip05 since legit user can change or have multiple legit NIP05
only if OPTIONAL user register npub somewhere 1st - nobody tampers that DB trust me bro type LOL
hence only way is KNOW LEGIT NPUB and follow/addlist - block rest impersonaitng NPUB - this is done user level - no spoon feeding service