URL encoded email addresses

[mlt47]

SELECT email FROM users WHERE email LIKE '%\%%';
Returns ~12 users where the @ symbol in the email address has been replaced with a %40.
If they then verify their email address, a new account is created for them with @ in their email, which causes some confusion.
How are the users creating these emails with %40 instead of '@'? Copy and paste? Are we URL escaping somewhere where we shouldn't be?

We also need to decide if we want to change those users' emails. They could have the %40 email stored in the browser and so our "correction" will mean that they can't sign in (until they change their signing-in email to use @).