As someone working to launch an app, this isn't something that I was terribly concerned with handling before launch, but I now have a question.

Is the best way to handle this to allow the '+' symbol in email addresses, but verify that the underlying email address hasn't already been registered so that one email address still can't create multiple accounts?

So if you sign up with covercash+123@gmail.com, should I check the prefix ("covercash") with the domain ("gmail.com") and make sure there aren't any matches already registered like covercash@gmail.com or covercash+111@gmail.com?

No. That is super hostile to your users, and besides the use of + as recipient delimiter is a convention, not a standardised behaviour.

You will get false positives, and you will get irate users, often rejecting perhaps some of your most promising early adopters.

See also: case sensitivity in the left-hand part of an address.

>so that one email address still can't create multiple accounts?

You can not do that. You have no way of knowing how my mail server handles username portions of the address. Maybe bob+123@ is the same account as bob@, maybe it isn't. It is entirely up to the mail server to decide what it wants to do with it. And likewise, you have no way to know any other username portions are not the same account. I can set my email server up to use "x" as a delimiter, and make bobx1 and bobx2 both go to bob if that's what I want.

You should just treat them as two different email addresses. On some providers this is in fact what they are, and there is no real point in doing otherwise because anybody who wants to create multiple accounts in that way could just create multiple email addresses instead.