I've done this for b2b apps and its a real pain when a user leaves a client company an someone else is using the old deactivated email address as a login and purposely not changing it to avoid getting email from us.
We end up with password-reset email that bounces and support calls to fix things.
