The default setting for ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS is True. This means the default configuration of allauth is effectively happy to send spam reset emails to arbitrary email addresses.

I suggest this default is changed to False.

But, if I signup using your email address, the system will happily spam you as well. So, changing the default does not prevent spamming yet does break backwards compatibility.