Intuition about (potentially) sending multiple password reset emails

[Julian Gindi]

I'm working with Django's built-in password reset capabilities, and noticed this curious line...

https://github.com/django/django/blob/master/django/contrib/auth/forms.py#L231

can someone explain the intuition behind this line? It seems weird to potentially send multiple password reset emails. Is this expected behavior? 

[Karen Tracey]

The password reset form asks for an email address, not username. (This is assuming default Django User model.) The email address may be associated with more than a single User on the system -- there is no requirement (by default) that the user email address be unique. So a password reset email is generated for each matching user, and the information presented in each email includes the specific username for which the reset link applies.

Karen