Wow. This is pretty scary.
There’s really no way to stop someone from registering a misspelled domain name and capturing emails. The big takeaway from this research is that if you must send sensitive information over email:
1) Proofread your recipient list.
2) Use encryption!
I’m surprised that the original paper does not mention encryption as a mitigation strategy. The suggestions they do give are good ideas (register the domains yourself, configure DNS and mail servers to ignore these types of domains, etc.), but encrypting important things like passwords and network diagrams should be implemented as well.
If I accidentally sent an important email to email@example.com, the person receiving the message at ‘microsfot.com’* would get a jumbled mess if I encrypted it with bgates’ public key.
*Microsoft already owns most of these misspelled domains.