There are several flaws in the way that PlayFab handles email addresses which together create a frustratingly outdated system:
Account email addresses are not confirmed. This allows players to use a fake email address, use someone else's email address, and/or easily register numerous accounts.
Players cannot change their account email address. The Game Manager lets us change an account's email address, meaning this is technically feasible, but there's no API for it. The only way we can allow players to change their email addresses is to ask them to email us, which creates a major customer service burden.
Account recovery emails are only sent to the account email address, not the contact email address. This is a particularly big problem when combined with the previous two problems.
An account that is created with just a username cannot add an account email address for password recovery later.
Competing backend services already support account verification emails and allow users to change their own email address. For example, Google Firebase has supported these features for at least 6 years.
Some of the many problems that can occur with the current limitations of PlayFab:
A player tries to register and finds out that someone else has already registered with the same email address
A player creates an account with a fake email address, then later decides they want to change to their real email address, but can't
A player attempts to create an account with their real email address, but makes a typo
A player creates an account with a real email address, but later stops using or loses access to this address
It's a major hassle for us as game developers to explain these bizarre limitations to players.