Edit: doesn't mean everyone will use it though! But guess the plus sign in addresses would be more "email" than just email.
So as long as you, the user and owner of an address, know that your domain supports/not supports it, you can use it.
I don't understand who would have to add any allow/blocklists?
I know someone who constantly complained that web site X or company Y are stupid, because they don't follow the RFCs, don't know the syntax of mail addresses, because mail validation in web forms often rejected anything with a plus sign.
The correct answer would have been "don't do it then" or maybe "how about configuring your Exim so that instead of '+' you're using '-' as a separator, but I suppose the complaining was a big part of the fun.
There's also a generational memory issue here, and I'm not aware of any C.S./C.E. programs that cover RFCs as part of the core curriculum.
(viz. not a gmail-specific feature)