Kratos should not send recovery emails to non-existing accounts

I was debugging stackspin#1259 (closed) with @xeruf and noticed that Kratos sends out emails for non-registered email addresses:

Hi, you (or someone else) entered this email address when trying to recover access to an account. However, this email address is not on our database of registered users and therefore the attempt has failed. If this was you, check if you signed up using a different address. If this was not you, please ignore this email.

It shouldn't, just like other systems silently don't send emails for non-registered email addresses.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Kratos should not send recovery emails to non-existing accounts