My wife regularly has other people sign up for things using her email address (Her last name is more common than “pfaffman”). This includes schools and doctors. Sending mail to an address that has not been validated is irresponsible and should be illegal. Sending email to someone who isn’t willing to register for an account is a Really Bad Idea.
Maybe there could be a way for them to send an email to request the behavior (they probably don’t have their mailer configured to send from the wrong address) or otherwise validate the email address.