Right now with email+password, it is possible to sign up multiple times using different variations of the same functional email address.
For example, you can create one user with test@test.com, and another one with te.st@test.com, and both emails will reference the same actual functional email address, test@test.com
This opens up for a whole variety of exploits and phishing attacks.
So my question is, how can we prevent multiple signups with the same normalized email address?