Sorry, I am unfamiliar with this terminology. Is this some sort of Neo Nazi rune? 

 Ok, I wasn't sure if this was the real Guardian or not. But this seems like concrete proof and confirmation.

We made it 

nostr:nevent1qqsfw542aqqg4lpmzeswe5peedhe3z9pvrqn5vydklrlyy2dpydnjhqpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygx04064wm3xgal6dxhtcmtnm7ts87vcrlj84ykj0fn4cmtjptw5j5psgqqqqqqscazg33 

 https://github.com/nostr-protocol/nips/blob/master/05.md

But clearly this account isn't legit. Prove me wrong. 

 Love it. Troll-Bro-Fist! 

Followed.

Needs more spelling mistakes, for authenticity. 

 NIP-05 doesn't prove an account is "legit", nor was it ever meant to.
It's not intended as a form of verification and it's a shame clients may imply that it is.

Please, see this: https://hedgedoc.semisol.dev/ciXY6QE-Tx6CQZowDwcK4A
Or this: nostr:naddr1qvzqqqr4gupzq5455pmtewaacws6a73hxkqkea6fjwcm3keq9vqu3q7930nl4k9aqyghwumn8ghj7mn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qqfxu6tsxq6j66tn94hx7apdwejhy6txpdekay

Anyone can buy a domain name, therefore anyone can get a NIP-05 identifier.
Just setting up a NIP-05 identifier does not prove an account is "legit".

Setting up, specifically, an identity associated with a domain name which is known to be legit may prove it, however, as long as the user actually verifies the domain (rather than relying on the useless and misleading "verified" sign that some clients may display).

See, also: nostr:nevent1qvzqqqqqqypzprhy9yxf3vst9xv38zej9arxagsvw4sg7452k570z9yjh7djapyuqqs92h746wgvk95ymf08xf4eph897g64262pen5js7zmwj3r8pz43qcvpfnrj 

 If they had a NIP5 at the guardian domain, it would verify the Guardian owned or sanctioned this account.  

 Yes, I agree.
For that purpose, referencing the Nostr public key in any reputable place (such as their website or a well-known social media account) would also do.