What (little) you can do about it.
For the record, those happen to me constantly.
I have theories about why it happens to most folks, and I have additional theories about why my situation might be . . . special.
I’ll share what I do so you can do the same.
Become a Patron of Ask Leo! and go ad-free!
Unexpected recovery requests
People sometimes enter your email address as their recovery or account address — usually by mistake. Sometimes it can be laziness or an attempt to annoy. There’s little that can be done about it, and fortunately, there’s no adverse impact on you. Ignore any messages related to it, or, if there’s an option to indicate that it’s not you, use that.
Reason #1: typos
I’m pretty convinced that the single biggest reason you and I get these account recovery emails for accounts that aren’t ours is that the actual account holder entered our email address as the recovery email by mistake. For example, if someone is attempting to enter “firstname.lastname@example.org”, but types “email@example.com” by mistake, then if you’re Johan, you’ll be on the hook for those recovery emails.
I’m honestly shocked at how often people type their own email addresses incorrectly. If you’ve ever seen those forms where you have to type it in twice, this is why.
Any typo someone makes resulting in your email address being entered instead of what they intended will cause this.
I think it happens often.
Reason #2: avoidance
I theorize this scenario happens when a young person is creating an online account requiring an email address. They don’t have an email address, don’t want an email address, or don’t want to take the time to create an email address, so they enter one at random just to satisfy the sign-up process.
If the one they enter at random happens to be yours, you’ll get whatever notices are sent to it. Of course, when the person who created the account tries to recover it, you get the notices.
I think this happens most often to those who have “simple” email addresses — like firstname.lastname@example.org.
Reason #3: mischief
This is where I’m “special”. Because I have a few publicly posted email addresses, I find that individuals like to try to sign me up for stuff1 or set me up as their recovery address.
Interestingly, I’ve also seen individuals — again, most likely kids — try to sign up for some online service using one of my email addresses. I’m not sure what they expect. I do know that when they lose their password and try to recover their account, it’s not going to work because I won’t act on the confirmation emails sent to my address.
What to do about it
There are two approaches to dealing with it all.
The first is simply to ignore it all. Literally — just delete the email messages relating to the misuse of your address and get on with your life. Mark them as spam, if you like. (I tend not to, unless they get repeatedly annoying, or are from sources I honestly consider to be spammers. DON’T mark as spam any notices from services you actually use, however, to ensure you get legitimate emails you might need in the future.)
If the actual account holder has difficulty regaining access to their account, that’s on them for not properly specifying an email address in their control when they set up the account.
No harm will come to you for simply ignoring email messages you’re not responsible for.
Occasionally, the email message requesting your action will include a link along the lines of “Not your account?” or similar. Clicking on that link will disassociate your email address from whatever account it was mistakenly associated with. Hopefully, it’ll also tell the account holder of their mistake.
There’s no prevention
There’s absolutely nothing preventing someone from entering your email address or mine into a form for account recovery, newsletter subscriptions, product orders or anything else. There’s no liability on our part; it’s just an annoyance when it happens.
This is why most services and email subscriptions have you confirm your email address before they accept it as valid. Ignore those you didn’t ask for, and you shouldn’t be bothered again.
Unfortunately, not all services take this extra confirmation step. Nonetheless, there’s nothing you can really do about it other than ignore, delete, or spam the messages that result.
Footnotes & References
1: You can imagine the “stuff”.