Using email addresses as ‘permanent’ identifiers for user accounts can lead to problems. Firstly, email addresses can change, even within the same organization, due to a variety of reasons. It is unreasonable and potentially legally unsustainable for organizations to refuse to update email addresses. Secondly, there is no guarantee that email addresses won’t be reused or reassigned, especially if someone influential desires a specific address. It is preferable to use a unique and meaningless internal identifier for user accounts, even if email addresses are necessary for account recovery. Additionally, reading too much into email addresses can also pose security risks.
https://utcc.utoronto.ca/~cks/space/blog/tech/EmailAddressesBadPermanentIDs