It's a requirement of Govroam to avoid sending inappropriate authentication requests to the NRPS. There are a number of ways a request could have badly formatted realms (missing realm, '..', '@@', etc.).

One way is to put a regex into the proxy policy to the NRPS '^[^@]*@([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}$'. This only allows correctly formatted realms to be proxied.