I changed the email in the forum to ‘email+something@gmail.com’, and I tested with Incognito on a different browser. Still got through. Perhaps because the request is always made with just the from username, and never with the actual email address.
For right now all of the fake requests have stopped since Dan must have addressed the issue either in private with the individual or by some other means.
If you had a security question option (to be activated at the user level) I’m sure that would cut down on all requests as the troll simply wouldn’t know the answer. “What is your favorite movie?” or “Favorite Restaurant”.
Thank you all for your quick responses in trying to solve this issue, which sadly sounds like the first, and hopefully will be the last.