This is also true of other unescaped, illegal characters in the e-mail address. You can also fix this directly in the database if you need to. But it is very true the devs should give this some attention and sanitize the input and check for illegal characters.
(An interesting aside, on on LAMP server I tried to set a passphrase that ended with an ellipsis ... -- which the IMAP server interpreted as a full stop command -- so it would never accept the passphrase, even though it was typed correctly.)