The SSPR registration process allows you to specify an email address. But that email is not verified. During password reset a code is sent to the email. But what if the user entered the wrong email during the registration?
Shouldn't there be an email verification process built into the registration workflow? At least ask the user to enter the email twice so that it matches?