Yeah it's a good practice but still needed for continuous access and recovery..
Thus, Genuine or not, email can still be accessed by the real owner and once doxed, could be dangerous beyond just  email  being hacked or phished, it could result to a means of getting malware onto a device as well (awareness regarding this risk is also important).